This article is a reprint, a very comprehensive airport usage popular science document. However, since the author does not want to specify the source, this article will not mention it; but thanks to the author's careful efforts.
An Irresponsible Boarding Guide#
Not seen
Simple Explanation
It is recommended to register a GitHub account, it is recommended to register a GitHub account.
This document is provided for those who feel the need to understand airport-related knowledge, a simple, amateur explanatory document. The author is an ordinary user and therefore cannot guarantee the professionalism of the document, it is for reference only. It should be noted that although this document lists many software, it severely lacks some software usage tutorials.
I do not position myself to the level of understanding required by developers, but rather from the perspective of a user, to explain and clarify some concepts that may be encountered. If you really want to develop, you probably won't see me anymore...
Since I only have Android and Windows devices, there are more details in these two sections, while there is actually a lot of information about iOS, which is easy to find. I really do not understand enough about others.
I do not guarantee correctness, nor am I responsible for any disputes or other issues arising from this, and I will not update the document again.
1. Choosing and Using Airports#
1.1 What is an Airport#
This is actually easy to explain; the SS/SSR we commonly use all have the paper airplane icon. So sometimes we also refer to this type of software and their derivatives as small airplanes. An airport can be considered a place that provides services for this type of software. That's roughly it.
1.2 Airport vs Self-Built#
I see others self-building or co-renting a VPS and using it well, so what is the advantage of an airport?
1.3 Public Welfare Airports#
Some enthusiastic individuals share their own node information, mostly self-built. This information is mainly concentrated on GitHub and TG groups, with varying user experiences; in some cases, you may need to constantly change subscription links, requiring you to carefully weigh your needs/experience/cost.
1.4 Free Airports#
No comments.
1.5 Roughly Determine Needs#
For detailed concepts, please read Part Five: Expansion Modules.
In simple terms, direct connection depends on your luck; your traffic goes directly abroad, bypassing the wall. A relay makes going abroad relatively more stable; BGP is one way of relaying, some bypass the wall while others do not. IPLC (also known as dedicated line) does not bypass the wall; in the context of airports, IPLC mainly refers to Alibaba Cloud's internal network. For example, Shenzhen Alibaba Cloud to Hong Kong Alibaba Cloud is a point-to-point connection. The line needs to land, and different landing points determine the different internet services you can use. Please refer to Part Five for specifics on landing.
In general terms, a dedicated line should be a physical dedicated line. The vast majority of traffic carried by submarine cables is public network traffic, with a very small portion being dedicated line traffic.
Different lines determine different traffic prices; I haven't decided whether to introduce line characteristics. This part can refer to the section on multipliers in Part Five, which provides a more detailed explanation. Their stability varies (stability refers to service availability/your desire to use it during holidays), and thus, simply put, the prices are also different.
Therefore, you need to assess your usage scenarios and needs before seeking relevant personnel for package analysis. But I also know that you actually do not know what your needs are... I will list some common traffic needs and common traffic levels of airports; please assess your own needs.
I have already created a diagram! I won't write more here.
1.6 Obtaining Airport Links#
I roughly understand my needs; where can I choose a suitable airport?
Here is Duyao's airport introduction and Duyao's TG group
Please take your answers to the above questions to the websites linked above to browse or join the group for discussion to get corresponding replies.
1.7 Concern One#
I still have some questions; I am a newbie, how should I ask here? I am afraid of being scolded as a noob...
If you carefully read the Q&A above and are polite, there will be no problem. Just state your needs normally. Those in the group are just earlier users; they are basically users. If you read Part Five, you might understand more than they do. Just reading the brief version of 1.5 is enough for basic chatting. // Public groups are generally just chat groups, so don't worry too much.
1.8 Concern Two#
I have received recommendations; how can I judge their specific level and suitability for me? What does it mean when someone sends a link and mentions aff?
This can only depend on your acceptance of these matters; if you choose to trust Duyao's blog and the opinions of group friends in an independent state, you can choose what you like and try to purchase. For first-time purchases, it is recommended to choose short-term, but you don't necessarily have to choose the cheapest package, as you won't be able to judge the overall experience of the airport. New airport information is supplemented in 1.9.
Aff is short for affiliate link; airports hope to mobilize word-of-mouth to promote user growth. You are smart, so you must understand this. Are these aff links credible? Please refer to the previous question's response about credibility.
1.9 Concern Three#
I am still a bit worried; are these new airports trustworthy? Will they steal and sell my personal privacy?
When others do things, except for a few who are out of their minds, they will consider costs and benefits. Do you think their investment in your information will be proportional to what they gain? Similarly, this explains why the state does not arrest individuals for bypassing the wall; if they do, they will arrest the airport owners (laughs).
New airports are in an expansion phase, generally offering many discounts to new users, and nodes are in an increasing phase, some may be a bit chaotic. // Mainly targeting those mentioned by Duyao and recommended by multiple group friends. //
But here it should be noted that some new sites have plans to make a quick buck and run. Generally speaking, all services are linked to costs; if the line quality is good, it is less likely to run away. Services that are all direct connections can end at any time, such as AWS, Azure, GCP, etc. These will look good during non-special periods or for promotional purposes. If you encounter similar situations, you need to be vigilant. Home broadband, commercial broadband, or other long-term contract constraints are relatively more reliable than what was mentioned earlier.
1.10 Concern Four#
Can I get a refund? Is there a free trial? What if the airport runs away?
Refunds depend on the airport's own terms; generally, you can see during registration/payment: no refunds (laughs).
For free services, please check after registration.
If they run away, then...
They run away...
1.11 Concern Five#
Why do so many websites look so similar? Are they the same company?
Nowadays, VPN service providers are everywhere; if you spend money, you can also start one yourself...
Alright, all of the above is a joke. The airport industry is now very mature. Various levels of people make up a complete system, cooperating in division of labor? There are line sales, website panel solutions, technical support, people responsible for blacklisting others, and agents. In TG groups, you can see all kinds of people, especially various account sales and co-renting groups.
The similarity of airport interfaces is simply because they use the same website building solution. Most websites use sspanel; you can see the staff logo at the bottom of the page, click to view relevant information. If you want to ask others, please be polite.
1.12 Concern Six#
I logged into the page and found that I cannot view the package without purchasing; what should I do?
Generally speaking, the common information you see most often in this guide is related to Duyao's blog. So, you can basically find specific prices and line information on his blog. For missing details, you can check after registration or join the corresponding group/public group to inquire; you will generally get answers easily.
1.13 Obtaining Links and Registering for Purchase#
I have made up my mind and chosen an airport. How do I purchase and use it?
Usually, when someone recommends you, they will generally provide you with the corresponding group link, group address, or you can search for and open Duyao's blog yourself. Generally, it is recommended that you first pay attention to Duyao's speed test channel (the website provides it) to browse recent messages to see if any airports have opened or closed registration. Generally, it is recommended that you first enter the corresponding airport's group through the above link so that you can get timely feedback if there are any issues.
After you enter the group, please click the pinned message or group avatar to view the website information. Click to enter and log in to view. Register an account and choose a package or choose a package and then register, depending on the website. Note: Generally, accounts that register without purchasing a package will be deleted shortly after, and some websites will delete accounts even if you recharge but do not purchase a package, so please consider carefully. If you registered through an invitation code, please try not to waste someone else's invitation quota.
I suggest opening the airport website on a computer for easier QR code payment. Mobile payments sometimes require screenshots, and I forgot whether WeChat or Alipay supports QR codes...
Some airport websites need a proxy to open, but you have already logged into TG, so this should not be difficult for you. It is recommended to enable global mode for registration. If you cannot pay globally, please turn off the proxy. Reminder. // rix payment gateway has issues, resulting in 404. Please feel free to report errors...
1.14 Terms of Use 1#
Okay, I have completed the payment; how do I use it?
Please pay attention to the corresponding airport channel or other line notification channels after/before registration, so that you can timely obtain information about node changes, website changes, subscription updates, promotional activities, etc.
Secondly, please carefully read the airport's service terms/TOS, paying attention to the following points: restrictions on BT/PT, restrictions on online IPs, strict prohibition of co-renting/reselling/leaking accounts, configuration information, IP/domain names, etc., and others for your own reference.
If there is a leak, please delete it immediately and reset the subscription link. Generally, subscriptions are for personal use only; for group use, please purchase a group package/register separately.If problems arise, please refer to the airport's requirements, whether it is a ticket, asking questions in the group, or others. Please note: Airports generally only provide limited technical support, but they generally act as babysitters...
If your account is banned due to violation of terms, you bear all responsibilities.
1.15 Terms of Use 2#
Can I share it with my friends? He only uses it occasionally / do you allow co-renting?
Please refer to your package; if you purchased a single-user package, please carefully reread the TOS, which does not allow sharing.
If you share, it may be detected by the system, leading to account bans. At that time, perhaps you and the management can plead for unbanning, but this is an extra operation, and if they do not unban you, that is also fine. It is better to minimize your own usage troubles.
If your friend wants to use it, you can invite them to purchase, so you can also get a rebate for the next renewal.As for co-renting, it is strictly prohibited; this is even stricter than the situation mentioned earlier, and if banned, you basically have no chance of unbanning. Do not get yourself into trouble for others.
1.16 Other 1#
Obtaining Node Information
Generally, it is all in your personal center -- Product Services -- Activated Services, click to view.
Check subscription methods, software support, etc.And first refer to the airport's own documentation and subscription links for operation. Other parts can refer to my third part or self-research.
1.17 Other 2#
Some proxy software requires paid downloads, and some airports provide download instructions after providing download methods. Please follow the instructions for operation.
If not provided, please purchase it yourself, such as on Taobao / official website / self-registration.
If charged, please consider paying or solving it yourself.
1.18 Other 3#
What to do if the channel is muted?
If you have questions, see if you can submit a ticket or ask in the public group about the situation; please self-verify the information.
1.19 Benefits/Features#
Supplement to 1.5. This part should actually be written together with the airport selection section, but I forgot this part at the beginning, so I don't want to add it now. Many airports provide third-party services such as streaming media accounts, paid proxy downloads, Office 365 accounts, airplane cups??? etc. // You can check Duyao's blog for details.
Some have personalized customization based on their own services, such as Dler writing rules themselves and providing customized clients; YoYu provides very comprehensive subscription filtering settings.
Others to be supplemented.
1.20 Other 4#
The second part of this document is an overview of proxy software; the third part is about downloading and using proxy software; the fourth part is related to reporting issues; the fifth part is expansion, mainly concept explanations.
That's it for now; start your wall-bypassing journey.
Enjoy!
2. Overview of Proxy Software#
Overview of proxy software, this section is just for users with some needs to quickly understand relevant knowledge.
2.1 Commonly Used/Seen Terminology#
Quantumult commonly known as 圈 /quan
Quantumult X commonly known as quanX. Same author as quan. Originally, the author created it out of personal interest, and there are many differences from quan. You can apply through the TF channel.Shadowrocket commonly known as 小火箭 /some input method shortcuts are associated with 小火煎.
Pharos Pro/Pharos, commonly known as 小水滴 / 水滴 / 法老?Cross-platform, supports iOS/Android (in corresponding order).
Kitsunebi 狐火,cross-platform, supports iOS/Android.
Surfboard 冲浪板
CFW Clash for windows
V2RayN/V2RayNG is the same author.
HMBSbige is a relatively active SSR client developer recently; the Windows version interface has undergone significant changes, and there is also an intention to take over the Android version.
SSD's author has blacklisted most domestic systems, but someone has provided a version that lifts the restrictions. The latest version of SSD can be downloaded from issue.
aff/affman: promotional links and people who profit by inviting others to register (pay).
tf/TF: TestFlight is an application testing platform under Apple that helps developers invite users to test apps, facilitating developers to improve and perfect apps.
bot: bot is an abbreviation of the English word robot. The meaning of robot is: robot, automaton. Therefore, a bot starts working automatically based on the program we set. For many people, a bot is a communication tool that does not pollute the chat interface.
VPN: In the context of Chinese people, VPN means wall-bypassing software, do not confuse it with the original meaning.
UDP: Some games or communication software require UDP forwarding for calls.
TG: Telegram is a cross-platform instant messaging software that provides friendly instant communication, multi-platform automatic synchronization, can connect previews, and has powerful bot functions, requiring a wall-bypass to use. Combined with the explanation about bots, by default, do not privately message others; please obtain consent beforehand or communicate through bots.
被打 / D: refers to DDOS attacks, a type of network attack method aimed at exhausting the target computer's network or system resources, temporarily interrupting or stopping services, preventing normal users from accessing.
// Wikipedia
被 C/CC 了: CC attack (Challenge Collapsar) is a type of DDOS (Distributed Denial of Service) where the attacker uses proxy servers to generate legitimate requests pointing to the victim host, achieving DDOS and disguise, which is called CC.
CF: Cloudflare is a multinational IT company headquartered in San Francisco, primarily providing customers with reverse proxy-based content delivery network (Content Delivery Network, CDN) and distributed domain name resolution services (Distributed Domain Name Server). Cloudflare can help protected sites resist packet denial of service attacks and other network attacks, ensuring that the website remains online for a long time while improving website performance and loading speed to enhance visitor experience. >// Wikipedia
Hosting: Simply put, it means that the airport helps you set everything up; you only need to import it without maintaining the arrangement of nodes or writing rules. Surge/Clash adopts a hosting strategy, of course, these software also provide corresponding manual setting options.
Strategy, this is complex; you need the explanation in Part Four.
In simple terms, a strategy determines how a network request works / direct connection / proxy / rejection.
Why are there so many called Clash?
Clash is a command-line program written in Go language, based on text configuration, without a graphical interface. For some people, the operation is not convenient enough.
Thus, many third-party graphical interfaces have emerged, greatly facilitating use, such as CFW, Clashx, clashA, etc.
By the way, Clash also has a router version KoolClash; please let users who need to tinker discover it themselves.
2.2 Quick Start Node Import#
Quick version of node import; except for some customized clients provided by certain airports, other proxy software provided by airports is based on third-party clients. Therefore, you need to use some methods to import your node information.
Common methods include link import / QR code scanning / subscription.
In the early days, server information needed to be filled in manually. Later, someone found it inconvenient, so link import was created; some thought links were still not convenient enough, so QR code scanning was developed for easy entry on mobile devices. Therefore, in the Windows version of SS/SSR clients, you can still see these two methods of adding and sharing.
However, for importing multiple nodes and changing node information, these methods are still slightly cumbersome, so subscription import was created. You only need to copy a link and import it into supported software to conveniently import multiple nodes and manage updates at once. Therefore, this subscription link is particularly important; do not share/leak it to others. The smaller impact is just losing traffic, while the larger impact could lead to account deletion. Generally, every airport has this clause.
So the question arises, where do I obtain the subscription link?
Generally, after you purchase, you can find your activated services in the personal center of the website, click to open, and there will be a lot of node information. Many airports still retain link/QR code import. You can import nodes or use the subscription method according to your needs.
Please refer to this image for specific subscription methods and supported software.
2.3 Nonsense, Overview of Protocols and Software Status#
The following is nonsense; it is recommended not to read.
The most common and best-supported is SSR subscription, SIP002 is also okay, VMess is chaotic, but there are ways to solve it. SSD has developed a custom SSD (after subscription, supports import into the original client / usually these nodes require you to install the obfs plugin in advance, otherwise, they cannot be used...). Software led by Surge has developed hosting. But interestingly, Surge's support for hosting in each major version is inconsistent with the previous version; Surge3 supports Surge2, but most airports are still independent, so it is recommended to follow the name; otherwise, if something goes wrong, do not blame others. Surge4 does not support Surge2, but currently supports 3...
Software represented by the official SS community does not support subscriptions so far. Moreover, the functionality of SS is based on plugins, and each software has different support for plugins. If you want to play with plugins in SS, you might as well self-build.
V2Ray is a very comprehensive network tool, and VMess is its own protocol. Currently, most airports providing v2 basically only provide VMess protocol support and do not provide complete V2Ray support. V2Ray's operational freedom is higher, and its functionality is powerful, based on text configuration, suitable for personal use.
Other proxy tools are still somewhat niche, such as Brook, Trojan, etc. But some airports provide support for Trojan (as far as I know). What I want to say is that for users, the quality of nodes determines the user experience, not the protocol, so you do not need to care so much about the protocol; you do not understand it anyway, unless you have a particular affection for someone/software/name; equally important is the client you use, which is what you see the most. In fact, I hope you see it less, and its presence is not so strong. The same goes for the airport's official website. Popular clients support mainstream formats, which in turn influences user choices.
Therefore, unless you have specific protocol requirements, it is not important to consider what protocols the airport supports. Similarly, how the airport's lines run and what type of IPLC dedicated line it is does not matter to you. It is impossible to get detailed answers in the group; if you really want to understand, there is already a lot of popular science; are you sure you have searched and understood it? In group chats, apart from technical discussions, these concepts only appear as filler words. The purchasing section in the first part is basically enough to cope. If you have the determination to get to the bottom of it, consider solving it yourself / spending money.
Feature Explanation
The VMess subscription format is very distinctive. Usually, I think the subscription format of V2RayN is the basis of VMess. Because most other software that supports VMess subscriptions can be obtained by converting V2RayN subscriptions.Quan / 小火箭 / Pharos Pro's VMess are all proprietary formats; some support import but do not support export, and some support export only for personal use...
Manual addition and export are not recommended; please use the airport's subscription link for operation.
Quan X has canceled support for VMess.
Another concept that may be confusing is the relationship between VMess and V2Ray?
VMess is its own protocol; from this perspective, VMess and the Shadowsocks protocol can be considered equivalent. However, V2Ray is a toolset that supports features such as multi-protocol support and customizable routing, which is different from SS. When TG groups often mention support for V2/V2Ray, it basically represents VMess. This point must be remembered and not confused.
Clients based on the V2Ray core support all V2Ray features, such as Kit/V2RayNG. Quan and others only support the VMess format and do not provide complete V2Ray support. V2RayN/V2RayN/V2RayNG, Kitsunebi are all complete V2Ray implementations, which means these software have advanced features. But that is for you to tinker with.
Trojan: Imitates the most common HTTPS protocol on the internet to deceive GFW into thinking it is HTTPS, thus not being recognized. Trojan operates on port 443 and handles HTTPS requests from the outside; if it is a legitimate Trojan request, it will serve that request; otherwise, it will forward that traffic to the web server Nginx, which will provide services for it. Based on this working process, it can be understood that all of Trojan's performance is consistent with Nginx, and it will not introduce additional features, thus achieving an unrecognizable effect. Of course, to prevent malicious probing, we need to redirect all traffic on port 80 to port 443, and the server should only expose ports 80 and 443, so that the server behaves like a common web server. This part of Trojan comes from Self-Built Ladder Tutorial -- Trojan Version
2.4 Simple Overview of Protocol Support#
The above is very verbose; below is a brief overview of protocol support; please refer to the software for specific support.
SSR: Proprietary protocol, integrated obfuscation
SS: Proprietary protocol, external obfuscation
VMess: Proprietary protocol, multiple request methods, complete obfuscation (the disguise of VMess is generally not called obfuscation?)
Trojan: Imitates the most common HTTPS protocol on the internet to deceive GFW into thinking it is HTTPS, thus not being recognized.
Then the explanation of the protocols in the table:
SIP002 is a URL support standard for SS, which can be used for subscriptions and supports obfs obfuscation. Therefore, there is a difference between subscriptions with and without obfs. Some software only supports those without obfuscation, such as Kit. Pharos supports those with obfs.
Clash is based on SS-GO/V2Ray and supports obfs.
SSD: Supports obfs
SSD/SS's obfs is provided in the form of a plugin; the Android version can be downloaded from the Play Store or manually from GitHub. The Windows version of SSD comes with obfs; please self-download SS from GitHub.
Surge hosting supports obfs.
Quan / 小火箭 supports obfs.
Everything is based on airport services. I also provided a diagram showing common software and download methods.
2.5 Simple Introduction to iOS Proxy Software#
This part is a light chat.
I also provided a diagram showing common software and download methods.
Some links are in the second part, and all links are provided in the third part.
Below is a brief introduction to the characteristics of proxy tools:
The quality of proxy tools on the iOS platform is very high, and support is comprehensive; Android is quite envious. // Prices come from the website of Congcong.
Quan and 小火箭 are often discussed together, with very comprehensive support, being the leaders in the proxy tool industry. The difference is that Quan has more detailed settings. Both support node subscriptions and rule subscriptions. Prices are $4.99/$2.99.
Pharos Pro is a newly released proxy application that supports a wide range of protocols, SSR/SIP002/VMess/Trojan. It has built-in proxy rules, is simple to operate, and easy to use. The price is $2.99.
Surge is the pioneer of strategy groups; it only supports the original SS and obfs obfuscation. In some scenarios, it can be used for network traffic capture and analysis, with functionality far exceeding that of general proxy tools (the price is also). Free + in-app purchase $49.99.
Kit has complete V2Ray support. It supports VMess subscriptions, SIP002 subscriptions, and rule subscriptions. The price is $4.99.
QuanX is a new work by the author of Quan; a major change is that it has removed support for the VMess format. It seems to have switched to supporting the SS+V2Ray plugin.
Due to the removal of VPN applications from the Apple Store in the Chinese region, if you need to use the applications mentioned above, please search for information to create a US account for payment.
Alternatively, if the airport provides purchasing support, please contact the airport according to the relevant regulations.
Or purchase through Taobao, which is probably the most convenient.
Please try to support the original version.
If it is really useful, there is nothing more to say.
2.6 Simple Introduction to Android Proxy Software#
There are actually not many good proxy tools on Android; // The split application is a unique feature of Android, allowing you to choose proxy/direct connection, strongly recommended for use. iOS is based on rules.
Especially since SSR series software has many versions after the author stopped development, but there have not been many improvements, and updates are few. Recently, there have been some signs of improvement, with some people updating. Some airports, like rixCloud, provide modified versions, while others have customized client versions with account login, like Nex. For specifics, refer to my various platform download methods or Congcong's blog, which is more comprehensive. Congcong's website SS/SSR Introduction.
In fact, there has been some improvement recently. Maying is a user of the airport of the same name who developed a slightly improved version of the original, mainly adding ACL4SSR rules. It has now stopped updating and can be downloaded from the Google Play Store. Similarly, HMBSbige, who has performed excellently in maintaining and developing the Windows version of SSR, also intends to develop an Android version of SSR.
The original SS does not support subscriptions, making it incompatible with the subscription era. SSD, developed based on the original SS, supports subscriptions and data interchange with the original SS. Unfortunately, the author's attitude towards most domestic ROMs is either to blacklist them or to be on the way to blacklisting. However, there are versions that lift restrictions, please consider downloading them yourself. Many websites have customized their clients based on it for easy account login, eliminating the hassle of importing subscriptions. For example, SSD-Android 0.0.6 provided by Dler.
However, there have been some new works recently that perform quite well, or there is some hope.
Pharos supports SSR/SIP002 subscriptions. It supports QR code scanning. It uses built-in proxy rules. Currently, SSR protocol support on Android performs the best, greatly reducing disconnections. // The proxy is based on built-in rules; please consider submitting applications. It is currently in early development, and operation is simple.
But there are some precautions: After importing the subscription link, clicking to obtain it defaults to no prompt. You can check in the subscription server list. It supports QR code scanning; if the website does not provide it directly, you can try using the Windows version of SS/SSR to share in QR code format. The biggest trouble currently is that switching nodes is relatively cumbersome; it is recommended to add commonly used nodes via QR code or choose more stable airport services that do not require frequent switching. To update subscriptions, check in the subscription server, select your subscription, click, and there is a sign in the upper right corner. It is recommended that users with stable airport services and SSR support try it.
Currently, the proxy is based on built-in application proxy rules; if the software you are using does not proxy, please join the group to find a way to provide the package name or discuss new solutions.
Currently, Android is free; please consider liking on GitHub.
Surfboard: Compatible with Surge2 (please provide more information); it is one of the few Android software that supports hosting, with built-in split applications. It is very convenient to use. Currently, it is frequently updated. Most airports that support SS also support Surfboard. Currently, the ping function seems to have a slight issue.
SSD adds subscription functionality to SS. However, it is not SIP002; the configuration file after subscription can be directly imported into the original SS, and some nodes require obfs obfuscation, please download from the Google Play Store / GitHub.
Kit supports SIP002 and VMess. It supports subscription rules (such as Shenji rules) and supports split applications.
V2Rayng supports SIP002/VMess. It supports split applications. Operation is simple.
ClashA supports Clash hosting. There are not many settings. You can obtain the latest test version from Clash's TG group; please abide by the group rules and read the pinned messages carefully.
Outline supports the original SS, does not support obfuscation, and does not support QR code scanning.
2.7 Simple Introduction to Windows Proxy Software#
SS-Win is maintained by the official community, supports QR code scanning, and does not support subscriptions. You can share and import after SSD subscription or download configuration files provided by the airport, such as rix.
Clash (CFW) is an easy-to-use Clash that uses hosting. You can enable proxy for UWP applications within the software. It is worry-free to use. Strongly recommended. Currently, there is a modified version of ClashR.
SSD is like Android.
Outline is different from system proxy; it is a true global proxy.
The situation with SSR is somewhat complex; the original SSR stopped maintenance after the author exited. A large number of third parties have emerged. The situation is similar to that on Android; please refer to it. The Windows version developed by HMBSbige has a very good user experience.
SSTap has stopped maintenance; it can subscribe to SSR and is suitable for gaming. However, the recent performance of netch has also been quite good and is in rapid development.
2.8 Simple Introduction to macOS Proxy Software#
To be honest, I am not familiar with it, just like routers, so I didn't mention routers; I have no demand; I like to switch nodes freely.
Surge has the same functionality as iOS. There are also ways to support SSR. Discover it yourself.
There is also ShadowsocksX-NG that supports SIP002.
ShadowsocksX-NG-R8 supports SSR subscriptions.
There are also many other clients; please understand them yourself.
2.9 An Attempt: Explaining Protocols and Obfuscation -- Shameless Version#
Finally, a simple mention of protocols and obfuscation. This part I basically wrote in a daze.
Let me give an example; this example may not be appropriate.
We take video formats as an example; for convenience of narration, I chose the MKV format. I assume everyone has tried playing this format locally; if you have noticed, you will often see places marked with AVC1 and AAC.
A simple explanation: AVC1 is the format of the video (video track) you are watching, and the encoding standard is H264. Taking the video track as an example.
AAC is the encoding format of the audio track; MKV is the container that holds them. When watching a video, you cannot only watch the video track or only listen to the audio track. This part should be understood, right? The player loads this MKV, separates the tracks, and then uses the corresponding decoder to recognize AVC1/AAC for playback.This is also where I think it relates to the protocols of proxy servers. Although it may not be entirely accurate.
Your original data stream -- protocol encoding -- encryption -- obfuscation
Original data stream -- H264 encoding -- encryption? -- encapsulationA simple explanation: Your network traffic is encoded in the way defined by the SS protocol -- encrypted using the method supported by the protocol -- and then a data packet A is obtained, which will be recognized by GFW as unknown traffic. Under normal circumstances, GFW will choose to allow it. This is the first stage.
It is like a sampled data stream being pseudo-encoded by H264 to obtain a pseudo-AVC1; when played in a local player, we assume that pseudo-AVC1 will be recognized as AVC1 for playback. (In this case, the single AVC1 situation can consider deleting the audio track, or I wonder why I didn't choose a flac format; it seems like a step is missing...)
Therefore, protocols and encryption can be understood as obtaining an unrecognizable data packet, which is then allowed to pass.
The emergence of obfuscation was originally to solve the speed limit imposed by some ISPs on unknown traffic that is not HTTP and TLS.
This part can be explained by encapsulating AVC1 in MKV. We also wrap pseudo-AVC1 in a MKV shell. This makes the operator think this is legitimate traffic, thus solving the speed limit issue. There are many ways to wrap this shell, leading to various implementations of obfuscation; some protocols only support specific obfuscation.
Further development, certain protocols combined with obfuscation can achieve better resistance to proxy traffic recognition at GFW.
It should be noted that different obfuscations have different disguises for protocols; for example, httprule [-2pt]{0.5cm}{0.5pt} simple provides a strong feature trying to deceive GFW's protocol detection. Generally, when you use the airport's services, you do not need to care about this. Individuals please ponder it themselves.
4.1 Overview and Reminders#
Please note to express your questions politely and logically; tone is very important; do not look for others to be your babysitter.
When asking questions, be direct, specific, with details, and logical; do not just say something like "I have a problem / Are you there? I have trouble / I can't get online / I haven't done anything" and other such poor questions.
At the same time, understanding answers and questions is a unity; you need to sort out the logic of the answerer. Always remember: if there are suggestions (especially from group managers / majority opinions), please make an attempt and provide timely feedback. Details are noted in Chapter One; please remember to mask personal information / IP / server information, etc.
At the same time, it should be noted that I really do not have a good idea for this part because there are too many ways to make mistakes and solve errors, and my personal ability is indeed limited. Moreover, some problems are close to metaphysics, and some require remote support, which is really difficult to cover all, so I only provide a few ideas for reference. This part has some repetitive content. // Too many strange problems encountered...
Another reason is that most questions lack focus and logic, so making something that seems like a template is provided as a reference sample. Note: The template cannot cover many problems.
Secondly, the airport provides products and limited additional support; it is simply a joke to expect them to solve all your troubles in detail. But you can basically solve the basic ones; please follow the website's and group's prompts to choose group questions / ticket support / remote technical support, or consider paying for quick problem resolution.
4.2 Self-Check#
Local self-check is the basis for the following multiple operations, listed in terms of clauses.
In the case of no proxy, check the local network connectivity, including but not limited to accessing domestic websites, using speedtest to test local connection speed. // Is it normal fluctuation? Did someone dig up the fiber?
In the case of proxy, if it is your first time using it, please check if the proxy software settings are incorrect, such as proxy mode / whether the system proxy is enabled / whether the system proxy is working properly / whether SOCKS5 proxy is working properly / whether PAC settings are correct / whether it is enabled (or disable load balancing) / whether to select disconnect all connections when switching / check if global mode can be used / DNS settings, etc. Open the website mentioned in Part Five to check the IP, see if the data is correct, conduct speedtest, compare tests in the same region and different regions, and check if other devices on the same network are functioning normally;
If you previously had a proxy, please check if it has been correctly closed; you can go to (Windows 10) Settings -- Network Settings -- Proxy to see the currently enabled proxy server; if the information is incorrect, please consider clearing it.
Common socks ports are as follows: SS/SSR:127.0.0.1 1080; Clash:127.0.0.1:7891
For Mac, please search for it yourself.
4.3 Initial Import, Unable to Use#
For first-time use, it is recommended to check the official website more; if there is nothing to do, you can click through it once. I still recommend prioritizing the information from the airport's official website.
If you encounter errors when importing the connection, please check the website's prompt to re-import // In my case, the PAC and subscription updates of the Windows version of SSR come quite slowly; I recommend first choosing not to use a proxy; if you cannot update, please inquire in the group. If you already have nodes, you can try updating globally through the proxy.
If you have correctly obtained node information and have not set everything properly according to the self-check section / have set it according to the website's prompts, please consult the group / submit a ticket. Generally, I suggest you take another look.
4.4 Single Node Error#
If there is an error with a single / few nodes during use, such as timeout / slow response, switching will restore it. My suggestion is to test again after half an hour / custom time; if the situation remains the same, please consider reporting for repair. For repairs, please follow the website's settings: ticket, group, bot, etc.
When reporting for repair, please provide: Region Broadband Platform Client Mode Node Conduct a comparison test in the same region and different regions, remember to mask, use IP query and speedtest, etc.
4.4 All Nodes Error#
Generally, this is rare; please prioritize local self-check.
Then refer to the single node error, using the corresponding channel to provide the relevant information.
4.5 Group Inquiry and Ticket Reporting#
These are the two common ways to report issues and obtain suggestions. Please refer to your specific situation and provide relevant information; after receiving feedback, it is advisable to try.
When inquiring in the group, please express your questions politely, directly, and logically, showing relevant data; if you really do not know how, please use a descriptive, emotionless tone to narrate the whole process (including self-rescue).
Ticket: Because of the non-instantaneous response, you can take more time to sort out and describe the situation. Please be patient; relevant details can be inquired in the group. If there is no relevant group, you can inquire in public groups like the Duyao group; please do not disclose information.
{Special Period Attention} Our country has its own national conditions; if you encounter corresponding meetings / holidays, it is inevitable that a considerable portion of people's experiences will be affected. I suggest you do not rush to complain in the group or shout in the group. Because this is generally caused by yourself, you should have an idea of the costs you have incurred and what your experience might be. Do not set your expectations too high. However, generally, airports will have corresponding countermeasures, such as opening dedicated lines / compensation for expired services, etc.
4.6 Browser Errors#
Browser errors
This is the most common and hardest to say. I can only suggest switching modes, looking for error codes, and comparing nodes; specific situations require specific answers.
If you encounter single / few node errors / unable to use
5 Expansion Section#
5.1 IP Database / Check IP / Native IP / Shopping#
5.1.1 IP Database#
IP Database: A database that correlates IP addresses with physical addresses.
The IP database needs to be continuously updated dynamically, so accuracy and coverage cannot be achieved simultaneously; a balance can only be struck. Currently, there is no universally recognized optimal IP database on the market; a better solution is to integrate various IP databases and make choices.
A relatively good domestic IP database is IPIP;
The foreign one is MaxMind;
Due to the complexity of domestic IP situations, MaxMind's foreign IPIP is more accurate, while domestically it does not perform as well as IPIP; currently, IPIP's foreign data and accuracy are also rapidly improving.
The following three articles address common questions and answers regarding the use of IP.
IP Database on Mobile Base Station Data
IP Database on Chinese Characteristics of Third-Party Exits
IP Database on Certain Browsers that Default to Enable Cloud Acceleration
5.1.2 Check IP#
I recommend the following two websites to check local and proxy server IPs.
The main purpose is to facilitate one of the self-check steps when there are local connection errors.
Skk
ip111
Note: When you submit/share, please mask your own and the server's IP.
5.1.3 Landing#
Refers to the IP ownership recognized by your access destination: home broadband, commercial broadband, IDC, etc.
5.1.4 Native IP / Local IP#
Native IP / Local IP: Refers to the IP assigned to the VPS that matches the registration address of the VPS's country/region.
Broadcast IP: The ownership of the IP assigned to the VPS does not match the geographical location of the VPS. That is, this is an IP broadcast from another country/region.
Why is the geographical location of the IP important? What is DNS unlocking?
Everything can basically be considered due to regional restrictions. Native IPs are generally not used for public cloud computing services or have good IP reputation; they can generally be used to unlock Netflix, HBO, Hulu, and other restricted streaming services. A great example is that Spotify's music is region-locked. At the same time, many overseas shopping websites also have IP locking behavior, limiting access to IPs from specific countries/regions, which is more troublesome than unlocking streaming media, making it difficult for many airports. Duyao's NotesAdditionally, due to Google's magical IP database, it is possible to encounter a situation where you choose a US node, but your YouTube indeed shows content from the German region. Another common occurrence is that Google recognizes some Alibaba Cloud IPs as US IPs, thus allowing access to YouTube Premium/Music. // Singapore // Needs modification; I won't do it here.
Google has not opened services like YouTube Premium in many regions for its own reasons; if you need it, please inquire in the airport's group.Streaming Media Unlocking: Many streaming media service platforms such as Netflix restrict access to certain specific IPs due to copyright reasons. Generally, network operators (such as HKT) own their IPs, such as commercial broadband and home broadband, which are rarely blocked because these IPs are mostly used by the target customers of streaming media service providers. The chances of home broadband IPs being blocked are the lowest; many ISPs' home broadband are dynamic IPs, making it difficult to accurately block. Fixed IP commercial broadband is second. The IPs held by IDC merchants are generally blocked, and the larger and more famous the IDC, the higher the chances of their IPs being blocked. Many IDCs will rent IPs from operators to bypass such blockages, but this method is not foolproof, and there are many cases of failure that I will not enumerate. Therefore, unless it is commercial broadband or home broadband, other so-called "native IPs unlocking streaming media" have a chance of failure.
// Excerpt from Duyao's Notes
5.2 Relay / Dedicated Line / IPLC / GFW / Public Network / QoS / SLA / CN2, 163#
5.2.1 Relay#
Relay: Redirecting data from one server to another.
BGP: In the context of airports, BGP usually refers to an IP being directly connected in multiple operators' networks without going through a third operator, using iptables or related software to add a layer of domestic forwarding to traffic going to overseas VPS. Therefore, BGP is one way of relaying. BGP relay servers can forward traffic to overseas through public networks, internal networks, etc.
5.2.2 Dedicated Line#
Dedicated Line: Communication between two interconnected points, i.e., point-to-point communication, distinguished by internal network services and public network services.
The "dedicated lines" seen in airports are basically the following types:
Public network tunnel forwarding accounts for about 80%
Alibaba's classic internal network / cloud enterprise network accounts for about 15%Other IPLC
CN2 Dedicated Line: CN2 dedicated line service is China Telecom's CN2 Global Internet Access, proposed by some Chinese merchants selling North American GIA CN2 around 2016 -> CeRaNetworks (CN2 dedicated line), in 2017 Anchang -> CDIA (China Direct Internet Access), leading many to believe this is a true dedicated line, but GFW. In fact, this is just a gimmick created by merchants for publicity; even using CN2 GIA will not work properly when the domestic backbone network explodes. Of course, since GFW is deployed at the backbone network exit, it is natural that public network services must bypass the wall; there is no such thing as a CN2 dedicated line service that does not bypass the wall.
IEPL and MPLS VPN and IPLC do similar things to some extent, so they are merged together.
IPLC/IEPL: The concept of IPLC is used for communication between two interconnected points, i.e., point-to-point communication. The Shenzhen-Hong Kong IPLC means point-to-point transmission from Shenzhen to Hong Kong without going through the public network; it is a complete internal network. Currently, Alibaba Cloud's classic internal network/cloud enterprise network is this type; after unloading Alibaba Cloud Shield, it can be considered a true dedicated line. This type of dedicated line does not go through the public network, so GFW will not know what you are transmitting.
There is also a relatively special situation where a public network tunnel is also not blocked; since GFW is deployed at the operator's exit, there is no GFW present for domestic to domestic traffic. Therefore, some airports use the following structure to construct a wall-free dedicated line: Xuzhou VPS -> Shanghai Alibaba Cloud -> Alibaba Classic Internal Network -> Hong Kong Alibaba Cloud -> HKT.
This method avoids GFW deployed at the operator's exit, and because the current domestic operators have very small QoS for IDC bandwidth, and HKT has no speed limit for internal Hong Kong, it greatly improves connection speed. This method is indeed wall-free, and because many Tier 2 IDCs do not have as strict scrutiny as Alibaba Cloud, it is also chosen by many.
To summarize, currently, public network services such as GIA CN2, BBTEC, 9929 will have GFW; not only is there a risk of being blocked, but there will also be QoS issues. The currently cost-effective IPLC is the one created by Alibaba Cloud's classic network/cloud enterprise network.
Excerpt from saber's Wanshiwu
5.3 QoS / SLA / CN2#
5.3.1 QoS#
QoS: Quality of Service (Quality of Service, abbreviated QoS) is a term in the field of packet-switched networks that refers to the probability that the network meets a given service contract; or in many cases, informally refers to the probability of packets passing between two points in the network.
QoS is a control mechanism that provides different priorities for different users or different data streams, or guarantees that the performance of data streams meets certain standards based on application requirements. Guaranteeing QoS is very important for networks with limited capacity, especially for multimedia applications such as VoIP and IPTV, as these applications often require fixed transmission rates and are sensitive to delays.
In the context of daily use, it roughly refers to the quality of your network service.
// Wikipedia
5.3.2 SLA#
Service Level Agreement (SLA) sets priorities for data streams, thereby establishing guaranteed performance, throughput, latency, and other limits at the network/protocol level based on mutually agreed standards. Some specific forms of network data streams require defined quality of service, such as multimedia streams that require guaranteed throughput.
// Wikipedia
5.3.3 163 CN2#
Ordinary 163: This is the telecom line that telecom users most often encounter, the lowest level, with provincial / outbound / international backbone nodes all starting with 202.97, and there are no CN2 nodes starting with 59.43 throughout. It performs poorly on outbound lines, showing congestion and high packet loss rates.
CN2 GT: CN2's Global Transit product (also known as GIS-Global Internet Service) is a lower-level product in CN2; provincial / outbound nodes start with 202.97, while international backbone nodes have 2-4 CN2 nodes starting with 59.43. It shows moderate congestion on outbound lines, slightly stronger than the 163 backbone network, and has a relatively high cost-performance ratio compared to CN2 GIA.
CN2 GIA: This is the highest-level product in CN2, belonging to Global Internet Access; provincial / outbound / international backbone nodes all start with 59.43, with no nodes starting with 202.97. It performs best on outbound lines, rarely congested, and theoretically has the fastest and most stable speed, but of course, the price is relatively higher than CN2 GT.
Does CN2 VPS necessarily carry faster than ordinary 163 carrying networks?
CN2 determines that the network quality will be better than ordinary 163 carrying networks, but not necessarily; in addition to the carrying network, the geographical location of the data center is also very important.One-way CN2 and two-way CN2
CN2 lines are divided into two types; when purchasing, you must also pay attention to whether CN2 is two-way or one-way. As the name suggests, two-way means that both the outbound routing nodes and the return routing nodes use the CN2 carrying network. One-way CN2 generally refers to outbound CN2, with ordinary telecom lines for the return journey, which will be slightly inferior in speed compared to two-way CN2.The above CN2 and 163 parts come from Things About CN2 - Introduction to CN2 Lines and VPS Service Providers
This is a brief discussion of Mainstream Domestic Network Operators' International Connection Lines
Supplement#
The above explanations are not meant to make you question the specific situation of the airport's lines. As a delivery service, the most important thing is the availability of the service; the rest is not very important.
Communication ports (English: port), also known as connection ports, ports, protocol ports (protocol port) in computer networks, are services created by software that serve as communication endpoints (endpoint) in a computer operating system. > Each communication port is associated with the host's IP address and communication protocol. Communication ports are represented by 16-bit numbers, known as communication port numbers. Common ports include 443-HTTPS/80-HTTP; these are fixed ports, while some airport ports are uncommon, such as 6353?
Some airports provide services using common ports; in certain company intranets with restricted ports, better results can be achieved.
5.3.4 Broadband Service Providers and VPS Merchants#
Broadband services are provided by domestic operators, while VPS merchants purchase bandwidth from domestic operators for domestic interaction / cross-border interaction. The provision of various other services depends on the IP held by the VPS itself.
For specifics, please refer to the airport's commonly used line popular science Duyao's Notes
5.4 DNS and GFW#
5.4.1 DNS Pollution#
DNS pollution is an unavoidable part of access; now major clients basically have remote resolution mechanisms to ensure you can access the external network normally, but local routing processing varies greatly. Generally, we default to using the DNS provided by the operator, but operators are also divided by region, and different operators have different policies. Some may have hijacked you, which is the most common. If you encounter such situations, including but not limited to / to be added /, you may consider changing DNS, referring to the article by skk.
Some tools now also have features to avoid DNS pollution, such as Clash. Others you can consider setting up smartDNS to prevent pollution. // DNS is also a common means used by GFW.For other parts, please refer to Wikipedia. You can also refer to A Brief Discussion on DNS Resolution Behavior in Proxy Environments | Sukka's Blog and related articles.
5.4.2 GFW#
// Please refer to Wikipedia and In-Depth Understanding of GFW: Internal Structure, but this is a 10-year-old article.
5.5 Traffic Splitting / PAC / Routing Table Splitting / Strategy / Rules / Strategy Group#
5.5.1 Traffic Splitting#
Traffic splitting: Previous VPNs could proxy various protocols, which caused some websites that could normally open to load slowly. With the advent of SS protocol proxying, since it is a socks5 proxy (with explanation), it can no longer proxy various network requests like VPNs. This also brought about the possibility of change. Traffic can be distributed through certain rules to speed up access.
The significance of traffic splitting was initially to solve the slow access problem when using the same network mode for domestic and foreign access, such as using global access to domestic video websites, etc. Later, as different clients provided various traffic splitting methods, many people online also created corresponding rule sets based on them. Nowadays, many people say that traffic splitting is not just about direct connections domestically and proxies abroad; in a sense, tinkering with traffic splitting has become a technical activity and a technical symbol for some people, and they are happy to do so.
socks5: According to the OSI model, SOCKS is a session layer protocol, located between the presentation layer and the transport layer. SOCKS operates at a lower level than HTTP proxies, simply passing data packets without caring about specific protocols and usage. // Wikipedia
The difference between proxies / What is a system proxy
Simply put, you just need to know that applications supporting system proxies are rare, mainly for personal application scenarios like browsers or IDM.
TG recommends manually adding socks5 proxies, so that when switching to system proxy mode, it is not affected. // When the system proxy fails, you can look at socks5.
Then direct connection means that all traffic or requests from the browser do not go through the proxy server.
Global means that (mainly) all traffic or requests from the browser go through the proxy server.
Proxy means that all traffic or requests go through the proxy server. In practical application contexts, proxy often refers to a method of distributing traffic through some splitting method and then going through the proxy server.
5.5.2 PAC1#
PAC: Proxy Auto-Configuration (PAC) is a web browser technology used to define how the browser should automatically select the appropriate proxy server to access a URL.
// From WikipediaThis only works for browsers. PAC has its syntax format that can be edited, but for individuals, maintaining it is relatively costly. Now, mainly, pre-maintained rules by others are used. For example, gfw/gfw-white, etc. This can be seen in the settings interface of SS-win/SSR-win.
gfw: great firewall, also known as the wall. This is also called a blacklist, maintained by the community, collecting and organizing domain names and IPs blocked by GFW. When using this rule, matching rules will go through the proxy.
gfw-white: commonly known as the whitelist. The list contains mainland domain names and IPs. When using this rule, those that match the rules will connect directly, while those outside the rules will go through the proxy.
Comparing the two: gfw is maintained by the community, and when new domain names are blocked, they may not be immediately included. (If discovered, please consider submitting it.) The idea of gfw-white is that mainland domain names are relatively stable, while following the wall may not be timely. In addition, some websites that are not blocked or refuse mainland IPs may be affected by their geographical location and the quality of personal direct connections to overseas networks, making using a proxy relatively stable. For individuals, using gfw will save traffic, while gfw-white will consume relatively more traffic. For streaming media services, the whitelist mode is recommended. Individuals generally do not have special needs; gfw is usually sufficient. If the homepage of some airports refuses access from the mainland, if you use gfw to access, you need to set the system proxy to global, refresh the page; whitelists generally do not have this concern.
5.5.3 Router Splitting#
Routing table splitting can refer to the PAC splitting rules and routing splitting on SSR-win. Routing splitting requires you to manually add a socks5 proxy in the browser or use Proxifier to establish a system proxy. The browser can use switchyomega. Similarly, the settings of V2RayN on Windows are based on routing splitting. However, this is not too detailed and accurate; for Android, SS/SSR is based on ACL splitting, while iOS has rule splitting (briefly mentioned). Since common protocols do not specify how to split, they are all implemented by the software itself.
5.5.4 PAC2#
For the two methods of PAC and proxy rules for win-ssr clients (which are somewhat similar to V2RayN, I do not know the mechanism).
The following content comes from Doubi Backup; his view is that 1. PAC rules determine which websites go through the proxy based on the black and white address lists in the PAC file. That is, it determines whether the traffic enters the client. 2. Proxy rules determine based on IP, judging whether the traffic entering the client is direct or goes through the proxy based on set rules.
This seems to make some sense, but my question is why there needs to be an additional step of judgment? What is the significance?
My original view was PAC -- system proxy, splitting rules -- SOCKS5 proxy (browser adding plugins).
I put the question here; please research it yourself.
5.5.5 Strategy Group Splitting#
Before this, please understand nodes, direct connections, and proxies. Here, there will be reject rules.
The method of action and its target combine to form a strategy. The methods of action include: proxy, direct, reject, and domain matching methods, while the targets are network requests.
Additionally, there is the term rule, which has multiple meanings. It can refer to a specific matching rule, a rule set (such as Shenji rules, who has XX rules), or a strategy set composed of strategies. // Here, my explanation is basically based on Clash; please understand the others yourself. iOS has a scenario mode, which was mentioned when automatically selecting nodes; the usage here is different; simply put, what to do when connected to WiFi, what to do when connected to data.
A strategy group is composed of strategies, and a strategy group can directly apply rules in the strategy or be called by other strategy groups.
For example:
You send a request to www.google.com, and the rules initially match it to the proxy strategy group, according to the proxy strategy. Suppose the proxy is associated with the hk3 node; the local traffic is sent to the hk3 node through the proxy.You send a request to www.iqiyi.com, and the rules initially match it to the direct strategy group, according to the direct strategy, which defaults to sending directly to iqiyi's server. Of course, if you have domestic nodes, you can send the traffic to the corresponding proxy before sending it to iqiyi.
You send a request to www.advertisement.com, and the rules initially match it to the reject strategy group, according to the default reject strategy, rejecting this request.
In addition, the set rules often have omissions; at this time, others will match this request, specifying proxy/direct connection.
The initial matching can have various methods; for example, clash for windows relies on the GeoIP library to determine whether a request needs to be proxied. (CFW can also customize strategies.)
Similarly, since strategies are a combination of rules and their targets, you can specify certain domain names (targets) to perform proxy operations. This is why customized strategies by others appear (sometimes also referred to as rules/rule sets): specifying common domain names as proxies/direct connections, rejecting requests for advertisements, dangerous websites, etc.Hosting: Refers to the airport pre-defining the nodes and operations within the package you purchased. This eliminates the hassle of manually setting rules.
What are the advantages of strategies? When you have opened pages A and B in the browser simultaneously, and server C is friendly to A while server D is friendly to B, at this time, PAC splitting will not work. However, based on strategies, it can be used normally. This is one advantage. A common application scenario is specifying the region for Netflix.To be more specific:
In the proxy strategy group, with multiple nodes, you can choose nodes based on certain rules, such as: manually selecting select latency testing url-test to choose the node with low latency.
Network type SSID SSID Policy selects nodes or strategy groups based on network type or router name, etc.
The above can establish a strategy group for Netflix called GobalTV; within this strategy group, you can add the nodes you use to watch Netflix or select the proxy strategy you are currently using.
// This reference is from F; my views do not represent F's views; please read the linked article and understand.
5.6 Multipliers / Latency / Automatic Node Selection#
5.6.1 Multipliers#
Multiplier: The ratio between the value of traffic you consume and the value of traffic statistics from the service provider. Commonly, there are two types of multipliers in airport services: ordinary multipliers, with a minimum multiplier of 1; low multipliers, where some nodes have multipliers below 1.
For example, if you use a node with a 0.2 multiplier, consuming 1G of traffic will be counted as 0.2G by the service provider.The significance of multipliers lies in the relationship between multipliers and line quality/user experience > Currently, airports are roughly divided into two types of line types: direct connection lines and relay lines. The traffic prices of different line types are different. Large traffic or even unlimited traffic can basically only be provided on direct connection lines; generally, ordinary multipliers are used for easy viewing and user understanding; relays or dedicated lines have higher costs, and under the premise of not being exaggerated in price, the average traffic provided is less than that of direct connection lines. To ensure normal user usage and balance traffic prices, low multiplier nodes are provided to facilitate users to choose lines according to their needs.
5.6.2 CDN#
CDN: Content Delivery Network (Content Delivery Network or Content Distribution Network, abbreviated: CDN) refers to a computer network system interconnected through the internet, using servers closest to each user to deliver music, images, videos, applications, and other files to users more quickly, reliably, and at lower costs, providing high performance, scalability, and low-cost network content delivery to users.
// Wikipedia
For example, when you initiate a request to access YouTube, the resources provided are from the nearest YouTube deployed CDN.
5.6.3 Latency and Speed Testing#
The meaning of ping / latency / speed testing
In the conventional sense, ping refers to sending an ICMP echo request data packet to the target host and waiting for the echo response data packet. The program estimates the packet loss rate (packet loss rate) and round-trip time (network latency, Round-trip delay time) based on the time and the number of successful responses.
// WikipediaHowever, simply speaking of latency, you can see that testing once can yield several data points. For example:
icmp ping: Classic ping, in the case of relaying, generally measures the network latency from you to the relay server.
tcp ping/http ping: Refers to the network latency obtained by sending data packets of the corresponding protocol. Generally, the value is greater than that of icmp.
For example, Clash's automatic speed testing specifies a URL: {http://www.gstatic.com/generate_204}{this}. The advantage of this URL is that it has a global CDN, making the value relatively accurate.Below is a brief explanation of my understanding of speed testing; speed testing only reflects the local, current speed status of a certain/some nodes, and then this has significant reference value for other regions with the same bandwidth; however, it does not have much practical reference value for other regions. But we can still find some data we want from it, such as node quantity, regional distribution, connection type, multiplier, and two latency parameters in a certain region; basically, that’s it. Of course, particularly common poor performance is generally better the farther away you are (except for special periods, special periods are considered separately). Since convenient speed testing tools have emerged, many people test speed from time to time; once a node has a problem, they plan to argue with the airport owner (some) or lower their evaluation of the airport. In fact, this is unnecessary; except for lines that you exclusively use, the rest are shared resources, and due to the preferences of the crowd, the utilization of different nodes varies, and what you can use may not be that many. Of course, if this is the case for a long time, it is unacceptable. As for special periods, when the airport you choose does not perform well, frequent speed testing may actually lower your overall experience. Here, I also want to say, unless there is nothing to do, do not keep squeezing into Hong Kong, especially for those who are at the front of the queue.
Here, I want to mention that some people use YouTube's bitrate as a standard for evaluation; personally, I feel it is meaningless. The bitrate required for 4k video is not high, and the corresponding switching speed is determined by the node's region, as long as the switching is smooth. // YouTube is single-threaded.
However, this does not mean you are passive; you do not have to be so passive. There is no need for that. If you test the ping value is too large / timeout, and after a few minutes, it is still the same, you can follow the reference in Part Four to ask questions.Here, I recommend a speed testing method. Speedtest speed testing. When your local node has issues, first disconnect the proxy to test locally, then test the proxy, and compare tests in the same region and different regions to establish a comparison group. // Fast tests the status of Netflix and does not have universal significance.
Node selection mechanism
Load balancing / url-test/fallback/SSID; these are discussed together; in strict terms, load balancing is a mechanism, while software implementation is a strategy. These are all methods for automatically switching nodes, different from manually switching nodes.
The load balancing mechanism is the most common and has many types / latency / download speed / error rate, etc. When in use, the software will continuously request access according to the specified strategy at certain time intervals. // It is easy to exceed the real-time connection limit set by the service provider, and it is not recommended to use it when the airport nodes are stable; it is meaningless and may also prevent you from correctly viewing the content you want to see in that region. // The remaining parts are briefly mentioned.
url-test: Switch nodes by sending requests to fixed URLs, usually {http://www.gstatic.com/generate_204}{this}.
fallback: Choose the first available node according to the node order.
SSID: Select nodes or strategy groups based on network type or router name.
Additionally, some methods that cause connection numbers to exceed limits, such as the speed testing of Quan, are also prohibited by some airports, causing the more you test, the slower it gets.
5.7 Netflix / Box Netflix / Turkish Car / Resolution Issues /#
Unlike domestically, many foreign streaming service providers have high DRM requirements for software/systems. This has a significant impact on domestic mobile manufacturers who habitually cut Google services and establish their own portals. The clarity of Netflix cannot be manually adjusted; under this premise and the collection of DRM level restrictions, some users' playback clarity is locked at 540p, and even worse, they cannot download the corresponding software from the Google Store.
Users can download drm info from the Google Play Store to check the winevide level.
L1 supports HD, 720/1080. You can see the HD label / HDR / Dolby Vision, etc., on the video detail page.
L3 supports 540. Domestic phones generally fall into this category; if needed, please flash a foreign ROM.
Additionally, rooted phones are generally L3.
Specific support on mobile can be checked by searching for Netflix test pattern; after playing, you can see the resolution in the upper right corner.Support on desktop is as follows:
Windows: Edge UWP version Netflix 4K, others are all 720, can support 1080 through plugins.
macOS: Safari 1080, others are all 720, can support 1080 through plugins.
Chrome OS: 1080.Watching Netflix on TV:
The first barrier is that a native IP is required; the IP library recognition of Netflix on TV is stricter than on mobile.
The second barrier: