I've been using AmneziaWG for a while, as I found its code base easier to audit and configure on various UNIX machines since it basically matches the tried and true SELinux, nftables and daemon boilerplates around Wireguard. Unfortunately, both the protocol itself and the servers of this VPN provider are increasingly being blocked on mobile networks.
When I experimented with various clients for the broad stealth proxies category, I discovered various shortcomings, including DNS leaks, the inability to strictly use the DNS server provided by the config, and leaks outside the tunnel as well as DNS leaks caused by an upstream AOSP bug, which, fortunately, had already been fixed in my ROM. The v2rayNG clients on Android and, in particular, Nekobox on all platforms proved to be problematic.
I want to have a backup tunneling solution that would not only allow me to bypass censorship, but also preserve my privacy. Unfortunately, the guides written by the xeovo clearly state that information leaks are possible and can be observed in practice when using the recommended clients.
My question to the community is: have you conducted research similar to mine, and which client did you choose? Personally, I audited the code base of several applications and ultimately came to the conclusion that I like Hysteria the most.
1 Comment
Hi,
Yes, we did a lot of testing and troubleshooting of Stealth Proxy protocols, that's why we have warnings in every guide. From our testing there are only two reliable and good clients, which are Outline and Shadowrocket.
The problem with Outline is that it only supports Shadowsocks, which is mostly blocked, does not have subscriptions and is made/backed by Google.
The problem with Shadowrocket is that it's paid, closed source and only available on macOS.
All remaining clients are forks of forks that might survive a couple of years and then disappear, because nobody keeps them updated.
Hysteria has the cleanest code so far compared to others, but it's a "protocol" and not an "application", so you will still rely on the same clients that you use for Stealth Proxies. Unless Hysteria decides to develop their own client (highly unlikely).
We hope to find a middle ground and solve this issue with our own clients (no ETA).