[hipaulshi]

SSH dynamic port forwarding is no longer working for years. It is so easily picked up by GFW and minutes later it is gone together with the whole SSH connection. So does PPTP and L2TP VPN. GFW has been upgraded so many times for the past few years. The target audience is developers. The install is super simple via one line of `pip install`, the start code for daemon is also one line with the configuration inline or through <10 lines of json. On the client side the author and other contributors developed native clients that allow connection by supplying just 1 password and 1 server address. Super simple and highly reliable to this day.

[verroq]

So looking at the code for the Go implementation, it appears to be just a stream cipher encrypted version of SOCKS5 [1,2].

1. https://github.com/shadowsocks/shadowsocks-go/blob/master/sh...

2. https://github.com/shadowsocks/shadowsocks-go/blob/master/cm...

(Not the best code, a couple of race conditions in there)

[hipaulshi]

@olalonde GFW is known to tighten the control on national holidays or any event they see fit. The day after Tianjin explosion, IKEV2 stopped working for 1 day on my network (I was in Beijing). PPTP from time to time suffer the same issue though I couldn't say when. Also check your ip location, I found out one provider was having reliable PPTP connection about a week ago, and it turned out they were just relaying traffic in a data center in China. Those traffic are not blocked by GFW as long as it is domestic and I could only imagine that data center simply forwarded the traffic onward using other means.

[hurin]

Why not just wrap all your SSH packets as HTTPS?

[PeterisP]

I believe that the traffic patterns (up/down request amount and timing) will still look sufficiently different from a 'normal' https connection to be detected and cut off within an hour.

[verroq]

This I wonder as well. stunnel + openvpn used to work. Not sure if it still does.