Tor Browser 7.5a6 is released

Tor Browser 7.5a6 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates firefox to 52.4.1esr, Tor to 0.3.2.2-alpha, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.5a5 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Tor to 0.3.2.2-alpha
    • Update Torbutton to 1.9.8.2
      • Bug 23887: Update banner locales and Mozilla text
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 23694: Update the detailsURL in update responses
    • Bug 22501: Requests via javascript: violate FPI
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
    • Bug 23025: Add some hardening flags to macOS build

原文:https://blog.torproject.org/tor-browser-75a6-released

Advertisements

Tor Browser 7.0.7 is released

Tor Browser 7.0.7 is now available from the Tor Browser Project page and also from our distribution directory.

This release updates Firefox to 52.4.1esr, HTTPS-Everywhere to 2017.10.4 and NoScript to 5.1.2. On Linux the content sandboxing is now enabled. This release is also fixing some crashes and adding a donation banner starting on Oct 23 in order to point to our end-of-the-year 2017 donation campaign.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.1esr
    • Update Torbutton to 1.9.7.8
      • Bug 23887: Update banner locales and Mozilla text
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Translations update
    • Update HTTPS-Everywhere to 2017.10.4
    • Update NoScript to 5.1.2
      • Bug 23723: Loading entities from NoScript .dtd files is blocked
      • Bug 23724: NoScript update breaks Security Slider and its icon disappears
    • Bug 23745: Tab crashes when using Tor Browser to access Google Drive
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 23694: Update the detailsURL in update responses
  • OS X
    • Bug 23807: Tab crashes when playing video on High Sierra
  • Linux
    • Bug 22692: Enable content sandboxing on Linux

原文:https://blog.torproject.org/tor-browser-707-released

安卓版: 无界一点通4.1a测试版(2017年10月18日)

无界一点通4.1a测试版, 做了以下改进,请帮忙测试并反馈:

1. 加速电视/广播启动速度;
2. 修复新唐人某些网页白屏问题;
3. 增加明慧广播;
4. 解决新平台下载许可问题;
5.增强安全性和连通能力。

http://wujieliulan.com/download/um4.1a.apk

sha256:5ce18ba747067320eb17935bd611a5eba98eb1ee8514c946031cd1e014923003
md5:62113edcf18d1fec0de58f37d04e43a8

谢谢!

—————–

“无界一点通”是安卓版的翻墙软件, 让您看到没有被过滤的真实讯息。适用于安卓手机/安卓机顶盒等安卓平台。

安装”无界一点通”测试版:

1。需要首先对手机进行设置: 按“菜单”键 –> settings(设置)–> Applications(应用程序), 钩选”Unknown sources”(未知源)。
注: 有的版本是: 按“菜单”键 –> settings(设置)–> security (安全) 里面, 钩选”Unknown sources”(未知源)。

2。将下载的um.apk文件拷贝到手机SD卡(或内置SD卡)上。如果下载的为压缩文件, 无须解压, 直接将文件扩展名 .zip 更改为 .apk 。
在安卓手机上点击um.apk文件便可安装。如与已经安装的无界一点通旧版有冲突,请先卸载旧版, 再安装新版。

3。详细说明见网址: 《网址》m.wujieliulan.com/userguide.html 《网址》

4。 注: 如果在VPN模式下使用其他浏览器(而不是无界一点通自带的浏览器),请使用其浏览器的“隐私模式”, 或退出无界一点通之后,请将浏览器的历史记录清除,否则在没有VPN的情况下无意中点击了这些历史记录,会有安全隐患。

原文:http://forums.internetfreedom.org/index.php?topic=22352.0

2017年10月翻墙快报(兼谈用 I2P 突破封锁)

文章目录

★近期翻墙动态
★常见翻墙工具的状况
★非常时期,关于翻墙的注意事项
★关于【分布式】的重要性
★翻墙教程汇总

★近期翻墙动态

  很久没有发过《翻墙快报》了。细心的读者会发现:前一篇还是《2015年8月翻墙快报》,距今超过【两年】。
  为啥隔了这么久捏?主要是因为最近两年,翻墙形势喜人,常用的那几款梯子,一直都很稳定。因此,俺就没有动力去写《翻墙快报》了(请原谅俺的懒惰)。

  最近捏,因为朝廷要开【十九大】,按照惯例,GFW
又要加大封锁力度了。本来俺以为会从“十一”长假开始加强封锁。但不知为何,GFW 一直到10月9日才开始发飙。想来是因为 GFW
的研发人员也在欢度长假,所以等到节后第一个工作日才开始动手。
  下面俺给大伙儿介绍一下:几款常见翻墙工具的状况(形势不太妙哦)

★常见翻墙工具的状况

  俺测试了几款常用翻墙工具,情况如下。
  根据这几年的经验,不同省份或者不同
ISP,翻墙工具的效果可能会有差异。所以俺个人的测试,仅供参考。也欢迎列位看官反馈自己的翻墙情况。

◇VPN Gate

  经俺本人测试,从10月9日开始,VPN
gate 就很难找到可用的 server;从10月10日开始,连 server list 的更新机制也失效了。
  比较奇怪的是:俺访问 VPN gate
的官网,发现天朝(china)在“国别排名”中依然排在第二名,而且总流量还在继续增加。这说明某些墙内的网民依然可以使用 VPN gate 翻墙。如果你手头的
VPNgate(在10月9日之后)依然可用,欢迎在俺博客留言,反馈一下。反馈的时候顺便说一下你所在的省份以及你的宽带使用哪个
ISP。

    以下是热心读者的反馈:

广东翻墙简报:
广州电信,VPNgate,国庆中秋长假期间开始渐渐大部分IP无法正常连接上,到了长假结束翻墙形势更加严峻,基本大部分IP连接1整天都练不上,有的即使连上了,很快就被阻断,但VPN还是显示连上的。

He Huang
VPNgate今天還能用,福州電信

◇蓝灯(lantern)

  蓝灯在10月8日发布了
4.1.2 版本。当 GFW
在10月9日开始加强封锁的时候,这个版本还可以用;但是在昨天(10月11日)已经失效了。
  另外,蓝灯官方在10月10日还连发了两个版本(4.1.3 和
4.1.4),可惜在昨天(11日)也都失效了。蓝灯官方这么密集地发布新版本,肯定是为了应对这几天 GFW
的封锁。
  蓝灯最新的两个版本刚推出就失效,让俺有点意外(从另一个角度也反映出——GFW
近期的封锁比较彻底,大伙儿要小心

    以下是热心读者的反馈:

挪威森林猫:
(广东联通)
蓝灯:
不论是无流量限制的2.x版本还是有流量限制的3.x版本不仅每次都连得上,而且还超快(720p Youtube
竟然不卡)。。。;手机版也是如此

萩原悠介:
常用工具是GAE的XX-NET和蓝灯,坐标魔都,观察到虽然都是电信ISP但是翻墙工具貌似会因为公网IP网段的不同出现不同效果,比如家庭宽带拨号获得最多的114段IP基本都走掉了,少数非114段IP的封锁相对比较缓和,不知道其他地区的运营商是否有类似的情况

◇赛风(psiphon)

  最近一年,(俺个人感觉)赛风不如蓝灯。所以,赛风最新版本
3.129 失效,俺倒没觉得太意外。
  (赛风的 3.129
版本于10月9日发布,也是刚推出就失效)

    以下是热心读者的反馈:

匿名:
我检查其他免费的轮子的工具基本沦陷,赛风3偶尔可以用!
四川联通的网络哈

匿名:
广东,手机版赛风还可以。。。,第一次留言哈哈!

匿名:
本人用赛风3加四维翻出来的,其他VPN不管用了,电脑小白!

匿名:
过去赛风条件下,油管视频下载速度常超过1M,自从殇日过完,就只能对付在线看了,表示欲哭无泪,为了防止悲伤过度发生更可怕的后果,决心偷偷准备好I2P

◇无界

  经俺本人测试,无界最新的 16.03
版本【依然可用】,但是从10月9日开始就【很不稳定】。
  如果你手头的无界用了一段时间后突然断线,你可以【切换一下自己的公网
IP】,然后再重新运行无界,【运气好的话】就又能联网了。
  (对于家用宽带,只需要关闭一下宽带拨号设备,隔一会儿再开,就可以切换自己的“公网
IP”)

◇自由门

  经俺本人测试,自由门最新的 7.6.1 版本,从10月9日开始就失效了。

◇TOR + meek

  TOR
在七八年前就被 GFW 封杀了。不过后来 TOR 官方提供了一个 meek 插件,可以让 TOR 客户端通过国外的计算平台间接连入 TOR
网络。
  根据读者反馈,“TOR + meek”的方式【依然可用】。
  关于 TOR + Meek 的使用教程,请参见:《“如何翻墙”系列:TOR
已复活——meek 流量混淆插件的安装、优化、原理

  以下是热心读者的反馈:

挪威森林猫:
(广东联通)
TOR + meek:
有时候连得上,有时候不行;看网页还行,看Youtube基本不行。

匿名:
Tor+meek可以翻出去,tor+obfs4國殤日之前就已經掛掉

◇I2P

  (从来没用过 I2P 的同学,请先看这篇《简单扫盲 I2P
的使用
》)
  前些年,每当 GFW 发飙,翻墙工具倒下一大片,I2P
通常都能屹立不倒。(就比如5年前开“十八大”的那次,当时各种工具纷纷失效,也是 I2P 一枝独秀)
  这次也不例外,【I2P
依然坚挺】,实在可喜可贺!(经俺本人测试,一直可用!)
  I2P
虽然坚挺,但是速度慢。所以它适合于:【在封锁很严重的时期进行应急】。

  如果你是第一次运行
I2P,需要先进行【补种】(洋文叫做“reseed”)。补种之后,I2P 才能够接入 P2P
网络。现在封锁很严重,【如何补种】是一门艺术。下面俺会单独聊。

◇SS(ShadowSocks)及其衍生工具

  俺一直没有购买
VPS 用于翻墙(主要是出于【隐匿性】的考虑),所以就没法亲自测试 SS 的情况。
  前几天看到一则新闻《中国研究人员利用机器学习识别 Tor 和
Shadowsocks 流量 @ Solidot》。所以俺猜测:SS 的情况也不乐观 😦
  如果你近期使用过 SS,欢迎在俺博客留言,反馈一下 SS
的情况。

  以下是热心读者的反馈:

Benny
Think.:
一部分SS/SSR先是连不上,换端口能连上,还有一部分IP被墙彻底挂了。
现在SS/SSR也是苟活,速度稳定性比以前差一些。

匿名:
广东移动,GCP搭建的SS相对稳定,使用东亚的节点,延迟基本上保持在两位数。

i Vanilla:
Shadowsocks 等工具目前是受到了一定的影响,如果用 obfs
混淆效果可能会好些,当然这跟加密算法有关。
V2Ray 应该是比较好用的,大家可以尝试一下。
GFW 最近是封了一批 VPS 的 IP
段,所以无论这些 VPS 运行什么代理工具,都会无法连接。

Unknown:
安徽电信,晚上连vultr的ss,无法连接,切换到移动走流量正常,速度奇快。白天连vultr,一切正常,速度忽快忽慢。

匿名:
SS目前无问题。自己搭的梯子,从早期低版本到近期高版本的,还都可用

匿名:
SS可用,目前5个vps有一个出问题,原因应该是网段被封了。

匿名:
ss,va2y, SSR也是一片哀嚎

◇V2Ray

  V2Ray 依赖于 VPS,基于前面提到原因,俺没有尝试过“基于 VPS 的翻墙”,因此也就没有亲自测试
V2Ray 的情况。

  以下是热心读者的反馈:

匿名:
這段時間v2ray採用http混淆或者kcp模式爬牆均無大礙,psiphon變形版本也可以翻出去
gfw.press只要及時更新節點,爬牆亦沒有問題

◇关于 VPS(Virtual Private
Server)的补充说明

  除了
SS,还有其它一些翻墙方法(比如自建 SSH)也依赖 VPS,所以再顺便提一下 VPS。
  据俺了解到的情况,这次 GFW 加强封锁,把很多 VPS
提供商的网段都封杀了。
  假如你付费的 VPS 提供商,其网段已经被 GFW 加入“IP 黑名单”,那你的 VPS
就废了(无论怎么折腾都没戏)。

  以下是热心读者的反馈:

cirno
scarlet:
我用韩国的蘑菇云自建ss,原版SS,没有混淆,无任何影响;
大杀器昨天是激烈的IP攻防战,石斑鱼换了N多的IP地址,貌似是守下来了;
搬瓦工听说挂掉的极多;
感觉这次所谓GFW升级,实为人海战术,只要流量集中,就把相关IP墙掉。

Unknown:
根据我的观察,挂掉的SS集中于搬瓦工,阿里云等知名VPS;我自己用的是新加坡的一个小众VPS,自己建的shadowsocks-liev,没开obfs,用TCP
BBR加速,一直都没事。

匿名:
手上3个VPS均是SS,每个IP用几小时就会ping不通,然后换个IP继续用,ping不通的IP过一段时间也会复活,没死绝。这段时间就是这么换来换去。

Chaos;Code
(・_・;)辽宁联通,目前用的自搭酸酸乳,搬瓦工vps,混淆开的很高,速度还算较快,偶尔有ping不通的情况(大概一周一次?),应该是日常抽风吧(*>_<*)ノ,没什么大碍(・∀・),就酱。

匿名:
Goproxy-php,xxnet-php,https目录加密的php-web代理都正常使用,需要一个虚拟主机空间。

noneme:
我的两个vps 都同时挂了ss ssr v2ray, 有一个被封ip了.
另一个没有问题. 都是美帝的服务器

◇热心读者的其它反馈

  有些热心人的反馈,不方便归入某个类别,就统一放到这里。

Bingyu
Pan
现在电脑里也只有I2P坚挺,tor如果连的上,问题也不大(因为难以切断)。石斑鱼的大杀器也坚持了下来。
不可用的:lantern,xx
net,freegate,VPN
gate,psiphon,无界.
运营商:河南联通,安徽移动,福建电信。

★非常时期,关于翻墙的注意事项

  下面是一些经验介绍,供大伙儿参考。

◇【不要】在一棵树上吊死

  在严重封锁的非常时期,你手头要多准备几个翻墙的梯子。
  有些缺乏经验的同学只依赖一个梯子,万一这个仅有的梯子失效了,就傻逼了。

◇确保有一个【可用的】I2P

  考虑到
I2P 比较坚挺,可以在非常时期用来【救急】。当 GFW 加大封锁导致很多翻墙工具失效,这些翻墙工具也会更频繁地发布新版本,尝试突破封锁。而 I2P
的【救急】作用就体现在——用来下载其它翻墙工具的新版本。
  如果你是第一次运行 I2P,或者你很久没有运行 I2P,要先进行【补种】。I2P
的补种大致有三招,分别如下:

  第1招:用其它翻墙工具给 I2P 补种
  I2P
内置了一批“补种服务器”(洋文叫“reseed server”)。很显然,这些“补种服务器”早就被 GFW 封杀了。要想通过这些“种子服务器”进行补种,需要让
I2P 通过其它翻墙工具联网。假如你手头有其它的翻墙工具,【并且还能用】,赶紧用这个工具给 I2P 补种。
  启动 I2P
之后,用浏览器中访问如下网址,就可以进入【I2P 的补种界面】。

http://127.0.0.1:7657/configreseed
  在这个界面上勾选“Enable HTTP Proxy”,并填写相应的“Proxy
Host”和“Proxy Port”(具体填啥,取决于另一个翻墙工具提供的代理)。填写完记得点保存按钮,然后 I2P
就可以通过其它翻墙工具联网并补种。
  补种完成之后,当 I2P 已经找到其它节点(界面上的 Peers 大于零),你就可以把“Enable HTTP
Proxy”选项去掉——让 I2P【独立联网】。

  第2招:找其它人帮忙获取 I2P
的【种子文件】

  假设你有一个朋友手头有【可用的】I2P,那么你让这个朋友生成 I2P 的种子文件,并把种子文件发给你;然后你在自己的 I2P
补种界面上,导入这个种子文件,就可以成功补种。
  【生成种子文件】的方法如下:
  进入“I2P 的补种界面”,界面上有一项是【Create
reseed file】。如果 I2P 已经联网,就可以通过这个功能,创建一个种子文件(文件中会包含可用的 I2P 节点的信息)。这个种子文件可以分享给其他
I2P 的使用者。
  【导入种子文件】的方法如下:
  进入“I2P 的补种界面”,界面上有一项是【Reseed from
file】,用来导入种子文件。只要导入的种子文件【足够新鲜】,就可以让无法联网的 I2P
重新联网。

  补充说明:
  种子文件是有【时效性】滴。越久以前创建的种子文件,时效性越差。因为 I2P
网络的节点是在不断变化的——很早以前创建的种子文件,其中包含的节点信息可能已经过时了。一般来说,一两天之内的种子文件,是“新鲜”的;而超过一周的种子文件,就“不新鲜”了。

  第3招:通过
BT sync(Resilio Sync)获得 I2P
的【种子文件】

  如果你既没有其它可用的翻墙工具,也没有其它朋友可以帮你生成种子文件,那么你还有第三个选择——利用俺提供的
BTsync(Resilio Sync)网盘获取种子文件。
  熟悉俺博客的读者应该都知道:俺提供了一个 BTsync
网盘用来分享翻墙工具。该网盘的【同步密钥】如下:

BTLZ4A4UD3PEWKPLLWEOKH3W7OQJKFPLG
  上个月,俺已经在这个网盘上放了 I2P
的最新版本(0.9.31),位于 I2P 目录下。从昨天(10月11日)开始,俺又在上面放了几个“种子文件”(位于 I2P 目录下的 seeds 子目录)。种子文件的“文件名”是俺下载种子文件的
reseed server
的域名;种子文件的“扩展名”是 su3
  在翻墙困难的时期,俺会尽量多更新网盘上的这批种子文件。

  补充说明:
  如果俺从自己的
I2P
界面上创建种子文件,这些种子文件可能会包含一些跟俺本人的网络环境相关的信息。
  所以,【为了保护自己的隐匿性】,俺分享的“种子文件”是从一些【公开的】“补种服务器”下载的。为了确保种子文件的可靠性,俺使用了
I2P 界面【内置的】“补种服务器”(在“I2P 补种界面”上有这些 server 的列表)。

◇经常运行 I2P 和 BTsync

  I2P
和 BT sync(Resilio Sync)都是基于 Kad(Kademlia)技术进行 P2P
联网。它们的客户端会缓存当前联网的节点信息。如果你只是【短暂关闭】它们的客户端,下次运行时,它们的客户端依然可以根据缓存的节点信息,找到互联网上的其它节点,于是就可以正常联网。
  但如果你【长时间没有运行】I2P

BTsync,那么它们客户端缓存的节点信息就过时了(不够新鲜了),于是下次再运行时,客户端就找不到其它节点。这种情况下,就需要【重新补种】!
  那么,怎样才算【长时间不运行】?根据经验,超过一周就算“长时间”。为了保险起见,至少一两天就得运行一次,以便让
I2P 或 BTsync 的客户端更新 P2P 网络的节点信息。如果有条件的话,可以让 I2P 或 BTsync
的客户端一直运行着。

◇电脑上保留一份【本博客的离线浏览】

  多年前,俺就通过
BT sync
网盘分享博客的离线浏览。
  在封锁很严重的时期,如果你手头保留一份【博客的离线浏览】,那么你【无需联网】就可以看俺写的那些【翻墙教程】。
  要获取【本博客的离线浏览】,请使用如下【同步密钥】:
B7P64IMWOCXWEYOXIMBX6HN5MHEULFS4V

★关于【分布式】的重要性

  关于【分布式】的重要性,俺已经唠叨过很多次了,比如这篇:《“对抗专制、捍卫自由”的
N 种技术力量

  这次 GFW 加强封锁,很多翻墙工具失效,而 I2P 和 BTsync 依然可用——再次体现出【彻底无中心的
P2P】是何等重要。而且这2款工具都是基于 Kad 网络,这也说明了——“Kad
网络”是久经考验滴!

  如果你对网络技术比较感兴趣,想知道 Kad 的原理,可以看俺前几周的博文:《聊聊分布式散列表(DHT)的原理——以
Kademlia(Kad) 和 Chord 为例

★翻墙教程汇总

  下面这些教程都在俺博客上(需翻墙)。
  再次唠叨:如果你已经用
BT sync(Resilio Sync)自动同步了【本博客的离线浏览】,无需联网就可以看这些教程。

◇基础教程

如何翻墙(传说中的全方位扫盲教程,定期更新)
获取翻墙软件方法大全(教你在无法翻墙的情况下拿到翻墙软件)
多台电脑如何共享翻墙通道
聊聊
GFW 如何封杀 Resilio Sync(BTSync)?以及如何【免翻墙】继续使用?

扫盲 BT Sync——不仅是同步利器,而且是【分布式】网盘

◇各种翻墙软件使用教程

简单扫盲
I2P 的使用

关于 TOR
的常见问题解答

扫盲
VPN Gate——分布式的 VPN 服务器

新版本无界——赛风3失效后的另一个选择
双管齐下的赛风3
“如何翻墙”系列:TOR
已复活——meek 流量混淆插件的安装、优化、原理

fqrouter——安卓系统翻墙利器(免
ROOT)

自由門——TOR
被封之后的另一个选择

戴“套”翻墻的方法
扫盲 VPN 翻墙——以 Hotspot Shield 为例
原文:https://program-think.blogspot.com/2017/10/gfw-news.html

教程:搬瓦工VPS搭建v2Ray 服务器,配合ShadowRay,v2Ray等客户端翻墙攻略

写在前面,因为小火箭的作者出了ShadowRay这个App,然后我又是个好奇心很强的人,之前的SS,包括现在这个博客站点,也是自己一边Google一边摸索着搭建,所以就Google和琢磨v2Ray这个翻墙方式,然后开始在搬瓦工上面使劲造,各种尝试,失败,尝试,失败之旅,一气之下撂下不干了,太闹心了,但过了一天后平静下心来想,这尼玛太窝囊了!我就不信了,必须得搞会这个东西,从小就是个倔驴没办法,然后就有了这篇文章的诞生,废话不多说,下面列出详细的过程,各位看官不喜勿喷,我是纯技术小白,不懂代码不懂各种学术描述,只有一颗倔强的心,觉得本文有用的,可以转给身边的朋友。

随后我又在另外一台搬瓦工和自用的vultr上尝试搭建,均已成功。搭建以后试用了一天(Mac上和iOS上),不知大是心理作用还是怎么的,速度居然相当快。下面还是说方法

时间线:2017-10-12更新

在VPS上同时搭建好shadowsocks和v2Ray后,可能出现SS可以用,但是v2Ray用不了的情况,我也遇到了,解决方法是需要打开防火墙(ubuntu1.6系统)

操作方法:1.
执行:apt-get install
ufw 回车,等待自动安装

2.
执行: ufw
enable
  回车

(如果出现以下提示

Command
may disrupt existing ssh connections. Proceed with operation (y|n)?
y)

选择 y 回车

3. ufw allow
22
 回车

4. ufw allow
xxx
 (xxx代表你的v2Ray客户端配置的端口)回车

5.
如果VPS上面也搭建Shadowsocks,执行同样的命令,把XX换成shadowsocks的端口,回车。

5. ufw allow
status
 回车,查看防火墙状态,应该都是allow和开通的

这样在同一个VPS上,Shadowsocks和v2Ray都可以翻墙了

我在安卓设备上,使用的是v2RayNG,速度快的起飞    

时间线:2017-10-11更新

1.
搬瓦工使用Centos 7没问题, Vultr且不行,后来换成了 Ubuntu 1.6

2.
记得要把防火墙打开,不然搭建好了也无法链接


准备材料

1. VPS
,知道IP,SSH端口,和root密码,搬瓦工的root密码是每次都要生成,vultr的是固定的

2. https://www.uuidgenerator.net/ 这个网站提前申请一个密码

3. SSH链接工具,用来远程登陆,windows可与用putty,Mac用自带的终端,顺便推一个,在Mac上面喜欢用Windows终端格式的,可以在Mac上下载一个Shuttle

4. 提前在网站上下载好v2Ray客户端(Windows/Mac)https://github.com/v2ray/v2ray-core/releases/tag/v2.40 根据自己的设备选择下载,下载完以后解压出来

以上这些东西准备好以后,可以开工了

服务器配置

首先登陆终端,我用的是Mac,所以在主要讲的是Mac,但是也会有windows的方法,VPS的当然是最适合练手又耐操的搬瓦工主机,系统是 centos
7

输入ssh  -p 端口 root@IP 地址,回车,会提示要输入密码。复制密码,粘贴,回车,就会登陆。注:粘贴密码后不会显示出来,直接回车就可以

登陆成功以后,可以输入相应的指令开始安装服务器了。

一:自动安装脚本支持所有主流系统,只需一行命令即可完成安装过程,复制下列命令,粘贴,回车

bash <(curl -L -s https://install.direct/go.sh)

该脚本会自动安装unzipdeamon,并自动安装以下两个文件:

/usr/bin/v2ray/v2ray:V2Ray
程序;

/etc/v2ray/config.json:配置文件;

脚本安装完成无误后,会提示安装成功,然后进行如下操作(看不懂英文的,出现v2Ray
v.x.x.x is installed表示成功了

二:输入 vi
/etc/v2ray/config.json
指令,回车,进入vi编辑状态,这个时候开始配置服务器

要改的地方就是文字标注的地方,改完记得要记录下来,修改完以后保存退出
(估计对于很多人来说,最难的是在JSON里面的编辑吧,具体的操作快捷键,请点击这里参照里面的介绍,其它的请Google

三:输入 service
v2ray start
  回车,来启动 V2Ray ,会提示启动成功。(之后可以使用 service v2ray
start|stop|status|reload|restart|force-reload
控制 V2Ray
的运行。)到这里,服务器就已经搭建好了

客户端配置

Mac端

先说Mac,打开准备工作中第4步里下载好,并解压出来的客户端文件夹,打开文件夹,里面有个config.json文件,双击打开

打开以后,下面截图里面,汉字标注的地方进行修改,修改完以后保存,如何保存,请搜索vi快捷操作方法,(有功夫的时候我把这里能用到的vi操作方法写一个吧)

保存以后,右击文件夹里面的“v2Ray”,选择用终端打开

然后打开v2ray客户端,填入相应的信息就可以翻墙了(Mac要另外下载好客户端,点这里下载)

Windows端

windows端的话,也是一样,先找到config.json文件,修改IP,端口,密码等信息(必须和第一步中配置好的信息相对应),修改后保存,然后双击打开v2Ray,按照上图的方法填写相应信息,保存就可以

iOS端

iOS端目前用的是小火箭Shadowrocket的作者写的
ShadowRay,目前在测试阶段,我也加入了测试,ShadowRay(Twitter:@ShadowRayApp)购买地址:请点击这里

图1

图2

配置方式的话大同小异,填入IP,端口,密码,加密方式等,和服务器配置里面的相对应就可以了。

以上就是我自己配置成功以后,马上根据记忆和我保存的东西写的一篇步骤,写的很乱也很糙,后续还会修改,一来给各位一个借鉴,二来到时候自己也可以复习,在搭建成功之前,我试过很多次,都败下阵来了,都是因为细节原因和概念错误所以没搞明白,最大的困难我相信大部分都是在输入vi
进入JSON的编辑模式以后不知道怎么编辑,所以特地补了下课,学习如何使用vi这个功能,建议各位,这个环节上不来,信我的没错。但依然跟以前搭建SS一样,因为各种原因出错,好在是没放弃,不断试错+Google+适当的求助=
增加成功概率。

网络上关于此类介绍的文章很多,但是好像都是写给程序员看的,小白看不太懂或者无法全懂,我是一个小白,就按照小白的笨的步骤写的,希望看到的人都能按着步骤搭建成功,也希望各位老司机看后勿喷,多提意见

好吧,暂时就这些了,一切为了世界和平!

原文:http://www.liyonge.com/2017/10/11/v2ray/

『干货福利』手把手教你如何“搭梯子”

中国工信部新禁令,2017 年 1 月 22 日至 2018 年 3 月 31 日将对网络接入服务市场进行 14 个月的清理,大批量 VPN 服务近期将面临整改下架。

如果你想享受一个自由且不受限制的互联网,想使用谷歌学术搜索写论文,想无障碍使用全球顶尖互联网公司的优秀产品与服务,想去 instagramfacebooktwitter 等社交网络追踪自己爱豆的最新动态,该怎么办?
授人以鱼不如授人以渔,跟着本教程,教你如何自己动手搭建一个稳定、高速、流量管够的自用“梯子”。

前期准备:
1、一张 VISA 标志的信用卡,注册 
PayPal 绑定该信用卡,用于支付购买 VPS 费用。
2、大致了解最基础的 SS 知识《
SS指导篇(总结归类)——从无到有,境无止尽!
》最好把文章内容链接多看几遍,不要求熟知,了解大概即可。

搭梯子教程:
一、VPS 购买,SSH 登录服务器 
1、点击
链接注册 http://www.vultr.com/?ref=7122815 (使用此链接你我都将获得额外的10美元优惠),选择适合自己需求的套餐。点击链接图文教程
个人使用建议流量需求不大的朋友,选择最低配 2.5 美元/月,每月 500 G 流量,多余流量可提供给身边的朋友使用。
2、简单学习 Linux 文本編輯器 Vim 
教程
3、创建 VPS 以及进入 SSH 教程(电脑+手机教程
4、登录 VPS 的 SSH 
教程

二、 安装配置 SS 服务
方案二选一:
1⃣『图文详解』
手动搭建SS和锐速 教程作者 @VVFGV
2⃣ 一键搭建脚本 脚本作者 @toyo13140010096
该脚本已开源
『视频教程』ShadowsocksR 服务端安装+客户端使用
新手小白视频教程

启动并永久运行 SS 服务端功能

三、优化 SS 性能
给梯子加速,教程见第二步搭建 SS 服务链接,使用一键搭建脚本可以直接选择安装。笔者 vultr 日本 SS 节点在安装 TCP-BBR 后任意时段看 YouTube 720P 高清视频无压力,但在网络高峰时段看 1080P 超清会稍有卡顿。

四、下载客户端并使用 SS 服务
1⃣ 下载客户端
SSR客户端的Windows 、iOS、Android 
客户端下载
网页右上角 LAYOUTS 里面找到 SSR 客户端下载
SSR
官方客户端下载 (需梯子)
2⃣ 使用 SS 服务
将搭建成功后获得的服务器 IP 地址,远程端口,密码,加密方式,依次填入客户端中。如有生成 SS 二维码可直接扫描添加节点。
参考
教程 文末第 7 部分:配置 Shadowsocks Windows 
客户端

五、享受自由无墙的互联网。
维基百科:
中华人民共和国被封锁网站列表
翻墙后看什么

六、常见错误的解决办法
以上教程包含图文详解、视频教程、一键搭建脚本,了解 SS 基础知识后按照教程上手很简单,但是总会碰到一些错误和问题,这里列出几个错误问题的解决办法,供大家参考。

SS 无法使用后的简单排除方法
SS 端口已被占用的错误解决办法
拨号上网用户无法使用 SS 的解决办法
关于 SS 的小白常见问题总结篇
SS 关闭后浏览器无法上网
QQ
正常的解决办法

原文:https://murongxun.wordpress.com/2017/07/25/第一篇博文/

XX-Net 3.6.8

Fix small bugs:

  • remove WebUI x-tunnel Charge but not buy traffic link
  • fix x-tunnel check_ip bug
  • auto disable dump_cert link if OpenSSL lib not support this api.

Downloads

最新状态:

2017-10-06

  • GAE封锁严重,请更新到3.6.7以上,若无法扫到ip,可以考虑启用ipv6或使用X-tunnel,具体请到Issues区看前面的讨论。
  • X-Tunnel 干扰严重. (使用教程
    X-Tunnel 数据库出问题,部分用户套餐流量丢失,请给xxnet.dev@gmail.com 发邮件。

原文:https://github.com/XX-net/XX-Net/releases/tag/3.6.8

Tor Browser 7.5a5 is released

Tor Browser 7.5a5 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

Besides the usual Firefox security and extensions updates this alpha contains a bunch of long-awaited features:

  1. We include Tor 0.3.2.1-alpha, the first alpha release in the 0.3.2 series, with support for next generation onion services and a new circuit scheduler, KIST.
  2. Thanks to the work of Jed Davis we are able to ship a content sandbox for Linux users. While the content sandbox is disabled in Firefox 52 ESR versions, which Tor Browser is based on, backported patches allow us to protect our Linux users with the same mechanisms that are provided to regular Firefox users.
  3. The content sandbox is enabled for Windows users as well. While we still need to clean up our workarounds to get the sandboxing code to work with our mingw-w64 compiler, we think the enabled sandbox is ready for a wider testing in our alpha series. Please give it a try if you can.
  4. Although this change should be invisible to users, we switched our build system from gitian/tor-browser-bundleto rbm/tor-browser-build. The build should continue to be reproducible and if you want to do a build yourself the README file in the tor-browser-build repository has some informations.

Update: Tor Browser 7.5a5 is broken when using the sandboxed-tor-browser version 0.0.13, due to bug 23692. Version 0.0.14 of the sandboxed-tor-browser has been released to fix that issue.

Note: The release date in the changelog displayed after the update is incorrect. The actual release date is September 28.

The full changelog since Tor Browser 7.5a4 is:

  • All Platforms
    • Update Firefox to 52.4.0esr
    • Update Tor to 0.3.2.1-alpha
    • Update Torbutton to 1.9.8.1
      • Bug 20375: Warn users after entering fullscreen mode
      • Bug 22989: Fix dimensions of new windows on macOS
      • Bug 23526: Add 2017 Donation banner text
      • Bug 23483: Donation banner on about:tor for 2017 (testing mode)
      • Translations update
    • Update Tor Launcher to 0.2.13
      • Bug 23240: Retrieve current bootstrap progress before showing progress bar
      • Bug 22232: Add README on use of bootstrap status messages
      • Translations update
    • Update HTTPS-Everywhere to 2017.9.12
    • Update NoScript to 5.0.10
    • Update sandboxed-tor-browser to 0.0.13
    • Bug 23393: Don’t crash all tabs when closing one tab
    • Bug 23166: Add new obfs4 bridge to the built-in ones
    • Bug 23258: Fix broken HTTPS-Everywhere on higher security levels
    • Bug 21270: NoScript settings break WebExtensions add-ons
    • Bug 23104: CSS line-height reveals the platform Tor Browser is running on
  • Windows
    • Bug 16010: Enable content sandboxing on Windows
    • Bug 23582: Enable the Windows DLL blocklist for mingw-w64 builds
    • Bug 23396: Update the msvcr100.dll we ship
    • Bug 23230: Fix build error on Windows 64
  • OS X
    • Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist
  • Linux
    • Bug 10089: Set middlemouse.contentLoadURL to false by default
    • Bug 22692: Enable content sandboxing on Linux
    • Bug 18101: Suppress upload file dialog proxy bypass (linux part)
  • Build System
    • All Platforms
      • Switch from gitian/tor-browser-bundle to rbm/tor-browser-build

原文:https://blog.torproject.org/tor-browser-75a5-released

Tor Browser 7.0.6 is released

Tor Browser 7.0.6 is now available from the Tor Browser Project page and also from our distribution directory.

[UPDATE: the dist server was temporarily messed up, but it should be better now. Sorry for the troubles!]

This release features important security updates to Firefox.

This release includes security updates for Firefox (52.4.0esr) and a new Tor stable version (0.3.1.7), the first one in the 0.3.1 series. In addition to that we updated the HTTPS Everywhere and NoScript extensions we ship. Moreover, we fixed minor usability issues and a bug which, under particular circumstances, caused all tabs to crash after closing single one.

Note: The release date in the changelog displayed after the update is incorrect. The actual release date is September 28.

The full changelog since Tor Browser 7.0.6 is:

  • All Platforms
    • Update Firefox to 52.4.0esr
    • Update Tor to 0.3.1.7
    • Update Torbutton to 1.9.7.7
      • Bug 22542: Security Settings window too small on macOS 10.12 (fixup)
      • Bug 20375: Warn users after entering fullscreen mode
    • Update HTTPS-Everywhere to 2017.9.12
    • Update NoScript to 5.0.10
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 23393: Don’t crash all tabs when closing one tab
  • OS X
    • Bug 23404: Add missing Noto Sans Buginese font to the macOS whitelist

原文:https://blog.torproject.org/tor-browser-706-released

Tor Messenger 0.5.0b1 is released

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including XMPP, IRC, Twitter, and others; enables ​Off-the-Record (OTR) Messaging automatically; has an easy-to-use graphical user interface; and a secure automatic updater.

We are pleased to announce another public beta release of Tor Messenger that features important improvements to its stability and security. All users are encouraged to upgrade.

Mozilla ESR52

This release of Tor Messenger is based on Firefox ESR52, specifically tor-browser-52.3.0esr-7.0-1-build1 and THUNDERBIRD_52_3_0_RELEASE on comm-central.

Deterministic Builds

Tor Messenger builds are now reproducible for Windows and macOS as well; earlier, only Linux builds were reproducible (#10942). This means that anyone building Tor Messenger from source should end up with identical byte-for-byte binaries to the ones we release. To get started with building Tor Messenger (something we encourage!), please refer to the instructions in the README.md file. Since this is a fairly involved process, talk to us on IRC or the comments section below if you need help.

XMPP Improvements

This version of Tor Messenger introduces temporary XMPP accounts (a feature inspired by ChatSecure) that creates an XMPP account automatically with a random username and password (#16606). This helps you to quickly set up an account and get a conversation started without requiring you to bother with the registration or account details. These accounts don’t expire automatically but the intent is that you can use them as throwaway accounts and quickly create new ones when required. (Note: Currently, some data remains after deleting an account. See #23675)

Starting with this release, Tor Messenger will attempt to automatically use the onion service for known XMPP servers which helps improve the security of your connection (#13855). The current list includes onion addresses for riseup.net, jabber.ccc.de, jabber.otr.im, and jabber.calyxinstitute.org. We plan to add more servers in the subsequent releases. (Note: Existing accounts remain unchanged. This setting is only applied during new account setup.)

Other Notable Changes

Tor Messenger for Linux is now built with Selfrando for hardened builds (#22229). For more information on Selfrando, please refer to the Q and A with Georg.

This release also fixes the Tor Messenger crash on Windows XP that prevented it from starting (#17469).

Downloads

Please note that Tor Messenger is still in beta. The purpose of this release is to help test the application and provide feedback. At-risk users should not depend on it for their privacy and safety.

Linux (32-bit)

Linux (64-bit)

Windows

macOS

sha256sums-signed-build.txt

sha256sums-signed-build.txt.asc

The sha256sums-signed-build.txt file containing hashes of the bundles is signed with the key 0xB01C8B006DA77FAA(fingerprint: E4AC D397 5427 A5BA 8450 A1BE B01C 8B00 6DA7 7FAA). Please verify the fingerprint from the signing keys page on Tor Project’s website.

Changelog

Tor Messenger 0.5.0b1 — September 28, 2017

  • All Platforms
    • Use the tor-browser-52.3.0esr-7.0-1-build1 tag on tor-browser
    • Use the THUNDERBIRD_52_3_0_RELEASE tag on comm-esr52
    • Update tor-browser to 7.0.5
    • Update tor-launcher to 0.2.12.3
    • Trac 22005: Move to ESR 52
    • Trac 16606: Temporary XMPP accounts
    • Trac 13855: Use known onions for XMPP servers
  • Linux
  • Mac
  • Windows
    • Trac 17469: Tor Messenger is not working on Windows XP
    • Trac 10942: Deterministic builds for Instantbird
       

Tor 0.3.2.1-alpha is released, with support for next-gen onion services and KIST scheduler

And as if all those other releases today were not enough, this is also the time for a new alpha release series!

Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It includes support for our next-generation (“v3”) onion service protocol, and adds a new circuit scheduler for more responsive forwarding decisions from relays. There are also numerous other small features and bugfixes here.

You can download the source from the usual place on the website. Binary packages should be available soon, with an alpha Tor Browser likely by the end of the month.

Remember: This is an alpha release, and it’s likely to have more bugs than usual. We hope that people will try it out to find and report bugs, though.

Below are the changes since Tor 0.3.1.7.

Changes In Version 0.3.2.1-Alpha – 2017-09-18

  • Major feature (scheduler, channel):
    • Tor now uses new schedulers to decide which circuits should deliver cells first, in order to improve congestion at relays. The first type is called “KIST” (“Kernel Informed Socket Transport”), and is only available on Linux-like systems: it uses feedback from the kernel to prevent the kernel’s TCP buffers from growing too full. The second new scheduler type is called “KISTLite”: it behaves the same as KIST, but runs on systems without kernel support for inspecting TCP implementation details. The old scheduler is still available, under the name “Vanilla”. To change the default scheduler preference order, use the new “Schedulers” option. (The default preference order is “KIST,KISTLite,Vanilla”.)

      Matt Traudt implemented KIST, based on research by Rob Jansen, John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For more information, see the design paper at http://www.robgjansen.com/publications/kist-sec2014.pdf and the followup implementation paper at https://arxiv.org/abs/1709.01044. Closes ticket 12541.

  • Major features (next-generation onion services):
    • Tor now supports the next-generation onion services protocol for clients and services! As part of this release, the core of proposal 224 has been implemented and is available for experimentation and testing by our users. This newer version of onion services (“v3”) features many improvements over the legacy system, including:

      a) Better crypto (replaced SHA1/DH/RSA1024 with SHA3/ed25519/curve25519)

      b) Improved directory protocol, leaking much less information to directory servers.

      c) Improved directory protocol, with smaller surface for targeted attacks.

      d) Better onion address security against impersonation.

      e) More extensible introduction/rendezvous protocol.

      f) A cleaner and more modular codebase.

      You can identify a next-generation onion address by its length: they are 56 characters long, as in “4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion”.

      In the future, we will release more options and features for v3 onion services, but we first need a testing period, so that the current codebase matures and becomes more robust. Planned features include: offline keys, advanced client authorization, improved guard algorithms, and statistics. For full details, see proposal 224.

      Legacy (“v2”) onion services will still work for the foreseeable future, and will remain the default until this new codebase gets tested and hardened. Service operators who want to experiment with the new system can use the ‘HiddenServiceVersion 3’ torrc directive along with the regular onion service configuration options. We will publish a blog post about this new feature soon! Enjoy!

 

  • Major bugfixes (usability, control port):
    • Report trusted clock skew indications as bootstrap errors, so controllers can more easily alert users when their clocks are wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.
  • Minor features (bug detection):
    • Log a warning message with a stack trace for any attempt to call get_options() during option validation. This pattern has caused subtle bugs in the past. Closes ticket 22281.
  • Minor features (client):
    • You can now use Tor as a tunneled HTTP proxy: use the new HTTPTunnelPort option to open a port that accepts HTTP CONNECT requests. Closes ticket 22407.
    • Add an extra check to make sure that we always use the newer guard selection code for picking our guards. Closes ticket 22779.
    • When downloading (micro)descriptors, don’t split the list into multiple requests unless we want at least 32 descriptors. Previously, we split at 4, not 32, which led to significant overhead in HTTP request size and degradation in compression performance. Closes ticket 23220.
  • Minor features (command line):
    • Add a new commandline option, –key-expiration, which prints when the current signing key is going to expire. Implements ticket 17639; patch by Isis Lovecruft.
  • Minor features (control port):
    • If an application tries to use the control port as an HTTP proxy, respond with a meaningful “This is the Tor control port” message, and log the event. Closes ticket 1667. Patch from Ravi Chandra Padmala.
    • Provide better error message for GETINFO desc/(id|name) when not fetching router descriptors. Closes ticket 5847. Patch by Kevin Butler.
    • Add GETINFO “{desc,md}/download-enabled”, to inform the controller whether Tor will try to download router descriptors and microdescriptors respectively. Closes ticket 22684.
    • Added new GETINFO targets “ip-to-country/{ipv4,ipv6}-available”, so controllers can tell whether the geoip databases are loaded. Closes ticket 23237.
    • Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth events. Closes ticket 19254. Patch by “DonnchaC”.
  • Minor features (development support):
    • Developers can now generate a call-graph for Tor using the “calltool” python program, which post-processes object dumps. It should work okay on many Linux and OSX platforms, and might work elsewhere too. To run it, install calltool from https://gitweb.torproject.org/user/nickm/calltool.git and run “make callgraph”. Closes ticket 19307.
  • Minor features (ed25519):
    • Add validation function to checks for torsion components in ed25519 public keys, used by prop224 client-side code. Closes ticket 22006. Math help by Ian Goldberg.
  • Minor features (exit relay, DNS):
    • Improve the clarity and safety of the log message from evdns when receiving an apparently spoofed DNS reply. Closes ticket 3056.
  • Minor features (integration, hardening):
    • Add a new NoExec option to prevent Tor from running other programs. When this option is set to 1, Tor will never try to run another program, regardless of the settings of PortForwardingHelper, ClientTransportPlugin, or ServerTransportPlugin. Once NoExec is set, it cannot be disabled without restarting Tor. Closes ticket 22976.
  • Minor features (logging):
    • Improve the warning message for specifying a relay by nickname. The previous message implied that nickname registration was still part of the Tor network design, which it isn’t. Closes ticket 20488.
    • If the sandbox filter fails to load, suggest to the user that their kernel might not support seccomp2. Closes ticket 23090.
  • Minor features (portability):
    • Check at configure time whether uint8_t is the same type as unsigned char. Lots of existing code already makes this assumption, and there could be strict aliasing issues if the assumption is violated. Closes ticket 22410.
  • Minor features (relay, configuration):
    • Reject attempts to use relative file paths when RunAsDaemon is set. Previously, Tor would accept these, but the directory- changing step of RunAsDaemon would give strange and/or confusing results. Closes ticket 22731.
  • Minor features (startup, safety):
    • When configured to write a PID file, Tor now exits if it is unable to do so. Previously, it would warn and continue. Closes ticket 20119.
  • Minor features (static analysis):
    • The BUG() macro has been changed slightly so that Coverity no longer complains about dead code if the bug is impossible. Closes ticket 23054.
  • Minor features (testing):
    • The default chutney network tests now include tests for the v3 hidden service design. Make sure you have the latest version of chutney if you want to run these. Closes ticket 22437.
    • Add a unit test to verify that we can parse a hardcoded v2 hidden service descriptor. Closes ticket 15554.
  • Minor bugfixes (certificate handling):
    • Fix a time handling bug in Tor certificates set to expire after the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by Coverity as CID 1415728.
  • Minor bugfixes (client, usability):
    • Refrain from needlessly rejecting SOCKS5-with-hostnames and SOCKS4a requests that contain IP address strings, even when SafeSocks in enabled, as this prevents user from connecting to known IP addresses without relying on DNS for resolving. SafeSocks still rejects SOCKS connections that connect to IP addresses when those addresses are _not_ encoded as hostnames. Fixes bug 22461; bugfix on Tor 0.2.6.2-alpha.
  • Minor bugfixes (code correctness):
    • Call htons() in extend_cell_format() for encoding a 16-bit value. Previously we used ntohs(), which happens to behave the same on all the platforms we support, but which isn’t really correct. Fixes bug 23106; bugfix on 0.2.4.8-alpha.
    • For defense-in-depth, make the controller’s write_escaped_data() function robust to extremely long inputs. Fixes bug 19281; bugfix on 0.1.1.1-alpha. Reported by Guido Vranken.
  • Minor bugfixes (compilation):
    • Fix unused-variable warnings in donna’s Curve25519 SSE2 code. Fixes bug 22895; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (consensus expiry):
    • Check for adequate directory information correctly. Previously, Tor would reconsider whether it had sufficient directory information every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.
  • Minor bugfixes (directory protocol):
    • Directory servers now include a “Date:” http header for response codes other than 200. Clients starting with a skewed clock and a recent consensus were getting “304 Not modified” responses from directory authorities, so without the Date header, the client would never hear about a wrong clock. Fixes bug 23499; bugfix on 0.0.8rc1.
    • Make clients wait for 6 seconds before trying to download a consensus from an authority. Fixes bug 17750; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (DoS-resistance):
    • If future code asks if there are any running bridges, without checking if bridges are enabled, log a BUG warning rather than crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (format strictness):
    • Restrict several data formats to decimal. Previously, the BuildTimeHistogram entries in the state file, the “bw=” entries in the bandwidth authority file, and the process IDs passed to the __OwningControllerProcess option could all be specified in hex or octal as well as in decimal. This was not an intentional feature. Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, and 0.2.2.28-beta.
  • Minor bugfixes (heartbeat):
    • If we fail to write a heartbeat message, schedule a retry for the minimum heartbeat interval number of seconds in the future. Fixes bug 19476; bugfix on 0.2.3.1-alpha.
  • Minor bugfixes (linux seccomp2 sandbox, logging):
    • Fix some messages on unexpected errors from the seccomp2 library. Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from “cypherpunks”.
  • Minor bugfixes (logging):
    • Remove duplicate log messages regarding opening non-local SocksPorts upon parsing config and opening listeners at startup. Fixes bug 4019; bugfix on 0.2.3.3-alpha.
    • Use a more comprehensible log message when telling the user they’ve excluded every running exit node. Fixes bug 7890; bugfix on 0.2.2.25-alpha.
    • When logging the number of descriptors we intend to download per directory request, do not log a number higher than then the number of descriptors we’re fetching in total. Fixes bug 19648; bugfix on 0.1.1.8-alpha.
    • When warning about a directory owned by the wrong user, log the actual name of the user owning the directory. Previously, we’d log the name of the process owner twice. Fixes bug 23487; bugfix on 0.2.9.1-alpha.
    • The tor specification says hop counts are 1-based, so fix two log messages that mistakenly logged 0-based hop counts. Fixes bug 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. Credit to Xiaofan Li for reporting this issue.
  • Minor bugfixes (portability):
    • Stop using the PATH_MAX variable, which is not defined on GNU Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
  • Minor bugfixes (relay):
    • When uploading our descriptor for the first time after startup, report the reason for uploading as “Tor just started” rather than leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
    • Avoid unnecessary calls to directory_fetches_from_authorities() on relays, to prevent spurious address resolutions and descriptor rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; bugfix on in 0.2.8.1-alpha.
  • Minor bugfixes (tests):
    • Fix a broken unit test for the OutboundAddress option: the parsing function was never returning an error on failure. Fixes bug 23366; bugfix on 0.3.0.3-alpha.
    • Fix a signed-integer overflow in the unit tests for dir/download_status_random_backoff, which was untriggered until we fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (usability, control port):
    • Stop making an unnecessary routerlist check in NETINFO clock skew detection; this was preventing clients from reporting NETINFO clock skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.
  • Code simplification and refactoring:
    • Extract the code for handling newly-open channels into a separate function from the general code to handle channel state transitions. This change simplifies our callgraph, reducing the size of the largest strongly connected component by roughly a factor of two. Closes ticket 22608.
    • Remove dead code for largely unused statistics on the number of times we’ve attempted various public key operations. Fixes bug 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
    • Remove several now-obsolete functions for asking about old variants directory authority status. Closes ticket 22311; patch from “huyvq”.
    • Remove some of the code that once supported “Named” and “Unnamed” routers. Authorities no longer vote for these flags. Closes ticket 22215.
    • Rename the obsolete malleable hybrid_encrypt functions used in TAP and old hidden services, to indicate that they aren’t suitable for new protocols or formats. Closes ticket 23026.
    • Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket 22521. Patch from Neel Chauhan.
    • Split the enormous circuit_send_next_onion_skin() function into multiple subfunctions. Closes ticket 22804.
    • Split the portions of the buffer.c module that handle particular protocols into separate modules. Part of ticket 23149.
    • Use our test macros more consistently, to produce more useful error messages when our unit tests fail. Add coccinelle patches to allow us to re-check for test macro uses. Closes ticket 22497.
  • Deprecated features:
    • Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They only applies to direct unencrypted HTTP connections to your directory server, which your Tor probably isn’t using. Closes ticket 20575.
  • Documentation:
    • Clarify in the manual that “Sandbox 1” is only supported on Linux kernels. Closes ticket 22677.
    • Document all values of PublishServerDescriptor in the manpage. Closes ticket 15645.
    • Improve the documentation for the directory port part of the DirAuthority line. Closes ticket 20152.
    • Restore documentation for the authorities’ “approved-routers” file. Closes ticket 21148.
  • Removed features:
    • The AllowDotExit option has been removed as unsafe. It has been deprecated since 0.2.9.2-alpha. Closes ticket 23426.
    • The ClientDNSRejectInternalAddresses flag can no longer be set on non-testing networks. It has been deprecated since 0.2.9.2-alpha. Closes ticket 21031.
    • The controller API no longer includes an AUTHDIR_NEWDESCS event: nobody was using it any longer. Closes ticket 22377.

原文:https://blog.torproject.org/tor-0321-alpha-released-support-next-gen-onion-services-and-kist-scheduler

Tor 0.3.1.7 is now released!

There’s a new stable Tor release series available!  After months of work, you can now download the source code for Tor 0.3.1.7 from the usual place on the website. Packages should become available over the coming days, including (we hope) a Tor Browser release before the end of the month.

Tor 0.3.1.7 is the first stable release in the 0.3.1 series.

With the 0.3.1 series, Tor now serves and downloads directory information in more compact formats, to save on bandwidth overhead. It also contains a new padding system to resist netflow-based traffic analysis, and experimental support for building parts of Tor in Rust (though no parts of Tor are in Rust yet). There are also numerous small features, bugfixes on earlier release series, and groundwork for the onion services revamp of 0.3.2.

This release also includes a fix for TROVE-2017-008, a security bug that affects onion services running with the SafeLogging option disabled. For more information, see https://trac.torproject.org/projects/tor/ticket/23490

Per our stable release policy, we plan to support each stable release series for at least the next nine months, or for three months after the first stable release of the next series: whichever is longer. If you need a release with long-term support, we recommend that you stay with the 0.2.9 series.

Below is a list of the changes since 0.3.0. For a list of all changes since 0.3.1.6-rc, see the ChangeLog file.

Changes In Version 0.3.1.7 – 2017-09-18

  • New dependencies:
    • To build with zstd and lzma support, Tor now requires the pkg-config tool at build time.
  • Major bugfixes (security, onion services, loggging):
    • Fix a bug where we could log uninitialized stack when a certain onion service error occurred while SafeLogging was disabled. Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as TROVE-2017-008 and CVE-2017-0380.
  • Major features (build system, continuous integration):
    • Tor’s repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the “Integrations” menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
  • Major features (directory protocol):
    • Tor relays and authorities can now serve clients an abbreviated version of the consensus document, containing only the changes since an older consensus document that the client holds. Clients now request these documents when available. When both client and server use this new protocol, they will use far less bandwidth (up to 94% less) to keep the client’s consensus up-to-date. Implements proposal 140; closes ticket 13339. Based on work by Daniel Martí.
    • Tor can now compress directory traffic with lzma or with zstd compression algorithms, which can deliver better bandwidth performance. Because lzma is computationally expensive, it’s only used for documents that can be compressed once and served many times. Support for these algorithms requires that tor is built with the libzstd and/or liblzma libraries available. Implements proposal 278; closes ticket 21662.
    • Relays now perform the more expensive compression operations, and consensus diff generation, in worker threads. This separation avoids delaying the main thread when a new consensus arrives.
  • Major features (experimental):
    • Tor can now build modules written in Rust. To turn this on, pass the “–enable-rust” flag to the configure script. It’s not time to get excited yet: currently, there is no actual Rust functionality beyond some simple glue code, and a notice at startup to tell you that Rust is running. Still, we hope that programmers and packagers will try building Tor with Rust support, so that we can find issues and solve portability problems. Closes ticket 22106.
  • Major features (traffic analysis resistance):
    • Connections between clients and relays now send a padding cell in each direction every 1.5 to 9.5 seconds (tunable via consensus parameters). This padding will not resist specialized eavesdroppers, but it should be enough to make many ISPs’ routine network flow logging less useful in traffic analysis against Tor users.

      Padding is negotiated using Tor’s link protocol, so both relays and clients must upgrade for this to take effect. Clients may still send padding despite the relay’s version by setting ConnectionPadding 1 in torrc, and may disable padding by setting ConnectionPadding 0 in torrc. Padding may be minimized for mobile users with the torrc option ReducedConnectionPadding. Implements Proposal 251 and Section 2 of Proposal 254; closes ticket 16861.

    • Relays will publish 24 hour totals of padding and non-padding cell counts to their extra-info descriptors, unless PaddingStatistics 0 is set in torrc. These 24 hour totals are also rounded to multiples of 10000.
  • Major bugfixes (onion service, relay, security):
    • Fix a remotely triggerable assertion failure when a onion service handles a malformed BEGIN cell. Fixes bug 22493, tracked as TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
    • Fix a remotely triggerable assertion failure caused by receiving a BEGIN_DIR cell on a onion service rendezvous circuit. Fixes bug 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha.
  • Major bugfixes (path selection, security):
    • When choosing which guard to use for a circuit, avoid the exit’s family along with the exit itself. Previously, the new guard selection logic avoided the exit, but did not consider its family. Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017- 006 and CVE-2017-0377.
  • Major bugfixes (connection usage):
    • We use NETINFO cells to try to determine if both relays involved in a connection will agree on the canonical status of that connection. We prefer the connections where this is the case for extend cells, and try to close connections where relays disagree on their canonical status early. Also, we now prefer the oldest valid connection for extend cells. These two changes should reduce the number of long-term connections that are kept open between relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha.
    • Relays now log hourly statistics (look for “channel_check_for_duplicates” lines) on the total number of connections to other relays. If the number of connections per relay is unexpectedly large, this log message is at notice level. Otherwise it is at info.
  • Major bugfixes (entry guards):
    • When starting with an old consensus, do not add new entry guards unless the consensus is “reasonably live” (under 1 day old). Fixes one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
    • Don’t block bootstrapping when a primary bridge is offline and we can’t get its descriptor. Fixes bug 22325; fixes one case of bug 21969; bugfix on 0.3.0.3-alpha.
  • Major bugfixes (linux TPROXY support):
    • Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from “d4fq0fQAgoJ”.
  • Major bugfixes (openbsd, denial-of-service):
    • Avoid an assertion failure bug affecting our implementation of inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() handling of “0xx” differs from what we had expected. Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  • Major bugfixes (relay, link handshake):
    • When performing the v3 link handshake on a TLS connection, report that we have the x509 certificate that we actually used on that connection, even if we have changed certificates since that connection was first opened. Previously, we would claim to have used our most recent x509 link certificate, which would sometimes make the link handshake fail. Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
  • Major bugfixes (relays, key management):
    • Regenerate link and authentication certificates whenever the key that signs them changes; also, regenerate link certificates whenever the signed key changes. Previously, these processes were only weakly coupled, and we relays could (for minutes to hours) wind up with an inconsistent set of keys and certificates, which other relays would not accept. Fixes two cases of bug 22460; bugfix on 0.3.0.1-alpha.
    • When sending an Ed25519 signing->link certificate in a CERTS cell, send the certificate that matches the x509 certificate that we used on the TLS connection. Previously, there was a race condition if the TLS context rotated after we began the TLS handshake but before we sent the CERTS cell. Fixes a case of bug 22460; bugfix on 0.3.0.1-alpha.
  • Minor features (security, windows):
    • Enable a couple of pieces of Windows hardening: one (HeapEnableTerminationOnCorruption) that has been on-by-default since Windows 8, and unavailable before Windows 7; and one (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn’t affect us, but shouldn’t do any harm. Closes ticket 21953.
  • Minor features (bridge authority):
    • Add “fingerprint” lines to the networkstatus-bridges file produced by bridge authorities. Closes ticket 22207.
  • Minor features (code style):
    • Add “Falls through” comments to our codebase, in order to silence GCC 7’s -Wimplicit-fallthrough warnings. Patch from Andreas Stieger. Closes ticket 22446.
  • Minor features (config options):
    • Allow “%include” directives in torrc configuration files. These directives import the settings from other files, or from all the files in a directory. Closes ticket 1922. Code by Daniel Pinto.
    • Make SAVECONF return an error when overwriting a torrc that has includes. Using SAVECONF with the FORCE option will allow it to overwrite torrc even if includes are used. Related to ticket 1922.
    • Add “GETINFO config-can-saveconf” to tell controllers if SAVECONF will work without the FORCE option. Related to ticket 1922.
  • Minor features (controller):
    • Warn the first time that a controller requests data in the long- deprecated ‘GETINFO network-status’ format. Closes ticket 21703.
  • Minor features (defaults):
    • The default value for UseCreateFast is now 0: clients which haven’t yet received a consensus document will now use a proper ntor handshake to talk to their directory servers whenever they can. Closes ticket 21407.
    • Onion key rotation and expiry intervals are now defined as a network consensus parameter, per proposal 274. The default lifetime of an onion key is increased from 7 to 28 days. Old onion keys will expire after 7 days by default. This change will make consensus diffs much smaller, and save significant bandwidth. Closes ticket 21641.
  • Minor features (defensive programming):
    • Create a pair of consensus parameters, nf_pad_tor2web and nf_pad_single_onion, to disable netflow padding in the consensus for non-anonymous connections in case the overhead is high. Closes ticket 17857.
  • Minor features (diagnostic):
    • Add a stack trace to the bug warnings that can be logged when trying to send an outgoing relay cell with n_chan == 0. Diagnostic attempt for bug 23105.
    • Add logging messages to try to diagnose a rare bug that seems to generate RSA->Ed25519 cross-certificates dated in the 1970s. We think this is happening because of incorrect system clocks, but we’d like to know for certain. Diagnostic for bug 22466.
    • Avoid an assertion failure, and log a better error message, when unable to remove a file from the consensus cache on Windows. Attempts to mitigate and diagnose bug 22752.
  • Minor features (directory authority):
    • Improve the message that authorities report to relays that present RSA/Ed25519 keypairs that conflict with previously pinned keys. Closes ticket 22348.
  • Minor features (directory cache, consensus diff):
    • Add a new MaxConsensusAgeForDiffs option to allow directory cache operators with low-resource environments to adjust the number of consensuses they’ll store and generate diffs from. Most cache operators should leave it unchanged. Helps to work around bug 22883.
  • Minor features (fallback directory list):
    • Update the fallback directory mirror whitelist and blacklist based on operator emails. Closes task 21121.
    • Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in December 2016 (of which ~126 were still functional) with a list of 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May 2017. Resolves ticket 21564.
  • Minor features (geoip):
    • Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 Country database.
  • Minor features (onion services, logging):
    • Log a message when an onion service descriptor has fewer introduction points than specified in HiddenServiceNumIntroductionPoints. Closes tickets 21598.
    • Log a message when an onion service reaches its introduction point circuit limit, and when that limit is reset. Follow up to ticket 21594; closes ticket 21622.
    • Warn user if multiple entries in EntryNodes and at least one HiddenService are used together. Pinning EntryNodes along with an onion service can be possibly harmful; for instance see ticket 14917 or 21155. Closes ticket 21155.
  • Minor features (linux seccomp2 sandbox):
    • We now have a document storage backend compatible with the Linux seccomp2 sandbox. This backend is used for consensus documents and diffs between them; in the long term, we’d like to use it for unparseable directory material too. Closes ticket 21645
    • Increase the maximum allowed size passed to mprotect(PROT_WRITE) from 1MB to 16MB. This was necessary with the glibc allocator in order to allow worker threads to allocate more memory — which in turn is necessary because of our new use of worker threads for compression. Closes ticket 22096.
  • Minor features (logging):
    • Log files are no longer created world-readable by default. (Previously, most distributors would store the logs in a non- world-readable location to prevent inappropriate access. This change is an extra precaution.) Closes ticket 21729; patch from toralf.
  • Minor features (performance):
    • Our Keccak (SHA-3) implementation now accesses memory more efficiently, especially on little-endian systems. Closes ticket 21737.
    • Add an O(1) implementation of channel_find_by_global_id(), to speed some controller functions.
  • Minor features (relay, configuration):
    • The MyFamily option may now be repeated as many times as desired, for relays that want to configure large families. Closes ticket 4998; patch by Daniel Pinto.
  • Minor features (relay, performance):
    • Always start relays with at least two worker threads, to prevent priority inversion on slow tasks. Part of the fix for bug 22883.
    • Allow background work to be queued with different priorities, so that a big pile of slow low-priority jobs will not starve out higher priority jobs. This lays the groundwork for a fix for bug 22883.
  • Minor features (safety):
    • Add an explicit check to extrainfo_parse_entry_from_string() for NULL inputs. We don’t believe this can actually happen, but it may help silence a warning from the Clang analyzer. Closes ticket 21496.
  • Minor features (testing):
    • Add more tests for compression backend initialization. Closes ticket 22286.
    • Add a “–disable-memory-sentinels” feature to help with fuzzing. When Tor is compiled with this option, we disable a number of redundant memory-safety failsafes that are intended to stop bugs from becoming security issues. This makes it easier to hunt for bugs that would be security issues without the failsafes turned on. Closes ticket 21439.
    • Add a general event-tracing instrumentation support to Tor. This subsystem will enable developers and researchers to add fine- grained instrumentation to their Tor instances, for use when examining Tor network performance issues. There are no trace events yet, and event-tracing is off by default unless enabled at compile time. Implements ticket 13802.
    • Improve our version parsing tests: add tests for typical version components, add tests for invalid versions, including numeric range and non-numeric prefixes. Unit tests 21278, 21450, and 21507. Partially implements 21470.
  • Minor bugfixes (bandwidth accounting):
    • Roll over monthly accounting at the configured hour and minute, rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. Found by Andrey Karpov with PVS-Studio.
  • Minor bugfixes (code correctness):
    • Accurately identify client connections by their lack of peer authentication. This means that we bail out earlier if asked to extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix on 0.2.4.23.
  • Minor bugfixes (compilation warnings):
    • Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; bugfix on 0.2.8.1-alpha.
    • Fix warnings when building with libscrypt and openssl scrypt support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
    • When building with certain versions of the mingw C header files, avoid float-conversion warnings when calling the C functions isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (compilation):
    • Avoid compiler warnings in the unit tests for calling tor_sscanf() with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
  • Minor bugfixes (compression):
    • When spooling compressed data to an output buffer, don’t try to spool more data when there is no more data to spool and we are not trying to flush the input. Previously, we would sometimes launch compression requests with nothing to do, which interferes with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
  • Minor bugfixes (configuration):
    • Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes bug 22252; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (connection lifespan):
    • Allow more control over how long TLS connections are kept open: unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a single option called CircuitsAvailableTimeout. Also, allow the consensus to control the default values for both this preference and the lifespan of relay-to-relay connections. Fixes bug 17592; bugfix on 0.2.5.5-alpha.
    • Increase the initial circuit build timeout testing frequency, to help ensure that ReducedConnectionPadding clients finish learning a timeout before their orconn would expire. The initial testing rate was set back in the days of TAP and before the Tor Browser updater, when we had to be much more careful about new clients making lots of circuits. With this change, a circuit build timeout is learned in about 15-20 minutes, instead of 100-120 minutes.
  • Minor bugfixes (controller):
    • Do not crash when receiving a HSPOST command with an empty body. Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
    • Do not crash when receiving a POSTDESCRIPTOR command with an empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
    • GETINFO onions/current and onions/detached no longer respond with 551 on empty lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha.
    • Trigger HS descriptor events on the control port when the client fails to pick an onion service directory for an onion service. This can happen if all the hidden service directories are in ExcludeNodes, or they have all been queried within the last 15 minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha.
  • Minor bugfixes (correctness):
    • Avoid undefined behavior when parsing IPv6 entries from the geoip6 file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
  • Minor bugfixes (coverity build support):
    • Avoid Coverity build warnings related to our BUG() macro. By default, Coverity treats BUG() as the Linux kernel does: an instant abort(). We need to override that so our BUG() macro doesn’t prevent Coverity from analyzing functions that use it. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (defensive programming):
    • Detect and break out of infinite loops in our compression code. We don’t think that any such loops exist now, but it’s best to be safe. Closes ticket 22672.
    • Fix a memset() off the end of an array when packing cells. This bug should be harmless in practice, since the corrupted bytes are still in the same structure, and are always padding bytes, ignored, or immediately overwritten, depending on compiler behavior. Nevertheless, because the memset()’s purpose is to make sure that any other cell-handling bugs can’t expose bytes to the network, we need to fix it. Fixes bug 22737; bugfix on 0.2.4.11-alpha. Fixes CID 1401591.
  • Minor bugfixes (directory authority):
    • When a directory authority rejects a descriptor or extrainfo with a given digest, mark that digest as undownloadable, so that we do not attempt to download it again over and over. We previously tried to avoid downloading such descriptors by other means, but we didn’t notice if we accidentally downloaded one anyway. This behavior became problematic in 0.2.7.2-alpha, when authorities began pinning Ed25519 keys. Fixes bug 22349; bugfix on 0.2.1.19-alpha.
    • When rejecting a router descriptor for running an obsolete version of Tor without ntor support, warn about the obsolete tor version, not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
    • Prevent the shared randomness subsystem from asserting when initialized by a bridge authority with an incomplete configuration file. Fixes bug 21586; bugfix on 0.2.9.8.
  • Minor bugfixes (error reporting, windows):
    • When formatting Windows error messages, use the English format to avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha. Patch from “Vort”.
  • Minor bugfixes (exit-side DNS):
    • Fix an untriggerable assertion that checked the output of a libevent DNS error, so that the assertion actually behaves as expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey Karpov using PVS-Studio.
  • Minor bugfixes (fallback directories):
    • Make the usage example in updateFallbackDirs.py actually work, and explain what it does. Fixes bug 22270; bugfix on 0.3.0.3-alpha.
    • Decrease the guard flag average required to be a fallback. This allows us to keep relays that have their guard flag removed when they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
    • Decrease the minimum number of fallbacks to 100. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
    • Make sure fallback directory mirrors have the same address, port, and relay identity key for at least 30 days before they are selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (file limits, osx):
    • When setting the maximum number of connections allowed by the OS, always allow some extra file descriptors for other files. Fixes bug 22797; bugfix on 0.2.0.10-alpha.
  • Minor bugfixes (onion services):
    • Increase the number of circuits that a service is allowed to open over a specific period of time. The value was lower than it should be (8 vs 12) in the normal case of 3 introduction points. Fixes bug 22159; bugfix on 0.3.0.5-rc.
    • Fix a BUG warning during HSv3 descriptor decoding that could be cause by a specially crafted descriptor. Fixes bug 23233; bugfix on 0.3.0.1-alpha. Bug found by “haxxpop”.
    • Stop printing a cryptic warning when an onion service gets a request to connect to a virtual port that it hasn’t configured. Fixes bug 16706; bugfix on 0.2.6.3-alpha.
    • Simplify onion service descriptor creation by using an existing flag to check if an introduction point is established. Fixes bug 21599; bugfix on 0.2.7.2-alpha.
  • Minor bugfixes (link handshake):
    • Lower the lifetime of the RSA->Ed25519 cross-certificate to six months, and regenerate it when it is within one month of expiring. Previously, we had generated this certificate at startup with a ten-year lifetime, but that could lead to weird behavior when Tor was started with a grossly inaccurate clock. Mitigates bug 22466; mitigation on 0.3.0.1-alpha.
  • Minor bugfixes (linux seccomp2 sandbox):
    • Avoid a sandbox failure when trying to re-bind to a socket and mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
    • Permit the fchmod system call, to avoid crashing on startup when starting with the seccomp2 sandbox and an unexpected set of permissions on the data directory or its contents. Fixes bug 22516; bugfix on 0.2.5.4-alpha.
  • Minor bugfixes (logging):
    • When decompressing, do not warn if we fail to decompress using a compression method that we merely guessed. Fixes part of bug 22670; bugfix on 0.1.1.14-alpha.
    • When decompressing, treat mismatch between content-encoding and actual compression type as a protocol warning. Fixes part of bug 22670; bugfix on 0.1.1.9-alpha.
    • Downgrade “assigned_to_cpuworker failed” message to info-level severity. In every case that can reach it, either a better warning has already been logged, or no warning is warranted. Fixes bug 22356; bugfix on 0.2.6.3-alpha.
    • Log a better message when a directory authority replies to an upload with an unexpected status code. Fixes bug 11121; bugfix on 0.1.0.1-rc.
    • Downgrade a log statement about unexpected relay cells from “bug” to “protocol warning”, because there is at least one use case where it can be triggered by a buggy tor implementation. Fixes bug 21293; bugfix on 0.1.1.14-alpha.
  • Minor bugfixes (logging, relay):
    • Remove a forgotten debugging message when an introduction point successfully establishes an onion service prop224 circuit with a client.
    • Change three other log_warn() for an introduction point to protocol warnings, because they can be failure from the network and are not relevant to the operator. Fixes bug 23078; bugfix on 0.3.0.1-alpha and 0.3.0.2-alpha.
  • Minor bugfixes (relay):
    • Inform the geoip and rephist modules about all requests, even on relays that are only fetching microdescriptors. Fixes a bug related to 21585; bugfix on 0.3.0.1-alpha.
  • Minor bugfixes (memory leaks):
    • Fix a small memory leak at exit from the backtrace handler code. Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto.
    • When directory authorities reject a router descriptor due to keypinning, free the router descriptor rather than leaking the memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
    • Fix a small memory leak when validating a configuration that uses two or more AF_UNIX sockets for the same port type. Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
  • Minor bugfixes (process behavior):
    • When exiting because of an error, always exit with a nonzero exit status. Previously, we would fail to report an error in our exit status in cases related to __OwningControllerProcess failure, lockfile contention, and Ed25519 key initialization. Fixes bug 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha respectively. Reported by “f55jwk4f”; patch from “huyvq”.
  • Minor bugfixes (robustness, error handling):
    • Improve our handling of the cases where OpenSSL encounters a memory error while encoding keys and certificates. We haven’t observed these errors in the wild, but if they do happen, we now detect and respond better. Fixes bug 19418; bugfix on all versions of Tor. Reported by Guido Vranken.
  • Minor bugfixes (testing):
    • Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
    • Use unbuffered I/O for utility functions around the process_handle_t type. This fixes unit test failures reported on OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha.
    • Make display of captured unit test log messages consistent. Fixes bug 21510; bugfix on 0.2.9.3-alpha.
    • Make test-network.sh always call chutney’s test-network.sh. Previously, this only worked on systems which had bash installed, due to some bash-specific code in the script. Fixes bug 19699; bugfix on 0.3.0.4-rc. Follow-up to ticket 21581.
    • Fix a memory leak in the link-handshake/certs_ok_ed25519 test. Fixes bug 22803; bugfix on 0.3.0.1-alpha.
    • The unit tests now pass on systems where localhost is misconfigured to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix on 0.0.9pre2.
  • Minor bugfixes (voting consistency):
    • Reject version numbers with non-numeric prefixes (such as +, -, or whitespace). Disallowing whitespace prevents differential version parsing between POSIX-based and Windows platforms. Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.
  • Minor bugfixes (Windows service):
    • When running as a Windows service, set the ID of the main thread correctly. Failure to do so made us fail to send log messages to the controller in 0.2.1.16-rc, slowed down controller event delivery in 0.2.7.3-rc and later, and crash with an assertion failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. Patch and diagnosis from “Vort”.
  • Minor bugfixes (windows, relay):
    • Resolve “Failure from drain_fd: No error” warnings on Windows relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha.
  • Code simplification and refactoring:
    • Break up the 630-line function connection_dir_client_reached_eof() into a dozen smaller functions. This change should help maintainability and readability of the client directory code.
    • Isolate our use of the openssl headers so that they are only included from our crypto wrapper modules, and from tests that examine those modules’ internals. Closes ticket 21841.
    • Simplify our API to launch directory requests, making it more extensible and less error-prone. Now it’s easier to add extra headers to directory requests. Closes ticket 21646.
    • Our base64 decoding functions no longer overestimate the output space that they need when parsing unpadded inputs. Closes ticket 17868.
    • Remove unused “ROUTER_ADDED_NOTIFY_GENERATOR” internal value. Resolves ticket 22213.
    • The logic that directory caches use to spool request to clients, serving them one part at a time so as not to allocate too much memory, has been refactored for consistency. Previously there was a separate spooling implementation per type of spoolable data. Now there is one common spooling implementation, with extensible data types. Closes ticket 21651.
    • Tor’s compression module now supports multiple backends. Part of the implementation for proposal 278; closes ticket 21663.
  • Documentation:
    • Add a manpage description for the key-pinning-journal file. Closes ticket 22347.
    • Correctly note that bandwidth accounting values are stored in the state file, and the bw_accounting file is now obsolete. Closes ticket 16082.
    • Document more of the files in the Tor data directory, including cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, approved-routers, sr-random, and diff-cache. Found while fixing ticket 22347.
    • Clarify the manpage for the (deprecated) torify script. Closes ticket 6892.
    • Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. Closes ticket 21873.
    • Correct documentation about the default DataDirectory value. Closes ticket 21151.
    • Document the default behavior of NumEntryGuards and NumDirectoryGuards correctly. Fixes bug 21715; bugfix on 0.3.0.1-alpha.
    • Document key=value pluggable transport arguments for Bridge lines in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha.
    • Note that bandwidth-limiting options don’t affect TCP headers or DNS. Closes ticket 17170.
  • Removed features (configuration options, all in ticket 22060):
    • These configuration options are now marked Obsolete, and no longer have any effect: AllowInvalidNodes, AllowSingleHopCircuits, AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated in 0.2.9.2-alpha and have now been removed. The previous default behavior is now always chosen; the previous (less secure) non- default behavior is now unavailable.
    • CloseHSClientCircuitsImmediatelyOnTimeout and CloseHSServiceRendCircuitsImmediatelyOnTimeout were deprecated in 0.2.9.2-alpha and now have been removed. HS circuits never close on circuit build timeout; they have a longer timeout period.
    • {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated in 0.2.9.2-alpha and now have been removed. Use the ORPort option (and others) to configure listen-only and advertise-only addresses.
  • Removed features (tools):
    • We’ve removed the tor-checkkey tool from src/tools. Long ago, we used it to help people detect RSA keys that were generated by versions of Debian affected by CVE-2008-0166. But those keys have been out of circulation for ages, and this tool is no longer required. Closes ticket 21842.

原文:https://blog.torproject.org/tor-0317-now-released

XX-Net V3.6.5

What is new:

  • Improve x-tunnel performance.

Downloads

模块 GAE_proxy X-Tunnel
稳定性 部分地区扫不到ip 无干扰
速度 流畅 下载快速,偶尔卡顿
安全性 Google可看到通信内容 完全加密
易用 需部署服务端 简单
兼容性 部分网站不支持 无问题
收费 免费 付费


最新状态:

2017-09-30

  • 近期有活动,GAE封锁严重,请更新到3.6.3以上版本,扫描线程不要开太高,慢慢等待扫描ip,个别地区无法扫到ip。
  • X-Tunnel新版3.6.5 稳定流畅,不受GAE封锁影响 (使用教程

原文:https://github.com/XX-net/XX-Net/releases/tag/3.6.5


XX-Net最新状态

2017-09-22
  • 8月份开始,GAE封锁加剧,请更新到3.6.0,慢慢等待扫描ip
  • X-Tunnel新版稳定,不受GAE封锁影响 (使用教程

==========

x tunnel使用教程

Michael.X edited this page 23 hours ago · 14 revisions

X_tunnel是XX-Net的新功能模块

  • 提供socks5代理特性,解决GAE证书问题
    支持完整的SSL/HTTPS 加密通讯,支持非http协议。
  • 不受GAE封锁影响。

使用方法

首先下载XX-Net客户端

  • 解压后点击 start.vbs 运行
  • 点击xx图标,进入web页面
  • 左侧栏会有个 x_tunnel,点击 、首页、注册、登录。
  • x-tunnel 服务器带宽流量需要购买,条件允许请支持项目。

浏览器安装代理插件

  • SwitchyOmega选择X_Tunnel自动切换模式
代理协议 代理服务器 代理端口
SOCKS5 127.0.0.1 1080

最后一步

  • 右键托盘图标,勾选“取消全局代理”

如何获得流量:

  1. 每捐赠1个appid,奖励1G流量/1年

    https://github.com/XX-net/XX-Net/wiki/DonateAppid

    捐赠后给xxnet.dev@gmail.com发邮件,告知appid和你的x_tunnel account

  2. paypal 价格 流量
    季度 $4.5 300G
    年度 $15 1200G

    条件允许的,请购买流量,以支持项目发展。
    我们鼓励您将流量分享朋友使用。

  3. 参与项目的贡献,可在dev留x_tunnel account

原文:https://github.com/XX-net/XX-Net/wiki/x-tunnel%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B

Best VPNs for China in 2017 (that still work despite the ban)

Update August 2017: as many of you know, China has already cracked down on VPNs in 2017 after doing so multiple times over the past couple years. Not only that, but the Chinese government is now threatening to block all VPN use by February 2018. So what’s the deal? Do the best VPNs for China still work? As an expat who has spent over a decade in China and still lives here, I’d like to offer my thoughts and recommendations.

What are the best VPNs for China?

Sadly, FarWestChina has been inaccessible here in China since 2009, blocked by the “Great Firewall” (i.e. China’s censorship). I have no idea why it was blocked – other than the fact that I’m talking about Xinjiang, one of the most sensitive regions in China – and there’s nothing I can do to unblock the site. Trust me, I’ve tried everything short of knocking on a government official’s door.

The only way I’ve been able to work on this site from my home here in China is through what is known as a VPN, or a Virtual Private Network.

Because I have over 8 years of first-hand experience with over 20 different VPN services, I get more than a few emails every month from people asking me what I recommend as the best VPN for China in 2017. It’s an obvious need for anybody living in China but more and more people are realizing that online security is something netizens in every country should consider.

I’m not trying to hard-sell anybody here…more than anything I just want to provide some helpful information for those people who need to get a new VPN. A few of the links here and in the video are affiliate links which means that at no additional cost to you I will be compensated if you purchase the service. I wouldn’t recommend these VPNs if I hadn’t used them extensively myself, though, and I’ve used each of these VPNs for at least 6 months this last year.

So when it comes to the best VPNs for China, I’ve given you three ways to hear my thoughts: watch the video, check out the comparison chart or read my person reviews for each VPN below.

Best VPNs for China | Video Review

Click below to hear my thoughts and see each of these best VPNs for China in action.

*Click to watch the video and then subscribe to the FarWestChina Youtube channel!

Best VPNs for China | Comparison Chart

 

ExpressVPN logo
ExpressVPN

NordVPN logo
NordVPN

VyprVPN logo
VyprVPN

PureVPN logo
PureVPN

12VPN logo
12VPN

Rate:

5 stars for ExpressVPN

5 stars for ExpressVPN

4 stars for VyprVPN

4 stars for PureVPN

4 stars for 12VPN

Start:

2009

2012

2009

2007

2007

Pros:

Reliable
Simple setup
Easy-to-use

A+ software
& customer
support

Chameleon protocol
Free trial

Low price
Fast streaming

Creative
China
protocols

Cons:

Pricey

No city
server option

Pricey

Lower encryption

Simple software

Torrent

Yes

Yes

Yes*

Yes

No

Apps?

Yes

Yes

Yes

Yes

No

Risk?

30 day MBG**

30 day
MBG**

Free trial

7 day
MBG**

14 day
MBG**

 

ExpressVPN

Save 35%

NordVPN

Save 70%

VyprVPN

Save 25%

PureVPN

Save 73%

12VPN

Save 10%


*They allow torrenting but will pass on DCMA notices for illegal activity.
**”MBG” refers to a Money Back Guarantee

As I mentioned in the video above, there are literally hundreds of VPNs to choose from on the market and there are quite a few good ones that didn’t make this list.

These, however, have stood the test of time (they are all at least 5 years old), have made a specific effort to reach the China market, all offer hundreds of servers across the globe and they all have unlimited bandwidth.


 

ExpressVPN in China (Editor’s Choice)

Try ExpressVPN, editor's choice for best VPN in ChinaExpressVPN is my go-to 2017 VPN for China. I’m a huge fan of their overall design – the website, desktop app and mobile app are all beautiful and easy to use.

I always recommend this VPN to anybody I know who doesn’t consider themselves tech-savvy for a couple of reasons.

  1. It’s super easy to set up!
  2. Their software is some of the best in the industry.
  3. They offer a no-hassle, 30-day money back guarantee.

For those who desire simplicity and ease, ExpressVPN has been a solid option here in China for the past few years. You can check out their pricing here where you can get as much as 35% off annual plans.

Click for 35% off ExpressVPN


 

NordVPN in China (70% off Discount Code!)

NordVPN has been a surprise addition to my VPN arsenal over past year. They’ve purposefully entered the China market and are aggressively tackling the blocking issues that plague all the best VPNs in China.

There are a number of reasons I’ve come to like the NordVPN software and service.

  1. The software is well-designed, both on computers & mobile devices.
  2. They allow 6 simultaneous connections (most VPNs give 3-5)
  3. They also offer a no-nonsense, 30-day money back guarantee.

In many cases, I often tell people to purchase both ExpressVPN and NordVPN (I have both) to figure out which one works best in your China location. Best of all, I have a NordVPN discount code that you can use to get over 70% off an annual plan! (normal discount is only 52%) Use the code FARWESTCHINA at checkout to get the discount (you’ll see the link to input a discount code when you choose your method of payment).

Get 70% off NordVPN!


 

Using VyprVPN in China (25% Discount Code!)

I was turned on to VyprVPN a couple years ago and have been incredibly impressed with the transparency of the company (just compare their about page with any other VPN).

Here’s what I love about VyprVPN:

  • Proprietary “Chameleon” protocol for added security
  • Simple-to-use software
  • A 3-day FREE trial (but no 30-day money back guarantee)

VyprVPN has been around since 2009 but their parent company, GoldenFrog, has been around for more than a decade providing online services. I’ve spoken at length with some of their representatives and really like their focus on the China market, which is comforting considering how much the Chinese internet landscape changes.

If all of this sound good to you, they have given me a special link that will allow you to give them a try for free for 3 days and then get an exclusive 25% off annual plans.

Click for 25% off VyprVPN


 

Using PureVPN in China

*Note: PureVPN consistently offers some of the lowest prices. Currently you can get two years of VPN for the price of one with PureVPN, which includes up to 5 devices connected!

PureVPN is another popular option here in China. They boast over 1 million users world-wide and their market share in China seems to be growing at a rapid pace.

While I wasn’t a big fan of their software at first, thankfully they have since updated the design and it functions much better. Their speeds are excellent and I found them to be the best in terms of streaming – at least for me out here in western China.

What you might find useful is their “Server Selection Tool” where you tell the software what you want to do (download, stream US content, stream UK content, etc) and it will tell you which servers best suit you needs.

Considering the price – which is often one of the lowest around – PureVPN is an excellent VPN option for the price conscious buyer.

Click for 73% off PureVPN


 

A Look at 12VPN in China (10% Discount Code)

Get 12VPNI’ve been a 12VPN customer since 2013 and in many ways it’s been my go-to VPN on my phone. Why? It’s simple and it just works…every time.

The software isn’t flashy and they don’t have a dedicated iPhone or Android app but setup for both was an easy download of one file that took me all of 5 minutes.

One of the things I’ve truly appreciated about 12VPN is their commitment to communication. I get periodic emails informing me of changes in the VPN and changes in the Great Firewall. For example, last year one of the submarine cables that connects Asia with North America was severed. Out of the 10 VPNs I had running at the time, 12VPN was the only one that let me know what was happening and why I should expect slower speeds on the Los Angeles servers.

In addition to VPN services, 12VPN is also one of the few companies that offers SmartDNS as part of their package. I won’t go into details about what SmartDNS is, but suffice to say I use it to watch Netflix on my Apple TV in China and it is so much fasterthan connecting on a VPN.

Best of all, I have a 12VPN Discount Code that you can use! Just enter FWC10 to get 10% off your order.

Click for 10% off 12VPN


 

VPNs to Avoid in China

Here’s the thing about the relationship between China and VPNs – China is always making changes that affect the landscape of VPN use within the country. If the VPN you choose doesn’t devote resources to adapt to these changes, that spells trouble for you.

This rules out most small VPN services such as Buffered or all the free services such as Hotspot Shield. Neither seem to have the manpower or resources to play the constant game of cat and mouse with China’s internet censors. I’ve had a difficult time connecting to their servers from within China.

Finally, despite its popularity in China, I personally don’t recommend Astrill VPN. My biggest problem was their customer support but the deal breaker was that they require users to provide their phone number for authentication. In China, that kind of connection between my VPN and my phone number is a big no-no.

Conclusion | Best VPNs for China 2017

So that about covers it! Obviously there are plenty of VPN services which have been left out of this list, but I stand by the fact that if you’re coming to Asia, these are the best VPNs for China in 2017.

If you’re here in China and using a VPN, leave a comment below to let me know what you use.

原文:https://www.farwestchina.com/2016/04/top-5-vpns-for-china.html

XX-Net V3.6.0(安卓版)

Update:

  • 采用最新代码 3.6.0
  • 修复升级问题。

Downloads

==========

  • Android技术设计
  • 安卓版使用说明
  • FireFox安卓版设置:
    1. Firefox安卓浏览器本身支持安装证书,可以不用安装在手机上。
    2. Firefox安卓浏览器可以使用Pan插件(默认代理方式为SS),类似pc版的autoproxy插件,可以在about:config 设置代理方式为GoAgent.
    3. 如果不使用代理插件,可在地址栏输入 about:config ,搜索 proxy.type 将5改成1 ,然后搜索 proxy.http ,在上面横线填上 127.0.0.1 下面横线填上 8087

GitHub GitHub

原文:https://github.com/XX-net/xxnet-android/releases/

翻墙VPN推荐(中国实测)(Updated: Sept 2017)

最好用的翻墙VPN推荐:正在寻找翻墙的VPN?现有的VPN、加速器在中国不稳定?我们推荐最好用的翻墙VPN,所推荐的VPN已全部经过在中国大陆的测试。VPN我们只推荐最好的!

欢迎访问“VPN大大”!你可能正在寻找用于翻墙的VPN,也可能正因为现有VPN账号在中国不稳定而烦恼。“VPN大大”是一个针对中国互联网用户的VPN评测网站,我们在中国内地测试各个VPN服务商的VPN服务质量,基于评测结果向大家推荐最好的用于科学上网(翻墙)的VPN。

Click Here to Visit the English Version: Best VPNs for China >>

关于我们:VPN大大(VPNDada.com)是目前唯一一家立足于中国大陆实地评测VPN的中英文双语网站。我们人在国内,但测试的都是提供全球服务、可以信赖的VPN服务商。我们的VPN推荐全部基于中国大陆的VPN实测结果。我们于2015年创立,目前已被《纽约时报》、《南华早报》、《Business Insider》等新闻媒体介绍或提及。

需要说明一点:我们在这里推荐的VPN、加速器全部是国外的付费VPN和付费加速器。为什么不推荐免费的VPN或加速器呢?这是因为对于每天经常使用VPN的人来说,免费VPN的速度、稳定性和流量限制是基本不能满足需要的;而付费VPN的价格大多不足每月10每元,其质量要比免费VPN好得多,可以省去很多麻烦。为什么不推荐国内的VPN呢?虽然国内也有不少VPN、加速器服务商,但我们认为使用国内的VPN有一定的风险性,除了可信度之外,很重要的一个原因就是国内VPN或加速器可能随时被迫关闭,如果你刚刚交付年费,却发现这家VPN被关了,你可能根本无法拿到退款。相比之下国外的VPN基本不会有这种可能,所以我们在这里重点测试、推荐国外的具有一定知名度和影响力的VPN、加速器服务。

基于我们在中国大陆的最新VPN测试,以下是我们的最新翻墙VPN推荐。这些VPN都同时提供电脑VPN软件和手机用的VPN客户端(APP)。


最好的翻墙VPN推荐:

1. ExpressVPN(首选推荐)

ExpressVPN, 翻墙VPN推荐,VPN中国

推荐原因:线路稳定,网速快,服务商知名度高、信誉好、售后服务好,接受支付宝、银联付款。
价格: 每月6.67美元起(
点击这里获得ExpressVPN三个月免费优惠[适用于购买12个月计划])。
免费试用期:30天退款保证。
可同时连接的设备数量:3台设备。
ExpressVPN怎么样?ExpressVPN在中国大陆好用吗?
作为一家国际知名的VPN服务商,ExpressVPN不但提供高速、稳定的VPN服务,而且一直在努力为中国的VPN用户提供稳定好用的服务。在最近几次VPN被墙事件中,ExpressVPN都没有受到大的影响。ExpressVPN的客服是业内最好的之一,随时提供网聊帮助。ExpressVPN在电脑(Windows或Mac)和移动设备(iPhone、安卓、平板灯)上都可以使用,有电脑VPN软件和手机用的VPN APP。在中国大陆使用ExpressVPN,建议选择连接其香港的VPN服务器;如果需要连接美国的VPN服务器,建议选择西海岸的服务器。
特别优惠
点击这里
获得ExpressVPN三个月免费优惠(适用于购买12个月计划)。

访问ExpressVPN (含折扣优惠) ExpressVPN 评测 (英文)

2. VyprVPN

VyprVPN, 好用的翻墙VPN推荐,VPN中国

推荐原因:线路稳定,网速快,网站、VPN软件和APP均支持中文版。
价格: 每月5美元起。免费试用期:30天退款保证。
可同时连接的设备数量:3至5台设备(根据不同收费计划而定)。
VyprVPN怎么样?VyprVPN在中国大陆好用吗?
VyprVPN是一家在国际上影响力很大的VPN服务商,在技术方面颇有实力。VyprVPN的VPN速度快、稳定性高,而且这家公司独立开发的Chameleon VPN协议可以用来躲避GFW的监视和干扰,对于中国大陆的VPN用户非常有用。VyprVPN提供七天、24小时的客服,而且网页有中文版,便于华人用户注册。VyprVPN提供电脑VPN软件和手机用的VPN APP。VyprVPN有两个服务计划,建议中国用户选用VyprVPN Premium计划,因为这个计划包括上文提到的Chameleon协议。在中国大陆使用VyprVPN时,建议选择日本或美国西海岸的VPN服务器以获得最快的速度。

访问VyprVPN  VyprVPN 评测 (英文)

3. PureVPN

PureVPN: 好用的翻墙VPN

推荐原因:线路稳定,网速快,有针对中国用户的连接方式和服务器。
价格: 每月3.25美元起。免费试用期:7天退款保证。
可同时连接的设备数量:5台设备。
PureVPN怎么样?PureVPN在中国大陆好用吗?
PureVPN也是一家知名的国际VPN服务商,提供电脑VPN软件和手机用的VPN APP。这家VPN的服务有两个独特的优势:1)PureVPN的价格比很多其他VPN公司的价格要低(但提供的服务内容并没有缩水)。2)PureVPN在中国大陆也有VPN服务器,对于有“翻墙回国”需要(通过VPN获得中国IP地址来破解“只限中国大陆”的内容限制)的海外华人是一个不错的选择。在中国大陆使用PureVPN时,建议选择“Optimized for China”模式来获得最稳定的VPN连接。

访问PureVPN  PureVPN 评测 (英文)

4. NordVPN

NordVPN, 最好的翻墙VPN推荐,VPN中国

推荐原因:线路稳定,网速快,网站支持中文。
价格: 每月3.29美元起。免费试用期:30天退款保证。
可同时连接的设备数量:6台设备(不要多台设备使用同一个协议连接到同一服务器)。
NordVPN怎么样?NordVPN在中国大陆好用吗?
NordVPN也是一家国际知名的VPN服务商,提供电脑VPN软件和手机用的VPN APP,在VPN稳定性和VPN速度方面都表现不凡。最近这家公司开始重视中国大陆市场,其网站有中文版,电脑版的VPN软件有Obfuscation功能,可以用来躲过GFW的监控和干扰。

访问NordVPN  NordVPN 评测 (英文)




其它可用于翻墙的VPN:

除了上述推荐的VPN之外,我们还评测了很多其它的VPN服务,以下是这些VPN的名单。其中一些VPN我们已经在中国大陆做了评测,关于这些VPN怎么样、在中国大陆是否好用的问题,可以具体看我们的评测。

这些VPN、加速器服务商中有些无法在国内打开他们的官网,所以注册账号有一定问题,但是这并不一定影响使用这些VPN服务商的服务。感兴趣的网友可以先翻墙注册这些VPN的账号,然后下载VPN软件或者手工完成设置,一旦设置好后,这些VPN服务很多还是可以在中国使用的。

 


关于VPN的常见问题:

什么是VPN?

VPNs (虚拟专用网络,Virtual Private Networks) 可以用来让用户以安全私密的方式连接私有网络。人们使用VPN有不同的用途,例如确保上网的安全性,确保上网的私密性,等等。中国网民大多数使用VPN翻墙。

为什么在中国需要使用VPN?

众所周知,很多著名的网站在中国都无法访问,如:Google、Twitter、Facebook、YouTube等等。为了能够访问“被墙”的国外网站,很多中国网民尝试各种“翻墙”、“科学上网”的办法。在这些翻墙的方法当中,VPN是较为稳定、较可行的方式。

有了可用的VPN,我就可以在中国访问Facebook、YouTube、Twitter、Google等海外网站了吗?

是的。

购买VPN如何付费?

很多海外VPN公司需要使用信用卡或者PayPal付款,但已经有不少开始接受支付宝、银联等在中国常用的付款方式。

VPN是怎么个用法?

购买VPN账号后,VPN服务商会提供设置VPN的具体步骤。大部分情况下需要用户下载一个连接VPN的软件,也可以不用软件,直接在电脑或移动设备上完成VPN的设置。设置好VPN后,用户可以随时开启或关闭VPN。VPN可以用于桌面电脑,也可以用在移动设备,如iPad、智能手机上。还可以在路由器上设置VPN。

在中国使用VPN是违法的吗?

使用VPN不违法。目前没有任何一条法律规定明文禁止使用VPN。事实上,有关部门到目前为止根本没有明确承认“墙”的存在。既然“墙”不存在,那么“翻墙”怎么定罪呢?在中国大量网民都在使用VPN,目前还没听说谁因为翻墙被定罪。只要不用于和政治有关的活动,平时用VPN翻墙用不着担心的。2017年初有关“中国下令全面禁止VPN”的新闻在网上流传,真正的情况是政府禁止国内VPN供应商私自提供VPN服务,并没有禁止VPN用户使用VPN。

这么说来,在中国用VPN应该没什么问题,是吧?

问题还是有的。虽然没有明文禁止使用VPN翻墙,但是VPN服务商经常被封锁,国内的VPN服务商面临被迫关门,国外VPN服务商的网站经常被封。所以在国内使用VPN的主要麻烦就是VPN服务经常受到干扰。这就是“VPN大大”创建的起因。我们替大家监测各个VPN服务商的状态,在国内实地测试各个VPN的连接、使用状态,根据测试结果,向大家推荐靠谱的VPN。

VPN大大评测、推荐VPN的标准时什么?

以下是我们推荐VPN的一些标准:1)该VPN必须是由一家境外公司提供的服务(这样就不会有随时被关的危险),而该公司需要有一定的信誉和知名度。2) VPN服务商的网站应该可以在中国境内直接打开(这样普通用户就可以直接注册账号或联系客服)3)VPN服务商应该具有一定的服务中国用户的经验。4)VPN在中国使用时应该达到足够的稳定性和足够快的速度。

VPN大大为什么只评测、推荐海外的VPN,而不提国内的VPN公司呢?

2017年初,工信部发布了新的政策,基本内容可以理解为禁止国内公司未经政府允许提供VPN服务,其结果是国内VPN供应商将面临被封的危险。2017年6月,著名国内VPN服务商GreenVPN被迫关闭、停止服务,证明了这种趋势。所以我们不推荐大家使用任何由中国大陆VPN公司提供的服务。海外VPN公司不受中国大陆政策影响,不会面临被迫关门的危险,所以我们只推荐海外公司的VPN。

哪些翻墙VPN是最好、最值得推荐的?

请参见我们的翻墙VPN推荐名单:
1. 
logo-expressvpn
  访问网站 ExpressVPN Review
2. logo-vyprvpn  访问网站 VyprVPN Review
3. logo purevpn  访问网站 PureVPN Review
4. logo nordvpn  访问网站 NordVPN Review

 


请加入我们的邮件列表(Mailing List):

我们建立了一个邮件列表(Mailing List),会定期发布最近的VPN新闻、VPN推荐或VPN折扣优惠等信息。欢迎您填写您的EMAIL来加入我们的邮件列表:

请填写您的邮箱(EMAIL):

订阅

原文:https://www.vpndada.com/best-vpns-for-china-cn/

欢迎测试 Tor 浏览器的新网桥


可插拔传输层 是一种洋葱路由用来伪装其传输的数据信号之特殊工具,当您的网络服务供应商或所处的网络环境会过滤阻挡通往洋葱路由网络的连接时,此工具即可发挥其功用。 


来源: https://tb-manual.torproject.org/zh-CN/

Tor 浏览器(Tor Browser )7.5a4 实验版发布,7.5a4 实验版集成一个实验性的新网桥:snowflake (目前仅支持 Mac OS X 与 Linux),欢迎测试并报告使用情况,以帮助软件更好的改进。

下载地址:https://www.torproject.org/projects/torbrowser.html.en ,请在 Experimental Tor Browser 下载位置选择适合您语言及系统的安装包。

请确保是在关闭 VPN 及其它翻墙工具情况下进行测试。

安装完成,会先出现 “Tor 网络设置” 选项卡,在这里选“配置”,如下图所示:



在接下来的界面会询问你网络服务商(ISP)的情况,选“是”。然后并在新界面中,“使用集成的网桥连接”下拉框选择“ snowflake ”,如下图所示:



然后点下一步,会需要选择“本地代理配置”的情况,如果使用代理就填写代理的数据,否则就选否,并点 “连接”。

这样就会连接的界面,需要等一些时间,如下图所示:




连接过程,可能会成功,成功后会关闭网络连接窗口,并自动打开浏览器。也可以连接失败,如下图所示:





欢迎测试与反馈,最好可以提供: 您的城市、网络服务商 及 snowflake是否可以连接 。 

原文:http://www.chinagfw.org/2017/08/tor.html

最好的办法就是自己搭建科学上网工具(V P N)

 

这次我终于受不了网络上各种免费付费的科学上网工具了,再第N次翻&墙失败后,我终于狠了狠心自己搭建了自己专属的科学上网工具。没想到搭建过程这么简单,根本不想网上分享的那么难,还涉及到代码这些,一键搭建,五分钟搞定。自己专属的科学上网工具,用起来真的超级舒服,速度真的好快,也再没有等不上去的烦恼了。这里分享给我的读者,解除掉V   P    N的烦恼。

先看看效果图先:

bandwagon-speed

我用的是搬瓦工一键搭建科学上网工具,你需要去买一个vps。一个月3美金差不多,可以公司好几个人一起用,这样想来还是比去网上买付费的要划得来。以下是搭建步骤:

1. 购买VPS主机(服务端)

搬瓦工的官网(https://bandwagonhost.com)已经被墙了,我是通过这个链接去买的 https://bwh1.net/aff.php?aff=12251

Step 1: 进入主页面之后,直接选择最便宜的那个套餐购买,2.99刀一个月的。如下图:vps

Step 2: 选择购买一年的,如下图,19.99usd一年的。Location就不要改,就选美国。

buy-bwg-00

Step 3: 进入到支付页面之后,注意下面有个promotional code,这个优惠码输入进去可以优惠一些。优惠码的获取我们在第四步讲。

vps-order-3

Step 4 : 获取优惠码, 进入到网站首页,右键点击查看源代码,下图标记的地方就是优惠码。

vps-order-4

Step 5: 完善信息,完成支付过程。支付过程可以选择paypal,也可以选择支付宝,信用卡都可以。

payment-1
payment-2

买好VPS之后,他会给你发一个邮件,里面有你的虚拟服务器IP地址以及端口号。要注意保存。

2. 管理你的VPS

Step 1: 首页点击VPS HOsting菜单,就会下方看到Services菜单,点击之后选择 My Services如下图,点击KiwiVM Control Panel
你会发现VPS预装了Centos 6 x86_64my-serivice

Step 2: 安装Shadowsocks Server ; 直接安装就好了,搬瓦工现阶段支持Centos6。而上面预装的系统就是Centos 6 x86_64 。安装完毕之后看到Shadowsocks server controls窗口,从上到下一共三个参数:

  1. 加密方式
  2. ss端口号
  3. 连接ss的密码

ss

这些你都可以自由修改。但请你记住他们,我是把这些参数和购买vps之后的给我的IP地址和端口号都用记事本记录了,你也可以这么做,方便今后copy。好了到现在为止,服务端就已经OK啦。

3. 安装SS客户端

Step 1: 安装好Shadowsocks Server之后,系统会列出来如下图所示的客户端下载链接,你需要根据自己的电脑系统配置选择下载。我之前就下载错了,我是win 8系统,选了win 7的下载链接,怎么都上不去,需要注意一下这里。

installation

Step 2: 客户端设置:系统很人性化,都帮你列出来怎么配置了,直接copy这个表格里的就可以了。配置好了,就点击完成。

installation-1

Step 3: 设置Proxy: 启动那个箭头般的图标之后,击右键首先允许来自局域网的连接;然后再点击启动代理系统,再选择代理全局模式。这样就可以打开你的浏览器,开始浏览墙外的世界了。

installation-3

PS: 如果还是觉得不是很理解,可以参照下面的动态图进行设置。

vps

4. 手机客户端配置

https://shadowsocks.com/client.html 对应下载自己需要的客户端,然后对应在客户端中写入服务器设置。这边我简单介绍一下mac,以及iPhone上的ss客户端。

1) Mac

安装好小飞机之后,点开下拉菜单->服务器–>服务器设置–>添加填写你IP地址,后面的端口号是你设置SS服务器的时候填的端口号一般默认443.对应选择好之前在ss服务器设置时候选择的加密方式,(别选错)。密码也是SS服务器设置时候提供的一串密码,然后选择你自己创建的这个服务区就OK了。

2)iPhone

先去APP Store下载SS客户端 Wingy (不收费),和上面Mac设置一样,对应填写IP 端口(默认443)密码 以及加密方式。保存搞定。

3) 安卓 app

链接:http://pan.baidu.com/s/1bpzqo5x 密码:qbdz

原文:http://www.sohodiary.com/best-surf-tool/

自己搭建ss/ssr服务器教程(适合新手)

【客户端下载】

Windows SSR客户端下载及更新地址
安卓 SSR客户端下载及更新地址

其它平台的客户端请自行网上搜索。
有了客户端后我们需要自己搭建服务器创建ss/ssr账号才能翻墙。

【搭建教程】

教程很简单,整个教程分三步

第一步:购买VPS服务器

第二步:一键部署VPS服务器

第三步:一键加速VPS服务器 (谷歌BBR加速或锐速加速;对速度要求不高的话,此步骤可省略)


第一步:购买VPS服务器

VPS服务器需要选择国外的,首选国际知名的vultr,速度不错、稳定且性价比高。

vultr注册地址: http://www.vultr.com/?ref=7048874 (全球15个服务器位置可选,KVM框架。推荐买日本服务器,延迟低速度快。)

虽然是英文界面,但是现在的浏览器都有网页翻译功能,鼠标点击右键,选择网页翻译即可翻译成中文。

注册并邮件激活账号,充值后即可购买服务器。充值方式是paypal或支付宝(2017年8月30日Vutrl支持支付宝付款了,最低充值10美元即70元左右),使用paypal有信用卡即可。paypal注册地址:https://www.paypal.com (paypal是国际知名的第三方支付服务商,相当于国内的支付宝。注册一下账号,绑定信用卡即可购买国外商品)

2.5美元/月的服务器配置信息:单核 512M内存 20G SSD硬盘 100M带宽 500G流量/月

5美元/月的服务器配置信息:单核 1G内存 25G SSD硬盘 100M带宽 1000G流量/月

10美元/月的服务器配置信息:单核 2G内存 40G SSD硬盘 100M带宽 2000G流量/月

如图:

购买vps服务器时,服务器地址优先选择:日本、新加坡(移动联通网络首选);日本、洛杉矶、硅谷(电信网络首选)。选择CentOS 6.X64位的系统(推荐。系统版本不要选的太高,不然装不上!)。完成购买后,找到系统的密码记下来,部署服务器时需要用到。如图:

因为vultr实际上是折算成小时来计费的,所以如果你部署的服务器实测后不理想,你可以把它删掉,重新换个地区的服务器来部署,很方便。


第二步:部署VPS服务器

购买服务器后,需要部署一下。因为你买的是虚拟东西,而且又远在国外,我们需要一个叫Xshell的软件来远程部署。Xshell windows版下载地址:

巴别鸟云盘下载 提取密码:38693

国外云盘下载

百度软件中心

如果是苹果电脑操作系统,请自行搜索并下载Xshell MAC版或者在MAC电脑上安装一个windows虚拟机或者其它能远程连接vps服务器的软件。


部署教程:

下载xshell软件并安装后,打开软件

选择文件,新建

随便取个名字,然后把你的服务器ip填上

连接国外ip即服务器时,软件会先后提醒你输入用户名和密码,用户名linux系统默认都是root,密码是购买服务器后的cent系统的密码。

链接成功后,会出现如上图所示,之后就可以输入代码部署成ss了。

一键部署ssr代码(虽然代码兼容SS客户端,但最好用SSR客户端,因为SSR客户端可以用SSR混淆协议)如下:

yum -y install wget

wget –no-check-certificate https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocksR.sh

chmod +x shadowsocksR.sh

./shadowsocksR.sh 2>&1 | tee shadowsocksR.log

———————————————————代码分割线————————————————

上面这个代码是默认的加密方式和混淆协议,没法自行修改加密方式和混淆协议,如果有这方面的需求,可以用下面这个脚本

CentOS/Debian/Ubuntu ShadowsocksR单/多端口一键管理脚本

yum -y install wget

wget -N –no-check-certificate https://softs.fun/Bash/ssr.sh && chmod +x ssr.sh && bash ssr.sh

备用下载地址:

yum -y install wget

wget -N –no-check-certificate https://raw.githubusercontent.com/ToyoDAdoubi/doubi/master/ssr.sh && chmod +x ssr.sh && bash ssr.sh

脚本内容:

支持 限制 端口限速

支持 限制 端口设备数

支持 显示 当前连接IP

支持 显示 SS/SSR连接+二维码

支持 切换管理 单/多端口

支持 一键安装 BBR

支持 一键安装 锐速

支持 一键安装 LotServer

支持 一键封禁 垃圾邮件(SMAP)/BT/PT

下载运行后会提示你输入数字来选择要做什么。

安装脚本后,以后只需要运行这个命令就可以进行设置:bash ssr.sh

之后输入对应的数字来执行相应的命令。

界面如下:

  1. 安装 ShadowsocksR
  2. 更新 ShadowsocksR
  3. 卸载 ShadowsocksR
  4. 安装 libsodium(chacha20)

————————————

  1. 查看 账号信息
  2. 显示 连接信息
  3. 设置 用户配置
  4. 手动 修改配置
  5. 切换 端口模式

————————————

  1. 启动 ShadowsocksR
  2. 停止 ShadowsocksR
  3. 重启 ShadowsocksR
  4. 查看 ShadowsocksR 日志

————————————

  1. 其他功能
  2. 升级脚本

当前状态: 已安装 并 已启动
当前模式: 单端口

请输入数字(1-15):


以第一个部署代码为例

将代码复制下来,鼠标右键复制,然后粘贴到到shell软件的命令栏里,之后就自动开始部署了,不动时敲键盘的“回车键”。

提示输入密码和端口,输入自己想部署的密码和端口,分别按回车键确定。之后,耐心等待,不动的时候按一下回车键。

上图最后一句话是提醒你按任意键来继续部署。成功后,会看到自己部署的所有信息以及混淆协议内容。

最后重启服务器确保部署生效。重启需要在命令栏里输入reboot。如果部署失败,卡在某个位置,可以用xshell软件断开,然后重新连接你的ip,再复制代码进行部署。


第三步:一键加速VPS服务器

此加速教程为谷歌BBR加速和破解版锐速加速教程,两者只能成功装一个,都仅支持KVM框架的vps服务器,vultr的服务器都是KVM框架。如果你购买的不是vultr的服务器,那么你需要搞清楚你买的vps服务器是否是KVM框架的,很重要。(vultr的服务器装谷歌bbr)

按照第二步的步骤,重新连接服务器ip,登录成功后,在命令栏里粘贴以下代码:

【谷歌BBR加速教程】

yum -y install wget

wget –no-check-certificate https://github.com/teddysun/across/raw/master/bbr.sh

chmod +x bbr.sh

./bbr.sh

把上面整个代码复制后粘贴进去,不动的时候按回车,然后耐心等待,最后重启vps服务器即可。该方法是开机自动启动,部署一次就可以了。
如图:

出现上面这个图按回车

最后输入y重启服务器或者手动输入代码reboot

【锐速加速教程】

yum -y install wget

wget -N –no-check-certificate https://raw.githubusercontent.com/91yun/serverspeeder/master/serverspeeder-all.sh && bash serverspeeder-all.sh

把上面整个代码复制后粘贴进去。该方法是开机自动启动,部署一次就可以了。但有些内核是不适合的,部署过程中需要手动选择推荐的,当部署时出现以下字样:

提示没有完全匹配的内核,随便选一个内核就行,按照提示来输入数字,按回车键即可

锐速安装成功标志如下:

出现running字样即可!

部署完毕后,用ssr客户端填上你的账号信息即可

 

苹果手机可以用美区的账号在app商店里下载Potatso Lite或Potatso或shadowrocket
网络上有申请国外appid的教程或者淘宝购买。

 

原文:https://github.com/XX-net/XX-Net/issues/6506

蓝灯专业版授权其他设备教程

假如你在一台电脑上购买了专业版,现在想使用另外一台电脑也使用专业版。

1.在未授权的电脑上打开蓝灯点击“授权设备使用专业版” (如图)。
image

2.在已授权的电脑上打开蓝灯,点击“授权其他设备使用专业版”
image

3.现在输入在第一步中获取的动态授权码,并提交
image

4.稍等候等待片刻。几分钟后你就会发现未授权已经变为专业版了。

原文:https://github.com/getlantern/forum/issues/4108

Shadowsocks视窗版客户端(v4.0.6)


If you encounter any issue, please refer to https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting.

如果遇到任何问题,请首先参考 https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting


Info of Shadowsocks.exe

  • MD5: F5125B39A65883503AF3F290D0F45C29
  • SHA1: DD22B6C76E7A95385BD393AC5651262452BF473A
  • SHA256: 404AFE4B4D718F29E9E336EEA04DC36DC6308A60C6FB397C6205C235BE531C06
  • SHA512: C1238626D0902892604DA6CA45F24DDFFAA40256C74932FA0008727A89AA1513E3C5D8949C50772BD4002F6C8E78A8D5960845F7BDECEEF79F29B64ECB241F03

Downloads

原文:https://github.com/shadowsocks/shadowsocks-windows/releases/tag/4.0.6

蓝灯4.0.1正式版发布,提高稳定性

若无法使用,请看蓝灯无法使用的解决办法

Windows 版本(要求XP SP3以上) 备用地址
安卓版(要求4.1以上) 备用地址 Google Play下载 请勿使用UC浏览器下载,会被替换成假的有广告的版本

蓝灯iOS版本将在2018年发布,现有App Store上的蓝灯均为假冒。 iOS版本开发完毕会在论坛上通知

macOS (10.7及以上) 备用地址

Ubuntu 14.04 32位
Ubuntu 14.04 64位

原文:https://github.com/getlantern/forum/issues/4014

不用SS客户端,手机照样可以科学上网的方法

阅读人数: 389

不用ss客户端,手机照样可以科学上网的方法

本教程适用于安卓和iOS设备。

教程前提:手机和电脑处于同一局域网/WiFi内

电脑端的设置: 以shadowsocksR为例

然后允许来自局域网的连接

按照图示设置,然后退出shadowsocksR, 再打开shadowsocksR。即重新启动shadowsocksR

打开cmd命令行,输入ipconfig,获得本机的局域网IP地址

然后我们来说下手机端的设置

安卓设备,在WiFi的高级选项中,有个代理选项,打开那项,主机名输入电脑ip(命令行中输入ipconfig可以看到ip),端口输入1080(固定的,就是1080),如图,然后确定。

点击确定之后,就可以在安卓手机浏览器中打开Google、youtube了。

原文:http://www.tizi.pw/android-without-ss-client-google/

Potatso 2:我不是一盘普通的土豆丝

在印象里,Potatso 是继 Surge 后用过的第二款中文网络加速应用,68 元(初上架那会儿卖 45 块)的价格在当时比 Surge 便宜不少,但实现的功能却不比后者少,再后来就是 Shadowrocket,只卖 18 元,再再后来就不再关注此领域了,因为同类的应用已经泛滥于 App Store,而且购买的 SS 服务也都有对应的 iOS 客户端,完全不必为挑选一款加速应用而去烦恼。

来源:https://www.waerfa.com/potatso-review
下载:https://itunes.apple.com/us/app/id1162704202
Potatso 自一代开始就以”完美支持 Shadowsocks”,”自动区分国内外流量”,”后台保持链接”,”4G / WiFi 切换不断线” 等特点广受粉丝喜爱,在 2.0 版本上,这款应用支持了 Socks 5, ShadowsocksR 等更多代理方式,可自定义 DNS,多配置资料下随意切换,你可以为家中的上网习惯设置一套配置资料,或者为户外上网配置一套资料,总之,在代理服务器和规则集的帮助下,我们能自定义出各种各样的加速环境。

Potatso 2 的设计没有 Surge 那么花哨,链接代理后,用户可在仪表盘页面实时查看网络链接记录,也可以在 Today Widget 上开关代理,并查看实时的速度,Widget 支持代理服务器切换和 4G / Wi-Fi 的网速查看。

用户可通过 iCloud 实现在各个 iOS 设备同步代理数据,另外还可以从 PCF(Potatso Config File)、二维码、URL 链接导入代理、规则集等数据。

Potatso 2 依旧提供了强大的规则集系统,你只需要找到被「污染」的域名,并将它添加到规则中即可。在网络日志里,当你看到一个链接请求旁显示「小地球」图标,就代表此域名是通过代理连接的;而「双向箭头」图标则说明域名是直接连接的。

玩过此类应用的同学应该对规则集的设置不陌生,Potatso 也是提供了「DIRECT」、「PROXY」、「REJECT」三种方式,可用于直连(国内网站、服务)、代理(国外的)以及对商业广告的屏蔽功能。域名匹配方式分精准匹配(-MATCH)、后缀(-SUFFIX)、地理IP(GEOIP)等方式。

Potatso 2 的预定义在线规则集资源不多的,需要用户自己去找,当然当你谷歌关键词时会出现一大堆配置(PCF)或规则集,拷贝下来直接用 URL 导入进来就行了。

Potatso 相关使用教程有太多了,小编找了两个比较经典的,供大家学习:《续笔记》、《Potatso 土豆丝设置教程

最后附上一个土豆丝的规则集二维码分享给大家:

原文:http://www.chinagfw.org/2017/08/potatso-2.html

Tor Browser 7.5a4 is released

Tor Browser 7.5a4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor alpha release (0.3.1.5-alpha) + an updated OpenSSL (1.0.2l), HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1). We also update sandboxed-tor-browser (to 0.0.12).

The major new features in this alpha release are selfrando support for 32bit Linux systems, Snowflake support for macOS, and a patch that fixes a lot of our problems with the external helper app dialog. In particular, downloading files via the pdf viewer should work again. As we do in the stable series, we also avoid scary warnings popping up when entering passwords on .onion sites without a TLS certificate. We are also testing a better Tor Browser hardening on Windows by using a newer compiler for our Windows builds. If you encounter any issues that could be caused by the new compiler, we want to know about it!

The full changelog since Tor Browser 7.5a2 (for Linux since Tor Browser 7.5a3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.1.5-alpha
    • Update OpenSSL to 1.0.2l
    • Update Torbutton to 1.9.8
      • Bug 22610: Avoid crashes when canceling external helper app related downloads
      • Bug 22472: Fix FTP downloads when external helper app dialog is shown
      • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
      • Bug 22618: Downloading pdf file via file:/// is stalling
      • Bug 22542: Resize slider window to work without scrollbars
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don’t let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives “Address isn’t valid” error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Update sandboxed-tor-browser to 0.0.12
    • Bug 22610: Avoid crashes when canceling external helper app related downloads
    • Bug 22472: Fix FTP downloads when external helper app dialog is shown
    • Bug 22471: Downloading pdf files via the PDF viewer download button is broken
    • Bug 22618: Downloading pdf file via file:/// is stalling
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 21830: Copying large text from web console leaks to /tmp
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
    • Bug 22829: Remove default obfs4 bridge riemann.
  • Windows
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
  • Linux
    • Bug 22832: Don’t include monthly timestamp in libwebrtc build output
    • Bug 20848: Deploy Selfrando in 32bit Linux builds
  • Build system
    • Windows
    • Linux

原文:https://blog.torproject.org/blog/tor-browser-75a4-released

Tor Browser 7.0.4 is released

Tor Browser 7.0.4 is now available from the Tor Browser Project page and also from our distribution directory.

This release features important security updates to Firefox.

A lot of Tor Browser components have been updated in this release. Apart from the usual Firefox update (to 52.3.0esr) we include a new Tor stable release (0.3.0.10) + an updated HTTPS-Everywhere (5.2.21) and NoScript (5.0.8.1).

In this new release we continue to fix regressions that happened due to the transition to Firefox 52. Most notably, we avoid the scary warnings popping up when entering passwords on .onion sites without a TLS certificate (bug 21321). Handling of our default start page (about:tor) has improved, too, so that using the searchbox on it is working again and it does no longer need enhanced privileges in order to function.

The full changelog since Tor Browser 7.0.2 (for Linux since Tor Browser 7.0.3) is:

  • All Platforms
    • Update Firefox to 52.3.0esr
    • Update Tor to 0.3.0.10
    • Update Torbutton to 1.9.7.5
      • Bug 21999: Fix display of language prompt in non-en-US locales
      • Bug 18913: Don’t let about:tor have chrome privileges
      • Bug 22535: Search on about:tor discards search query
      • Bug 21948: Going back to about:tor page gives “Address isn’t valid” error
      • Code clean-up
      • Translations update
    • Update Tor Launcher to 0.2.12.3
      • Bug 22592: Default bridge settings are not removed
      • Translations update
    • Update HTTPS-Everywhere to 5.2.21
    • Update NoScript to 5.0.8.1
      • Bug 22362: Remove workaround for XSS related browser freezing
      • Bug 22067: NoScript Click-to-Play bypass with embedded videos and audio
    • Bug 21321: Exempt .onions from HTTP related security warnings
    • Bug 22073: Disable GetAddons option on addons page
    • Bug 22884: Fix broken about:tor page on higher security levels
  • Windows
    • Bug 22829: Remove default obfs4 bridge riemann.
    • Bug 21617: Fix single RWX page on Windows (included in 52.3.0esr)
  • OS X
    • Bug 22829: Remove default obfs4 bridge riemann.

原文:https://blog.torproject.org/blog/tor-browser-704-released

Shadowsocks视窗版客户端(v4.0.5)

  • Fix crash when user-wininet.json fail to parse. (#1178)
  • Bug fixes and improvements.

If you encounter any issue, please refer to https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting.

如果遇到任何问题,请首先参考https://github.com/shadowsocks/shadowsocks-windows/wiki/Troubleshooting


Info of Shadowsocks.exe

  • MD5: 56B9D1CAD7968A4CAE83207ED5862E24
  • SHA1: 8E196F8D67BACA283CF32A577EC584FA074BC33D
  • SHA256: 28825798B1FB3951A536CA6C9805DB68F2D9CBB393A4EF363E12F9343E8BE8C9
  • SHA512: 3785235074FCA6874AE11332CAC24A983A8389C6D98D4E58EF8F0A245007491CA4D85613F2FFC7685043B3975DF4BE92867B05B38544D3713DB9C937FB1B9165

Downloads

原文:https://github.com/shadowsocks/shadowsocks-windows/releases/tag/4.0.5

Tor 0.3.0.10 is released

Source code for a new Tor release (0.3.0.10) is now available on the website; packages should be available over the next several days. The Tor Browser team tells me they will have a release out next week.

Reminder: Tor 0.2.4, 0.2.6, and 0.2.7 are no longer supported, as of 1 August of this year.  If you need a release with long-term support, 0.2.9 is what we recommend: we plan to support it until at least 1 Jan 2020.

Tor 0.3.0.10 backports a collection of small-to-medium bugfixes from the current Tor alpha series. OpenBSD users and TPROXY users should upgrade; others are probably okay sticking with 0.3.0.9.

CHANGES IN VERSION 0.3.0.10 – 2017-08-02

  • Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
    • Tor’s repository now includes a Travis Continuous Integration (CI) configuration file (.travis.yml). This is meant to help new developers and contributors who fork Tor to a Github repository be better able to test their changes, and understand what we expect to pass. To use this new build feature, you must fork Tor to your Github account, then go into the “Integrations” menu in the repository settings for your fork and enable Travis, then push your changes. Closes ticket 22636.
  • Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
    • Fix a typo that had prevented TPROXY-based transparent proxying from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. Patch from “d4fq0fQAgoJ”.
  • Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
    • Avoid an assertion failure bug affecting our implementation of inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() handling of “0xfoo” differs from what we had expected. Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
  • Minor features (backport from 0.3.1.5-alpha):
    • Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 Country database.
  • Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
    • Roll over monthly accounting at the configured hour and minute, rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. Found by Andrey Karpov with PVS-Studio.
  • Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
    • Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; bugfix on 0.2.8.1-alpha.
    • Fix warnings when building with libscrypt and openssl scrypt support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
    • When building with certain versions of the mingw C header files, avoid float-conversion warnings when calling the C functions isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
    • Backport a fix for an “unused variable” warning that appeared in some versions of mingw. Fixes bug 22838; bugfix on 0.2.8.1-alpha.
  • Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
    • Avoid Coverity build warnings related to our BUG() macro. By default, Coverity treats BUG() as the Linux kernel does: an instant abort(). We need to override that so our BUG() macro doesn’t prevent Coverity from analyzing functions that use it. Fixes bug 23030; bugfix on 0.2.9.1-alpha.
  • Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
    • When rejecting a router descriptor for running an obsolete version of Tor without ntor support, warn about the obsolete tor version, not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
  • Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
    • Avoid a sandbox failure when trying to re-bind to a socket and mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
  • Minor bugfixes (unit tests, backport from 0.3.1.5-alpha):
    • Fix a memory leak in the link-handshake/certs_ok_ed25519 test. Fixes bug 22803; bugfix on 0.3.0.1-alpha.

原文:https://blog.torproject.org/blog/tor-03010-released

Tor Browser 7.0.3 is released

Note: Tor Browser 7.0.3 is a security bugfix release for Linux users only. Users on Windows and macOS are not affected and stay on Tor Browser 7.0.2.

Tor Browser 7.0.3 is now available for our Linux users from the Tor Browser Project page and also from our distribution directory.

This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though.

The bug got reported to us yesterday by Julian Jackson (@atechdad) via our HackerOne bug bounty program. Thanks! We are not aware of it being exploited in the wild.

We are currently preparing updated Linux bundles for our alpha series and they should go live within the next couple of hours. Meanwhile Linux users on that series are strongly encouraged to use the stable bundles or one of the above mentioned tools that are not affected by the underlying problem.

Here is the full changelog since 7.0.2:

  • Linux
    • Bug 23044: Don’t allow GIO supported protocols by default

原文:https://blog.torproject.org/blog/tor-browser-703-released

苹果 App Store 下架 VPN APP:影响和应对措施

2017年7月30日

中国大陆对VPN的封杀进一步升级,苹果公司(Apple)应用商店(App Store)中国区已下架几乎所有的VPN类应用程序(App)。被下架的除了VPN App以外,还包括Shadowsocks类App如Shadowrocket、Surge等。

对于经常需要翻墙的中国iPhone和iPad用户来说,这无疑是一个很大的打击。

美国《纽约时报》、英国路透社等均对此事做了报道。连爱德华·斯诺登也专门发推谴责了苹果公司的这一举动:

苹果应用商店App Store下架VPN类APP

苹果App Store下架VPN App的影响

苹果的应用商店App Store是苹果移动设备(包括iPhone、iPad等)用户下载App的主要途径,绝大多数用户都是通过App Store下载、更新App的。

苹果的App Store在不同国家、地区的设置、内容等都不尽相同,这次下架VPN类App的只有中国大陆地区的App Store,其它国家地区的苹果应用商店目前未受影响。

对于已经安装了被下架的VPN App的中国苹果用户,估计这些VPN App在近期内还能正常使用(如果在下架前仍可用的话),但由于原App已经下架,所以今后将难以更新。

对于尚未安装被下架VPN App的中国苹果用户,在App Store搜索这些VPN App时,将不再能找到该App,所以也就无法安装。

需要指出的是,在iPhone和iPad上使用VPN未必需要依赖于独立的App,用户可以手动设置和连接VPN,当然这种方式相对稍麻烦,但手动设置的VPN应该不受这次VPN App下架的影响,今后苹果用户理论上仍然可以不依赖于VPN App、手动设置和连接VPN。

然而,很多比较先进的VPN App都带有一些隐蔽本身连接、躲避监控干扰的附加功能。这种防封功能对于中国大陆VPN用户来说非常实用,但这些功能如果不通过独立的App,而是通过手动设置估计至少是比较麻烦的(如果不是不可能的话)。

对于安卓手机的用户,这条新闻应该没有什么特别影响。虽然VPN类App也已经开始从国内的安卓应用商店大批量下架,但安卓手机不同于iPhone和iPad,用户可以绕过应用商店,直接通过下载APK文件的方式来安装和更新App,所以安卓手机用户在翻墙方面会有更多的自由。

此外,这次下架仅对移动设备(iPhone、iPad)有影响,电脑(苹果电脑、Windows电脑、桌面电脑、笔记本电脑等)都不受到影响。

对于苹果App Store下架VPN App的应对措施

苹果App Store中国区下架VPN App,这对国内的苹果用户翻墙会造成比较大的麻烦,但中国网民一直在翻墙方面是具有斗争精神和聪明才智的。目前大概有以下几个应对措施:

1. 已经安装VPN App的iPhone、iPad用户,注意不要主动删除这些App,否则可能很难重新下载。

2. 已经安装VPN App的iPhone、iPad用户,建议及早通过iTunes备份这些VPN App。

3. 如有可能,建议再开通一个其它国家地区(如加拿大、香港等)的苹果账号,或临时将自己的苹果账号的地区更换成国家,然后通过使用其它国家苹果账号的方式下载、更新VPN App。这种方法较复杂,请自寻教程完成。

4. 如果已有VPN账号,VPN服务商一般会提供手动设置、连接VPN的教程。用户可以根据这些教程在iPhone或iPad上手动设置VPN,以备后用。

5. 考虑一下是否改用安卓手机?

附:在中国大陆仍然好用的VPN推荐

作为一家立足中国大陆、专门测试推荐VPN的网站,VPNDada.com一直在对各家VPN进行测试。基于目前国内VPN普遍被禁、前景黯淡的趋势,我们建议大家不要再使用国内VPN公司的产品,而是改用境外VPN。原因很简单:国外的VPN不受中国政府控制,不会突然被迫关闭。但是即使是国外的VPN,大部分在中国大陆也是无法使用的。基于我们的实地测试,目前向大家推荐以下几个好用的国外VPN(英文版:Best VPNs for China):

* logo-expressvpn  访问(含三个月免费优惠)
* logo-vyprvpn  访问
* logo purevpn  访问
* NordVPN logo 访问

 

我们会随时关注有关VPN的新闻,并及时更新我们的VPN评测结果。感兴趣的朋友可以关注我们的网站

祝大家翻墙愉快!

原文:https://www.vpndada.com/vpn-apps-removed-from-app-store-cn/

翻墙服务商倒下了,那么我们自己搭梯子翻墙,搭梯子傻瓜手把手教程

做为一个外贸人,真的是离不开google。但国内大环境如此,访问google困难重重。

但是再难,工作也是要展开的!我们之前还可以通过购买商家们的爬墙服务来实现访问google,但这阵严打,这类服务商死掉了一大批,很多朋友也平白遭受了损失!

以后政策会越来越收紧,能提供此类服务的商家会越来越少,取得合法资质运营此类业务的商家,其费用估计也是天价。

在这种情况下,我推荐大家自行搭梯子翻墙,个人自己搭建自己使用的梯子,不会成为重点打击对象。

本教程介绍的并非免费翻墙,需要购买一台境外服务器来作为自己的专用翻墙服务器,需要免费账号的朋友也可以E-mail博主 admin(at)glorystar.me,我可以免费提供临时账号,不保证长时间有效。

本篇教程全程傻瓜化,无任何技术难度,不需要输入任何命令,不需要记住任何代码。

分三步走,大概花十分钟就能建立起你自己的专用Shadowsocks服务器,完全不必觉得这会非常困难。

本篇教程以Bandwagonhost(搬瓦工)的 10G KVM – PROMO VPS 为基础,使用 shadowsocks 为梯子程序。

废话不多说,开始本篇教程。

1、 购买一台境外服务器用于搭建梯子的服务端–点击展开

搬瓦工年付19.99美元KVM架构VPS 1核CPU 512M内存 每月500G流量 <– 本篇教程使用

搬瓦工年付49.99美元KVM架构VPS 2核CPU 1024M内存 每月1T流量 <– 需要更高性能,更多流量选用

以上VPS任意选择一台购买
bwg2.png
为什么要选年付呢?因为年付相比每月付款等于5.5折!搬瓦工也有30天退款保证,觉得不好用再申请退款也可以。
bwg3.png
6个数据中心可选,建议选择Los(洛杉矶),离中国距离最近,开通以后也可以随意切换。

选完之后 点击最下面的 Add to Cart
bwg4.png
进入到购物车,可以看到结账明细,下面有优惠码输入框 输入 BWH1ZBPVK 6%优惠码 节省一点是一点吧。
bwg5.png
输入之后是这样的 之后点
 
checkout 结账
bwg6.png
新用户会要求填写一些信息注册账户,全部用拼音如实填写即可。注意地址一定要如实填写,不用写得那么细,但起码要和你所在城市一样,要不检测到IP地址与填写城市不一致,会被判欺诈,导致购买失败!
bwg7.png
三种支付方式供选择,哪个方便选哪个吧,本次以支付宝为例说明
bwg8.png
Complete Order 后再点 Pay now
bwg9.png
跳转到支付宝网站 选择扫码或登陆账号完成支付
bwg11.png
支付成功
bwg12.png
跳转回搬瓦工 显示订单完成并显示订单号
购买服务器完成

2、搭建shadowsocks server端–点击展开

搬瓦工直接在后台集成了shadowsokcs,登陆后台就能一键安装,方便小白用户(它知道你们看见命令行会头痛)

bwg21.png

在用户中心 选择 My Services

bwg22.png

可以看到你刚才购买的服务器已经激活运行,点击 KiviVM Control Panel 进入VPS管理面板

进入面板后你会看到一些服务器的运行信息,如内存使用量,磁盘使用量,流量使用情况等,可能你会看不懂,没关系,略过这些
我们直接安装shadowsocks server 如下图所示

bwg23.png

安装成功显示如下

bwg24.png

Go Back后就能看到shadowsocks的连接信息了 如下图所示

bwg25.png

shadowsocks服务端配置完成!

3、配置shadowsocks本地客户端–点击展开

搬瓦工不愧为Linux小白挚友 直接在后台就给出了客户端配置教程 我也在这里说下

Android安卓手机用户:

访问Play商店下载Shadowsocks-Android 手机里没有play商店?无法翻墙?(废话…) 没关系 点击这里下载手动安装

IOS苹果Iphone用户:

直接在Appstore里选择以下App之一安装。
shadowsocks原版 免费 需要越狱才能使用全功能 要不只是一个支付翻墙的浏览器
shadowrocket 售价18元 俗称小火箭 支持全局翻墙 无需越狱 推荐
Wingy 免费,支持全局翻墙 无需越狱,不过近期有朋友反馈不能用了
近期苹果官方已经把中国区的所有Shadowsocks应用下架了,如果你的Iphone绑定的是中国区的账号,会无法搜索到上述App,可以参考
此篇教程把账号更改成美国区账号,就能搜索到了。

Mac OS用户:

Mac OS X GUI Client
ShadowsocksX: 
2.6.3.dmg
GoAgentX: 
v2.2.9.dmg

Windows用户:

Windows XP和Windows 7 请下载 shadowsocks-win-2.3.zip 需要 .net framework 3.5 支持

Windows 8及Windows 10 请下载 shadowsocks-win-dotnet4.0-2.3.zip 需要 .net framework 4.6.2 支持

注意:此工具不是VPN之类全局代理,本质上只是一个Socks5代理,通过修改系统代理实现翻墙,可能会被360卫士或其它电脑安全管家之类的软件静默阻止,造成软件运行出错。运行前请退出某卫士或某管家,或把SS客户端加入其白名单!建议最好不要安装某卫士或管家,安装正统的杀毒软件,如卡巴斯基、NOD32、诺顿、McAfee,这些软件都不会对SS进行阻止!

这是绿色软件,下载之后解压就能用,打开 shadowsocks.exe 会看到通知栏有一个纸飞机图标 双击它
bwg26.png
填入服务端信息后确定,会自己最小化到通知栏,右键单击-启用系统代理
bwg27.png
好了 你可以打开浏览器看下能不能正常访问google了
bwg28.png
搞定!

提醒:网上有一些人在售卖或者免费提供SS帐号,我想说的是,你永远不知道电脑那一端的那个陌生人在想些什么,想干什么!使用别人提供的SS帐号是有安全隐患的,因为他知道你的加密方式,并且服务端掌握在他手里,他是可以对你的网络通信进行监听的,我们做外贸的,有时信息泄露的后果挺严重的,望大家慎重。

安全提醒:

Shadowsocks只是一个帮你穿越长城防火墙的小工具它无法帮你保持匿名!在使用时务必遵守中国(人在中国)和服务器所在地(服务器在美国)的法律!墙外言论纷杂,接收信息时务必保持自己的理性思辨!

后续更新

感觉速度很慢?使用BBR优化服务器加速小飞机!

Chrome+SwitchyOmega+Shadowsocks实现智能翻墙

Shadowsocks配合Proxifier实现全局翻墙

在路由器上装SS!手把手打造自己的外贸路由器

不差钱!不想用美国的服务器,只要速度快!没问题!阿里云HK、LinodeJP等高富帅服务器欢迎你  待更新

原文:https://glorystar.me/archives/use-bwg-through-the-GFW.html