VPN providers were cracked down, open source anti-censorship tools were eliminated. This is what’s happening in China and has become even more severe than ever. Shadowsocks alone is no longer reliable due to more powerful deep packet inspection implemented at the GFW.
I am now replacing shadowsocks on my gateway with obfuscated SSH tunnel, based on Tor‘s obfsproxy. To the impatient ones, I will first give a concise summary of the necessary steps of my set up. You can follow it without drilling down the details. I will explain in more details later. But please note that you have to follow the other instructions in this blog post to complete the whole set up.
Quick Set up
On your server
Assume your server runs Debian 8 (jessie) or Ubuntu, and its IP is 1.2.3.4
, run these commands:
1 2 3 |
$ sudo apt-get install obfsproxy $ mkdir /tmp/obfsproxy-temp $ obfsproxy --data-dir=/tmp/obfsproxy-temp scramblesuit --password=QWLY42YHB75J3B57XOKYNNFJPOQ7APHL --dest=127.0.0.1:22 server 0.0.0.0:7700 |
On Raspberry Pi gateway
1 2 |
$ sudo apt-get install python-dev $ sudo pip install obfsproxy |
Edit ~/.ssh/config
:
1 2 |
Host 1.2.3.4 ProxyCommand nc -X 5 -x 127.0.0.1:3333 %h 7700 |
Run these commands:
1 2 |
$ obfsproxy --log-file=obfsproxy.log --log-min-severity=info scramblesuit --password=QWLY42YHB75J3B57XOKYNNFJPOQ7APHL socks 127.0.0.1:3333 $ ssh user@1.2.3.4 -N -D 1080 |