Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
freem
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Openai/6937b8ff-b070-8002-89c2-4f3c35f2c29a
(section)
Add languages
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== ## === 一旦握手成功: * 设备获得会话密钥 * 建立 WireGuard-like 隧道 * Google 分配虚拟 IP 之后的流量是基于这种隧道进行加密传输的,不依赖最初的连接方式。 ==== 换网络后: ==== Google VPN 会向 Google 后端发出: <syntaxhighlight>带认证标识的加密重连请求 </syntaxhighlight> 它的流量表现为: * 正常 TLS/QUIC * 到 Google Cloud 后端 * 无可识别指纹 * 包长度、时间行为都可随机化 几乎与 Firebase / Google Play 的后台同步流量一致 因此 GFW 完全没有办法在这一跳识别出“这是 VPN”。 ==== Google VPN 是为 Android/Pixel 的隐私特性设计的,要能应对: ==== * 移动网络波动 * WiFi 热点间切换 * 信号弱时丢包 * 移动运营商 CGNAT * IP 频繁变化 所以它的 IkeInitiator, tunnel resume, and roaming 机制异常强大。 GFW 在旁边看起来像什么? <syntaxhighlight>用户 → Google API 的加密流量 </syntaxhighlight> 根本无法鉴别其“VPN身份”。
Summary:
Please note that all contributions to freem are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 (see
Freem:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
