shadowsocks · tls camouflage · v2ray-plugin
Works where
VPNs are
blocked.
Your traffic looks like ordinary HTTPS to any firewall or active probe. One QR scan to connect.
resolving server endpoint...
plan: standard · 200 GB remaining
$ store4gateway --help
$ store4gateway compare --protocols
VPNs fail against deep-packet inspection in Iran, Myanmar, and mainland China. Shadowsocks was built to defeat protocol fingerprinting — not to hide it.
| dimension | vpn | plain ss | our stack |
|---|---|---|---|
| passive dpi | detected | usually passes | looks like https |
| active probing | partial (obfs servers) | exposed since ~2019 | probe sees real tls |
| cn/ir/mm record | blocked on std configs | works until probed | resists known methods |
| full tunnel | yes, by default | tun mode available | tun mode available |
| setup | app install, one-tap | qr scan | qr scan |
$ store4gateway plans
| plan | price | data / mo | |
|---|---|---|---|
| starter | $3/mo | 50 GB | |
| standard# most popular | $6/mo | 200 GB | |
| pro | $10/mo | 500 GB |
# included with all plans
✓shadowsocks over tls — censorship-resistant
✓works with shadowrocket, v2rayng, clash
✓unlimited devices
✓cancel anytime
$ store4gateway faq
Q:What is Shadowsocks and how is it different from a VPN?[+][-]
Shadowsocks is an encrypted proxy protocol, not a VPN. VPNs like WireGuard and OpenVPN produce a distinctive handshake that deep-packet inspection can identify and block. Shadowsocks was designed to look like random noise, and with v2ray-plugin and TLS camouflage, our stack wraps that traffic as HTTPS on port 443 — structurally indistinguishable from a normal encrypted web session.
Q:Why does this work when my VPN is blocked?[+][-]
Firewalls block VPNs by fingerprinting their handshake signatures and blacklisting known server IP ranges. Our Shadowsocks server uses TLS camouflage: your connection appears as a normal HTTPS session on port 443. Active probes from the firewall receive a valid TLS response from what looks like an ordinary web server. There is no VPN handshake to detect.
Q:Does this use TLS camouflage? What protocol exactly?[+][-]
Yes. We run shadowsocks-rust with v2ray-plugin in WebSocket-over-TLS mode on port 443. Your access key URL includes all plugin parameters in SIP002 format. Any compatible client — shadowsocks-android, shadowsocks-windows, ShadowsocksX-NG, or Shadowrocket — configures the full chain automatically from the QR code. No manual setup.
Q:Which app do I use?[+][-]
The original Shadowsocks apps are free and open-source: shadowsocks-android (Google Play or GitHub), shadowsocks-windows (GitHub), and ShadowsocksX-NG (macOS, GitHub). For iOS, Shadowrocket ($2.99, US App Store) is the standard choice. Any client that handles the SIP002 URI format will work. See store4gateway.com/install for step-by-step guides.
Q:What happens if I hit my data cap?[+][-]
Your connection slows to 1 Mbit/s for the rest of the month. No overage charges, ever.
Q:Do you keep logs?[+][-]
We log bandwidth counts for billing. We do not log destinations, timestamps, or content. No browsing history is stored.
Q:Can I pay with crypto?[+][-]
Yes. BTC, Bitcoin Lightning, and USDT-TRC20 (Tron) via BTCPay Server. We do not currently accept ETH or other ERC-20 tokens.