Essentially no. As yorwba points out in a sibling post the GFW is wise to the protocols being used.
Algo doesn't work either.
Or more accurately they don't work for long. The GFW slowly degrades the connection over the course of some minutes, making it unusable after a while. This then resets every day or so.
After a series of days or weeks the IP address associated with the server is completely blocked.
The situation with Shadowsocks has more or less been the same for me. I have been unable to have a reliable connection to blocked websites with either a self-hosted (on servers outside of China) Algo or Shadowsocks server. This has meant it is impractical to run your own server with circumvention software. As far as I can tell the way that VPN providers get around this in China is to just operate a huge fleet of IP addresses that rotate in as they are inevitably blocked and leave ones that get blocked out of rotation long enough so that they are no longer blocked.
I have heard that V2Ray is the new way to go if you want to set up your own way of getting around the GFW, but it looks rather complicated to set up. https://github.com/v2ray/v2ray-core
Basically the GFW is quite sophisticated these days and the usual solutions used outside of China don't work.
I use Streisand to spin up both Wireguard and Shadowsocks whenever I visit China and sustain a ~300KB/sec connection usually on both of them. Occasionally it'll drop out for a night, but it's generally fine by the next morning, without needing to cycle the destination IP. I'm not sure whether it's to do with my hotel's wifi or the VPN itself. I run it off a DigitalOcean or Vultr VPS, depending on which is working better at the time.
Last time I used it (Feb this year), Streisand wrapped Shadowsocks in simple-obfs, but it appears that the latest release now uses v2ray since May or so. I'll be testing it in a few weeks when I'm next back there.
Wireguard 'just worked' back then, too. Assuming Algo does Wireguard the same as Streisand, I've no reason to believe it wouldn't work regardless of the method you use to set it up.
Oh that's fascinating. I just got back from China a couple of weeks ago after an extended stay. I had set up Algo and Shadowsocks separately on DigitalOcean and I wasn't able to sustain that kind of speed on them for more than a couple of minutes, even back in February (I kept trying off and on until about April and then gave up).
Interesting, I had no idea Streisand has a V2Ray option at this point. May have to give it another go.
Curious. I have a colleague who works from China a couple times a year and VPNs in to work (a well known US company) using Cisco AnyConnect[1] and tells me he's never had any trouble.
The GFW is likely sophisticated enough to make distinctions between corporate VPN connectivity using products like Cisco AnyConnect and personal use setups on AWS/DO/Azure/GC or even a home server.
One of the things I've wondered about, and I hope people more informed than me will forgive my ignorance, is whether it's possible to implement a VPN protocol that looks like ordinary HTTPS traffic. I know very little about the specific mechanics of network protocols so the very premise might be nonsensical but I would appreciate an explanation of why this might or might not be possible.
OpenVPN is based on SSL/TLS, which https also uses, but no, it wasn’t designed to look like https traffic.
For one thing, OpenVPN uses UDP on port 1194 by default due to technical issues running TCP over TCP. You can switch it to use TCP and run it on port 443, but the underlying VPN traffic usually doesn’t have the same pattern as a typical http connection so it is discernible from https via side-channel attacks. You can try obfuscating the traffic but my guess is that makes it look even less like https.
Some of the protocols supported by Streisand are basically useless because their packets are so easy to identify (OpenConnect and OpenVPN are definitely in that category), but I do know people successfully using Shadowsocks to circumvent the Great Firewall. They're not running their own servers, though.
GFW does not block all VPN protocols that are easy to identify. OpenConnect and OpenVPN are both easy to identify, but GFW interferes with the latter but not the former (for now).
