Trojan offers the best balance of simplicity and evasion for personal use, while V2Ray provides superior flexibility for teams through multiple protocol support and traffic distribution. Shadowsocks prioritizes speed but requires additional obfuscation to defeat China’s deep packet inspection. This 2026 guide compares all three tools with installation instructions, traffic obfuscation strategies, and performance benchmarks to help you choose the right solution for your threat model.
Protocol Overview
Shadowsocks
Shadowsocks originated as a fork of the encrypted proxy project and uses the SOCKS5 protocol tunneled through encrypted connections. The most common implementation, ShadowsocksR, added obfsproxy capabilities for traffic obfuscation.
Strengths:
- Minimal overhead and fast performance
- Simple configuration files
- Wide client support across platforms
- Large community and documentation
Weaknesses:
- Single-port design makes traffic patterns more detectable
- Active probing can identify Shadowsocks signatures
- Limited built-in traffic randomization
V2Ray
V2Ray (Project V) is a more platform that supports multiple protocols and routing capabilities. It implements VMess, VLESS, and Trojan protocols natively, along with sophisticated traffic routing and balancing.
Strengths:
- Multiple protocol support (VMess, VLESS, Trojan, Shadowsocks)
- Built-in routing and traffic distribution
- TLS fallback capabilities
- Active development and frequent updates
Weaknesses:
- Complex configuration syntax
- Higher resource consumption
- Steeper learning curve
Trojan
Trojan was designed specifically to mimic HTTPS traffic, making it difficult for the GFW to distinguish from legitimate web browsing. It operates on port 443 and negotiates like a regular TLS connection.
Strengths:
- Traffic appears identical to standard HTTPS
- Excellent resistance to DPI and active probing
- Lower computational overhead than V2Ray
- Simple, focused design
Weaknesses:
- Requires a valid TLS certificate
- Less flexible than V2Ray for complex routing
- Smaller community compared to Shadowsocks
Installation and Configuration
Shadowsocks (ShadowsocksR)
Server installation (Python):
pip install shadowsocksr
Server configuration (config.json):
{
"server": "0.0.0.0",
"server_port": 8388,
"password": "your-secure-password",
"method": "aes-256-gcm",
"protocol": "origin",
"obfs": "plain",
"timeout": 300
}
Start the server:
ssserver -c config.json -d start
V2Ray
Server installation:
# Download and install
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
Server configuration (config.json):
{
"inbounds": [
{
"port": 443,
"protocol": "vmess",
"settings": {
"clients": [
{
"id": "b831381d-6324-4d53-ad4f-8cda48b30811",
"alterId": 0
}
]
},
"streamSettings": {
"network": "tcp",
"security": "tls",
"tlsSettings": {
"certFile": "/path/to/cert.pem",
"keyFile": "/path/to/key.pem"
}
}
}
],
"outbounds": [
{
"protocol": "freedom",
"tag": "direct"
}
]
}
Trojan
Server installation:
# Using the official script
bash <(curl -L https://get.trojan-gfw.org/trojan-install.sh)
Server configuration (config.json):
{
"run_type": "server",
"local_addr": "0.0.0.0",
"local_port": 443,
"remote_addr": "127.0.0.1",
"remote_port": 80,
"password": [
"your-secure-password"
],
"tls": {
"cert": "/path/to/fullchain.pem",
"key": "/path-to/private.key",
"sni": "your-domain.com",
"alpn": [
"http/1.1"
],
"fallback": "127.0.0.1:80"
}
}
Traffic Obfuscation Comparison
The primary challenge with China’s GFW is traffic detection. Here’s how each tool handles obfuscation:
Traffic Signatures
| Tool | Protocol Signature | Detection Difficulty |
|---|---|---|
| Shadowsocks | AES-GCM encrypted SOCKS5 | Moderate - detectable via timing analysis |
| V2Ray (VMess) | Randomized UUID patterns | High - with TLS wrapping |
| V2Ray (VLESS) | UUID + encryption | Very High - withXTLS |
| Trojan | Standard HTTPS/TLS | Very High - indistinguishable from web traffic |
Recommended Obfuscation Settings
For Shadowsocks, use the aes-256-gcm encryption with auth_chain_a protocol:
{
"method": "aes-256-gcm",
"protocol": "auth_chain_a",
"obfs": "http_simple"
}
For V2Ray, use VLESS with XTLS or TLS fallback:
{
"protocol": "vless",
"settings": {
"clients": [{ "id": "uuid-here", "flow": "xtls-rprx-direct" }]
},
"streamSettings": {
"network": "tcp",
"security": "xtls",
"xtlsSettings": { "certFile": "/path/to/cert.pem" }
}
}
For Trojan, the default configuration already mimics HTTPS, but you can add fallback handling:
{
"fallback": [
{
"alpn": "http/1.1",
"dest": 80
},
{
"alpn": "h2",
"dest": 443
}
]
}
Performance Benchmarks
Based on community testing and independent measurements:
| Tool | Latency Overhead | Throughput | CPU Usage |
|---|---|---|---|
| Shadowsocks | 2-5ms | Near line-speed | Low |
| V2Ray (VMess) | 5-10ms | 80-90% of line-speed | Moderate |
| V2Ray (VLESS+XTLS) | 3-7ms | 90-95% of line-speed | Moderate |
| Trojan | 3-8ms | 90-95% of line-speed | Low |
Security Considerations
All three tools provide encryption, but they differ in forward secrecy and authentication:
- Shadowsocks: Uses symmetric encryption (AEAD). No forward secrecy by default.
- V2Ray VMess: Uses Time-based UUIDs with optional authentication.
- V2Ray VLESS: No encryption by design (relies on TLS), but supports XTLS for memory encryption.
- Trojan: Relies entirely on TLS 1.3 for encryption and forward secrecy.
For high-security requirements, combine V2Ray or Trojan with a reputable TLS certificate from Let’s Encrypt and enable certificate pinning on the client side.
Deployment Recommendations
Personal Use: Trojan offers the best balance of simplicity and circumvention capability. The HTTPS imitation provides strong resistance to blocking with minimal configuration.
Team/Organization: V2Ray’s routing capabilities make it suitable for distributing traffic across multiple servers and implementing failover.
High-Risk Environments: V2Ray with VLESS and XTLS provides the strongest resistance to advanced detection methods.
Updating and Maintenance
All three tools require regular updates to address new detection methods:
# Update ShadowsocksR
pip install -U shadowsocksr
# Update V2Ray
systemctl stop v2ray
bash <(curl -L https://raw.githubusercontent.com/v2fly/fhs-install-v2ray/master/install-release.sh)
systemctl start v2ray
# Update Trojan
systemctl stop trojan
bash <(curl -L https://get.trojan-gfw.org/trojan-install.sh)
systemctl start trojan
Monitor your server logs for connection failures and unusual patterns that might indicate probing or impending blocking.
Related Articles
- How To Build Portable Censorship Circumvention Kit On Usb Dr
- How To Use Naiveproxy To Disguise Censorship Circumvention T
- How To Bypass China Great Firewall Using Shadowsocks With Ob
- China Golden Shield Project How Censorship Detection Works T
- How To Configure Cloak Plugin For Shadowsocks To Evade Activ
Built by theluckystrike — More at zovo.one