Last updated: 2024-12-18
I learned a little about GFW (Great Firewall of China) after Myanmar internet service providers installed the GFW liked firewalls and censored some websites and VPNs. Along with learning a little about the GFW, I also learned a little about internet freedom and internet censorship circumvention tools. There are many methods to bypass internet censorship. This repo is focusd on a short notes of what I experienced while building personal vpn platform to bypass internet censorship in Myanmar.
I divide this note into three parts as follows:
- 12 months free tier available for new customers
- 1 x t2.micro instance per month in free tier
- Free 1 GB data traffic monthly to internet (1.0 GB are always free per month as part of AWS Free Usage Tier), see more ec2 data traffic pricing
- 1 vCPUs, 1 GB RAM and 30GB SSD
- Suport account registration from Myanmar
- Support VISA, Mastercard and JCB debit or credit cards issued by Myanmar's Banks (Note: it doesn't support Prepaid Cards.)
- AWS EC2 Website Link
- Free $200 credit for 12 months for new customers
- Free 100 GB data traffic monthly to internet, see more Azure data traffice bandwidth pricing
- Azure account registration is currently not supported for Myanmar region, but VISA credit cards issued by Myanmar's Banks can be used. (Ask your friends who are in a Microsoft Azure supported country to help you sign up)
- Microsoft Azure Website Link
I choose VPN and Proxy tools base on the followings:
- Being free and open-source
- Long-term resistance and better bypass of GFW and other Internet filters
- Having a client app for Android, iOS, Windows, macOS and Linux platforms
- Having good speed test results
Xray is completely similar to V2Ray, and Xray is the core module of Project X.
Since rprx, the author of Xray and XTLS, was once an important member of the V2fly community, Xray directly forked all V2Ray functions, optimized performance, added new functions, and created the original VLESS and XTLS protocols, making Xray a superset of V2Ray in terms of functionality and fully compatible with V2Ray.
In short, Xray is a branch of V2Ray and Xray is a superset of V2Ray.
Xray XTLS protocol aims to enhance communication efficiency and allows Xray to work at a faster speed.
XTLS, one of Xray’s key features, is an improvement over V2Ray’s WS TLS protocol which is less optimized for communication over the internet.
Xray also features a powerful routing system that is highly customizable.
Learn more about Xray on Project X Official Website.
- Install Xray Core on Debian/Ubuntu
- Hiddify Manager Setup - (Xray Core + User Management Admin Web Panel - My Preferred Method)
- Marzban Web Panel Setup - (Xray Core + User Management Admin Web Panel)
- Hiddify - Download from Play Store / GitHub repo (My Preferred Andorid App)
- v2rayNG - Download from Play Store / GitHub repo
- Hiddify - Download from App Store (Note: Free, Open-source - My Preferred iOS App)
- FoXray - Download from App Store (Note: Free, not open-source)
- V2Box - Download from App Store (Note: Free, not open-source, contains Ads)
- Streisand - Download from App Store (Note: Free, not open-source, contains Ads)
- Hiddify - Download form Microsoft Store / GitHub repo (My Preferred Windows App)
- v2rayN - Download from GitHub release
- Qv2ray - Download from GitHub release (Note: Only a few procols are supported)
- Furious - Download from GitHub release (Note: Not tested)
- Hiddify - Download from GitHub release (Note: Not tested)
- V2RayXS - Download from GitHub release (Note: Not tested)
- Furious - Download from GitHub release (Note: Not tested)
- Qv2ray - Download from GitHub release (Note: Not tested)
- FoXray - Download from App Store (Note: Not tested)
- Hiddify - Download from GitHub release (Note: Not tested)
- v2rayA - Download from GitHub release - (Note: Not tested)
- nekoray - Download from GitHub release - (Note: Not tested)
- Furious - Download from GitHub release (Note: Not tested)
- VLESS (with REALITY security)
Amnezia VPN is a free and open-source application that allows users to create a personal VPN using their own server.
Amnezia VPN is a project by Internet activists from Russia, who are searching for solutions to resist state censorship.
Amnezia introduced its own AmneziaWG protocol, a latest addition, which is an improved version of a popular WireGuard protocol and was designed to be used in the world’s harshest internet climates.
Learn more about Amnezia - Official Website
- AmneziaWG
SoftEther VPN is free open-source, cross-platform, multi-protocol VPN client and VPN server software, developed as part of Daiyuu Nobori's master's thesis research at the University of Tsukuba.
VPN protocols such as SSL-VPN (HTTPS), L2TP/IPsec, OpenVPN, and Microsoft Secure Socket Tunneling Protocol are provided in a single VPN server. Among those protocols, SoftEther's SSL-VPN (HTTPS) is currently resistant to GFW's filters (Tested with MPT FTTH, ATOM FTTH).
Learn more about SoftEther on SoftEther Official Website
Note: I recommend SoftEther for Windows users with SSL-VPN (HTTPS) connection only.
Setup SoftEther VPN Server on Debian/Ubuntu
- SSL-VPN (HTTPS) connection
It is an alternative to V2Ray and Xray and it can be used with various V2Ray/Xray clients.
Sing-box is designed to focus on performance, lightweight design, usability, modularity, and code quality.
In addition to supporting shadowsocks, trojan, vmess, vless and socks protocols, it also supports newer protocols like ShadowTLS, Hysteria, and NaiveProxy.
For transport, it can be used with V2Ray transport options such as TCP, WebSocket, QUIC, and gRPC.
Learn more sing-box on Sing-box Official Website
As the core part of Project V, V2Ray is a tool that provides a secure platform for making private networks.
V2Ray was developed in 2015 as an alternative to Shadowsocks.
V2Ray is a powerful proxy platform that supports a variety of protocols, among them, only the VMess protocol is an exclusive encrypted commnunication protocol originally created by the V2Ray community.
V2Ray currently supports Blackhole, Dodkodemo-door, Freedom, HTTP, MTProto, Shadowsocks, Socks and VMess protocols.
As of December 2019, V2Ray's optional transport layer configurations are: TCP, mKCP, WebSocket, HTTP/2, DomainSocket, QUIC. Among them, mKCP, QUIC and TCP are used to optimize network quality, WebSocket is used for camouflage, HTTP/2 and DomainSocket are used for transmission and TLS encryption.
Learn more about V2Ray on Project V Official Website
-
OpenVPN (Don't use it) - Most traffic analysis systems and GFW can easily recognize OpenVPN protocol and will block it.
-
Outline VPN (Not Recommended) - Outline vpn server uses Shadowsocks protocol. I tried Outline vpn with MPT FTTH, it got blocked after a few hours of use.
VMess is a encrypted transmission protocol dedicated to V2Ray.
VMess is a TCP-based protocol, and all data is transmitted using TCP.
VMess is a stateless protocol, which means that data can be transmitted directly between the client and the server without the need for a handshake. Each data transmission has no impact on other data transmissions before or after it.
When a VMess client initiates a request, the server checks whether the request comes from a legitimate client. If the validation passes, the server forwards the request and sends the obtained response back to the client.
VMess uses an asymmetric format, meaning that the requests sent by the client and the responses from the server use different formats.
It is divided into inbound and outbound parts, and usually used as a bridge between th V2Ray client and the server.
Because of the added obfuscation and encryption, it is said to be safer than Shadowsocks and more difficult for censors to detect VPN activity as it seems like regular Internet traffic.
VLESS is the newest protocol of V2Ray and the main difference between VLESS and VMess is that VLESS uses a simplified handshake process to reduce resource usage and increase performance. So it is lightweight and efficient.
It can operate faster and use less CPU power than other protocols.
Currently, VLESS does not have built-in encryption, please use it on a reliable channel, such as TLS or REALITY.
Trojan is a proxy server, client and protocol, designed to bypass the Great Firewall of China by imitating HTTPS. Trojan claims to be unidentifiable.
You can think of Trojan as a simplified version of V2Ray's "WS+TLS" mode, which is faster than V2Ray, more realistic than V2Ray in camouflage, and more difficult to be identified by GFW.
When a trojan client connects to a server, it first performs a real TLS handshake. If the handshake succeeds, all subsequent traffic will be protected by TLS; otherwise, the server will close the connection immediately as any HTTPS server would.
Trojan now also supports nginx-like response to plain HTTP requests.
Trojan is designed to operate in correctly configured TLS connections, as it does not provide encryption on its own.
Compared with the original Trojan, Trojan-Go has some more features, such as multiplexing (smux) to reduce latency, improve concurrent performance, CDN traffic transfer, etc.
Under normal circumstances, the clients of Trojan and Trojan-Go are universal, and the client of Trojan can be used for the connection of Trojan-Go.
However, the original Trojan does not support some multiplexing and other functions. If you need to use these functions, you need to use it with a special Trojan-Go client.
Shadowsocks is one of the first protocols developped in China specifically to bypass the GFW.
The shadowsocks protocol is very similar to SOCKS5 but encrypted and simpler.
It was created in 2012 by a Chinese programmer named "clowwindy", and it's original developper was forced to stop his/her work on the project due to outside pressure. Work on the protocol continues on till this day via various forks on the original project.
Currently, Burmese operators already have the technology to detect Shadowscocks traffics using Chinese's GFW.
AmneziaWG is built upon the foundation set by WireGuard®, retaining its simplified architecture and high-performance capabilities across devices.
While WireGuard® is known for its efficiency, it had issues with being easily detected due to its distinct packet signatures. AmneziaWG solves this problem by using better obfuscation methods, making its traffic blend in with regular internet traffic. This means that AmneziaWG keeps the fast performance of the original while adding an extra layer of stealth, making it a great choice for those wanting a fast and discreet VPN connection.
The following protocols are not recommended to use. Most traffic analysis systems including GFW can easily recognize them.
- IKEv2
- LTTP/IPSec
- SSTP
- WireGuard
- OpenVPN