/ROOT/NODES/POSTS/2026/01/24

Internet Science Popularization Series - What is a protocol? How to set up a node with an encryption protocol?

STAMP: 2026-01-24 // UID: 1256fa16 // AUTH: VERIFIED
Premium Promo Premium Promo Premium Promo Premium Promo

We need to clarify a concept first: the tools we commonly use now (such as Shadowsocks, V2Ray, Sing-box) are technically classified more as "proxies" rather than traditional "VPNs," but for ease of understanding, they will be collectively referred to as circumvention protocols below.

I. Common Circumvention Protocols and Their Working Principles

Traditional VPN protocols (such as L2TP, PPTP, OpenVPN) have very distinct characteristics and are easily identified and blocked by firewalls (GFW). Therefore, current circumvention protocols mainly focus on "obfuscation."

  1. Shadowsocks (SS/SS-Rust):
  2. Principle: The most classic protocol. It uses symmetric encryption on the traffic, making the data packets look like meaningless gibberish.

  3. Current Status: Native SS is easily detected by "active probing" (the GFW simulates a client sending packets to the server to see if the response matches SS characteristics), so it is now often used with AEAD encryption or as a basic tunnel.

  4. VMess / VLESS (V2Ray/Xray):

  5. Principle: A protocol developed by the V2Ray platform. VLESS is currently the most mainstream protocol; it does not encrypt itself and must be used with TLS (the same encryption layer as banking websites).

  6. Features: Extremely flexible, can be disguised as normal web traffic.

  7. Trojan:

  8. Principle: Mimics the most common HTTPS protocol. It disguises the proxy traffic as ordinary website visits. If someone tries to probe it, it will display a real webpage.

  9. Hysteria2 / Tuic (based on UDP):

  10. Principle: Traditional protocols are mostly based on TCP. These protocols are based on QUIC (UDP).

  11. Features: Aggressive and fast. In poor network environments (high packet loss), the speed far exceeds other protocols, but it is easily throttled by internet service providers (ISPs).

  12. Reality (Currently the most recommended):

  13. Principle: This is a new technology developed by the Xray team. It directly borrows the TLS fingerprints and certificates of real, well-known websites like www.microsoft.com, making the GFW believe you are actually visiting Microsoft. This is currently the most covert technology.

II. How do they bypass the Great Firewall (GFW)?

The GFW primarily intercepts traffic through the following methods, and the protocols specifically address these:

  1. Blocking IP/Ports: If the GFW detects abnormal traffic from a certain IP address that matches proxy characteristics, it directly blocks it.
  2. Bypass: Use a CDN (such as Cloudflare) or dynamic IP addresses, or use strong obfuscation to make the traffic appear like normal internet traffic.
  3. Deep Packet Inspection (DPI): The GFW analyzes the content of data packets, searching for characteristic patterns.
  4. Bypass: Strong encryption (obfuscation) or complete disguise (transforming into standard HTTPS or using certificates from well-known websites).
  5. Active Probing: The GFW sends specific signals like a police officer checking for suspicious activity.
  6. Bypass: Reality technology can achieve "no entry without invitation." If it's not your client connecting, the server will behave exactly like the legitimate website being impersonated.

III. What can you do after bypassing the GFW?

  1. Academic Research: Access Google Scholar, GitHub, IEEE, etc.
  2. Streaming Media: Watch YouTube, Netflix, Disney+, Twitch.
  3. Social Networks: Use Telegram, X (Twitter), Instagram, Facebook.
  4. Generative AI: Interact with ChatGPT, Claude, Gemini.
  5. Developer Needs: Download development packages, access Docker Hub, etc.

IV. Important Notes (Must Read)

  1. Compliance: In mainland China, establishing and using illegal channels for international internet access without the approval of the telecommunications authorities is a violation of regulations. Please only use this technology for academic research and personal learning.
  2. Privacy: Avoid using "free VPNs." Many free tools record your access logs and even sell your personal information.
  3. Payment Security: When purchasing overseas VPS, try to choose reputable vendors that support Alipay or cryptocurrency.
  4. Do Not Cross the Red Line: After bypassing the GFW, do not post politically sensitive remarks or participate in illegal activities on the internet. ---

V. Setup Tutorial (Using Yongge's Sing-box Script as an Example)

Sing-box is considered the next-generation all-in-one network tool (a strong competitor to V2Ray/Xray). Yongge's script is known for its simplicity and comprehensive features.

1. Preparation

  • An overseas VPS: Recommended providers: BandwagonHost, Aiyun, or mainstream providers like Oracle, BandwagonHost, RackNerd, etc. The recommended operating system is Ubuntu 20.04+ or Debian 11+.
  • An SSH connection tool: For Windows, FinalShell or Termius are recommended; Mac users can use the terminal directly.

2. Connecting to the VPS

Open your SSH tool and enter your server IP address, username (root), and password to connect.

3. Executing Yongge's Sing-box Script

Enter the following command in the terminal (copy and paste directly):

bash <(wget -qO- https://raw.githubusercontent.com/yonggekkk/sing-box-yg/main/sb.sh)

(Note: If you receive a "wget ​​not found" error, first run apt install wget -y)

4. Script Operation Process

After running the script, a Chinese menu will appear: 1. Install the core: Select 1 to install the Sing-box main program. 2. Select the protocol: * If you are a beginner and don't have a domain name, VLESS-Reality is strongly recommended. * Follow the prompts; you can press Enter for the default port (usually 443). * For the SNI target website, you can choose www.microsoft.com or www.lovelive-anime.jp. 3. Generate configuration: After installation, the script will directly display a QR code and a URL sharing link starting with vless://.

5. Connecting and Using

  • Computer (Windows/macOS): Download v2rayN (Windows) or v2rayU / v2ray-core. * Directly copy the vless:// link provided by the script and click "Import from clipboard" in the software.
  • Select the server and set it to "Automatically configure system proxy".
  • Mobile Devices:
  • Android: Use v2rayNG or Nekobox.
  • iOS: Use Shadowrocket (requires an overseas Apple ID for purchase) or Stash.
  • Simply scan the QR code to use.

6. Verification

Open your browser and visit www.youtube.com. If it opens, you have successfully connected.

Summary

Currently, the most stable combination for bypassing censorship is: Mainstream overseas VPS + Sing-box/Xray + Reality protocol. This method maximizes the simulation of normal traffic, reducing the risk of connection interruptions or IP blocking. Always remember that technology should serve the purpose of acquiring knowledge and improving productivity.

# SOURCE_NODE:
# LICENSE: CC-BY-NC-SA-4.0
// EOF_SIGNAL_RECEIVED