Looked at what actually replaces Tailscale on Linux when the issue is DNS/netfilter/CGNAT invasiveness, not WireGuard itself. Headscale, NetBird, Netmaker, Nebula, and Cloudflare Tunnel each solve a different slice. The real fix is separating private management access from public-facing APIs.
Using Veilora's VeilShift™ as a lens, this piece breaks down what DPI looks at, and what VLESS + XHTTP + REALITY, uTLS, and xPaddingBytes can and cannot hide.
Practical VLESS + REALITY setup notes for a VPS: working Xray server config, client app choices, TLS camouflage behavior, fallback choices, and the main pitfalls before using it for China-facing connections.
Hysteria2 setup notes from a China-facing VPS — the actually-working YAML config, what to do when UDP/443 is blocked, Brutal congestion control pitfalls, and client apps per platform. Overview-level, not a full step-by-step.
Step-by-step guide to building an IKEv2 VPN server with strongSwan on CentOS 7, including certificate setup, firewall rules, and client configuration for iOS, macOS, Windows, and Android.
Hands-on 2026 comparison of ShadowSocks, V2Ray, SoftEther, WireGuard, OpenConnect, and IKEv2 for connecting from inside China. Speed, setup difficulty, GFW evasion strength, and a per-use-case recommendation — including which protocols are now effectively dead.
