Hysteria2:
The 4K/Gaming Solution
UDP-based protocol with aggressive congestion control. Designed for real-time applications that need low latency and high throughput — even when the network is fighting you.
Quick Synthesis
- Verdict: Hysteria2 is the fastest anti-censorship protocol for China, ideal for gaming and streaming but with moderate GFW resistance
- Protocol Mechanism: QUIC-based with custom congestion control (Brutal CC)
- GFW Resistance: Medium (QUIC fingerprint detectable during deep crackdowns; survives normal periods)
- Performance (China): 130ms Latency, 68% Uptime (Tested: April 2026 via Shanghai China Telecom)
- Best For: Gaming with low latency requirements, 4K video streaming from China, Users on high-bandwidth fiber connections
Context: Hysteria2's QUIC-based transport delivers the lowest latency of any anti-censorship protocol (110-150ms), but its QUIC fingerprint makes it vulnerable during political sensitivity periods. For guaranteed reliability, consider ExpressVPN which uses obfuscated protocols.
Quick Summary — What Is This?
Think of it like this: Most circumvention protocols use TCP — the "polite" protocol that waits when the network is congested. Hysteria2 uses UDP, which is more like a firehose. When the GFW drops packets to slow you down, Hysteria2's built-in error correction and aggressive congestion control push through the losses instead of backing off.
What It Is
A UDP proxy that recovers from packet loss better than TCP alternatives
Why It Works
Aggressive congestion control ignores GFW-induced throttling
Who It's For
Gamers, 4K streamers, and anyone on mobile data needing speed
What Is the QUIC-Throttling Challenge?
In February 2026, Chinese ISPs — particularly China Telecom — deployed enhanced QUIC traffic classification. The GFW now extracts SNI information from the initial QUIC handshake and applies targeted throttling to unrecognized patterns. Standard Hysteria2 connections without obfuscation are now reliably identified within ~30 seconds on China Telecom backbone routes.
Enable Salamander obfuscation + UDP Noise to defeat QUIC classifiers
How Do Salamander Obfuscation and UDP Noise Work?
The key to making Hysteria2 work in 2026 is Salamander obfuscation. This mode wraps QUIC packets in a layer that disrupts the ISP's traffic classifier by injecting randomized "noise" packets alongside legitimate data. The classifier can't build a reliable traffic fingerprint when random data is mixed in.
sequenceDiagram
participant Client as 📱 Client
participant GFW as 🔥 GFW Classifier
participant Server as 🖥️ Hysteria2 Server
Note over Client,Server: Hysteria2 with UDP Noise
rect rgb(220, 252, 231)
Note over Client,Server: Handshake Phase
Client->>Server: QUIC Initial (TLS 1.3)
Server-->>Client: QUIC Handshake
Client->>Server: Auth (password)
Server-->>Client: Auth OK
end
rect rgb(219, 234, 254)
Note over Client,Server: Data Phase + Noise
Client->>Server: Real Data Packet
Client->>GFW: Noise Packet (random size)
Client->>Server: Real Data Packet
Client->>GFW: Noise Packet (random timing)
Client->>Server: Real Data Packet
end
GFW->>GFW: Classify traffic pattern
GFW->>GFW: Pattern inconsistent ✗
GFW->>GFW: Cannot reliably classify
Note over GFW: Result: No confident match = No block China Unicom (AS4837) has significantly less aggressive UDP throttling compared to China Telecom. If you're on a mobile plan, switching your data carrier to China Unicom can improve Hysteria2 throughput by 40-60%. The AS4837 backbone has wider tolerance for unclassified UDP traffic.
How Should You Configure the Server?
The following configuration enables Salamander obfuscation with optimized QUIC window sizes for high-throughput scenarios. The bandwidth hints help Hysteria2 calibrate its congestion control.
{
"listen": ":443",
"tls": {
"cert": "/etc/hysteria/server.crt",
"key": "/etc/hysteria/server.key"
},
"obfs": {
"type": "salamander",
"salamander": {
"password": "YOUR_OBFUSCATION_PASSWORD"
}
},
"quic": {
"initStreamReceiveWindow": 16777216,
"maxStreamReceiveWindow": 16777216,
"initConnReceiveWindow": 33554432,
"maxConnReceiveWindow": 33554432
},
"bandwidth": {
"up": "200 mbps",
"down": "1000 mbps"
},
"auth": {
"type": "password",
"password": "YOUR_AUTH_PASSWORD"
}
}⚠️ Configuration Notes
- Bandwidth: Set the
upanddownvalues to approximately 80% of your actual line speed. Over-estimating causes packet loss; under-estimating limits throughput. - TLS Certificate: Use a real certificate (Let's Encrypt) — self-signed certs are flagged by the GFW's certificate transparency logs.
- QUIC Window Sizes: The values above (16MB stream / 32MB connection) are optimized for 4K streaming. For gaming only, reduce to 4MB / 8MB to lower memory usage.
Prefer a one-click setup? ExpressVPN bypasses the GFW with zero configuration at $8/month. For a full comparison of all protocols, see the protocol performance matrix.
Which ISP Routes Are Recommended?
| ISP | UDP Throttling | Hysteria2 Success | Notes |
|---|---|---|---|
| China Unicom | LOW | 85% | Best ISP for Hysteria2. AS4837 route preferred. |
| China Mobile | MODERATE | 65% | Obfuscation required. CMI routes have variable results. |
| China Telecom | AGGRESSIVE | 40% | CN2 GIA routes only. Standard 163 backbone blocks UDP aggressively. |
When Should You NOT Use Hysteria2?
- ✗ During Political Events: The GFW shifts to "whitelist mode" during sensitive periods. Only TCP-based protocols (VLESS-Reality) with whitelisted SNIs survive these crackdowns.
- ✗ On China Telecom without CN2 GIA: The standard 163 backbone throttles all unclassified UDP to ~1 Mbps during peak hours.
- ✗ If Stealth Is Priority: UDP protocols are inherently louder on the network. If you need to avoid detection entirely, use VLESS-Reality instead for more stealth.