What I understand is that they are using machine learning techniques to detect access patterns. Even if they don't understand the bytes because it is encrypted, they can match the sizes and timing of packets. So if the tunnel over SSH technique is common, and they detect a SSH connection that behaves in a specific way, for example because of fixed-size handshake packets, they can guess it is tunneling a VPN.
When I was in China I would use my own VPN using ec2 and the now defunct Streisand (which uses stunnel). First few requests were always fast but as you use more bandwidth your requests would start to slow down considerably.
Oddly a foreign sim gets uncensored internet, so that's what I've recommended to travelers, but haven't been back since COVID so that might be outdated info.
do you mean, xray to a vps and install mullvad on that vps? Tried that, but as soon as I install mullvad on a vps, I'm no longer able to ssh into it. Gave up, too complex.
