Real-World Performance of VMess in Censored Environments: Evaluating Latency, Throughput, and Stealth

5/24/2026 · 2 min

1. Test Environment and Methodology

Tests were conducted in a network environment with Deep Packet Inspection (DPI) and active probing capabilities. Nodes were located in three regions: Eastern China, Southeast Asia, and North America. The client used V2Ray 5.0.1, and the server was configured with VMess over WebSocket + TLS, with mKCP multiplexing enabled. Comparison protocols included Shadowsocks AEAD-256-GCM and Trojan. Each test was repeated 10 times, and the median was taken.

2. Latency Performance

2.1 Baseline Latency

Under no interference, VMess handshake latency was 15-20ms higher than Shadowsocks, mainly due to TLS handshake and protocol header encryption. Compared to Trojan, VMess latency was slightly higher (about 5ms), but the difference was acceptable.

2.2 Performance in High-Latency Networks

In networks with packet loss exceeding 5%, VMess's mKCP multiplexing significantly reduced latency jitter, with average latency 30% lower than TCP mode. However, mKCP added about 10ms overhead when packet loss was below 1%.

3. Throughput Tests

3.1 Single Connection Throughput

Under 100Mbps bandwidth, VMess single connection throughput reached 85Mbps, lower than Shadowsocks (92Mbps) and Trojan (90Mbps). The bottleneck was VMess's encryption and authentication overhead.

3.2 Multi-Connection Concurrency

With mKCP enabled, VMess throughput increased to 120Mbps under 10 concurrent connections, surpassing Shadowsocks (95Mbps). However, mKCP caused a 30% throughput drop in weak network conditions due to retransmissions.

4. Stealth Evaluation

4.1 Traffic Feature Analysis

VMess's traffic randomization padding and TLS camouflage made it difficult to identify under DPI. In tests, VMess traffic closely resembled HTTPS, with a false positive rate below 5%. In contrast, Shadowsocks's fixed features (e.g., protocol headers) were identified by latest DPI devices with over 70% accuracy.

4.2 Active Probing Defense

VMess's authentication mechanism effectively resisted active probing. When non-authenticated packets were sent to a VMess port, the server returned random data instead of error responses, successfully confusing probing tools. Trojan had similar capability, but Shadowsocks's AEAD mode returned explicit errors under probing.

5. Optimization Recommendations

  1. Enable TLS: Always use WebSocket + TLS to avoid bare VMess feature identification.
  2. Adjust mKCP Parameters: Enable mKCP when packet loss exceeds 3%; otherwise use TCP.
  3. Traffic Camouflage: Combine with camouflage sites (e.g., CDN) and random delays to further reduce fingerprint risk.

6. Conclusion

VMess excels in stealth, especially against active probing. Although latency and throughput are slightly inferior to Trojan and Shadowsocks, optimization via mKCP and TLS can bridge the gap. It is recommended for scenarios requiring high stealth.

Related reading

Related articles

Evaluating VPN Quality of Service: A Comprehensive Testing Framework for Latency, Throughput, and Packet Loss
This article proposes a systematic framework for evaluating VPN quality of service, covering three core metrics: latency, throughput, and packet loss. Through standardized testing methods and tool selection, it helps users objectively compare different VPN providers and offers optimization recommendations for various use cases such as streaming, gaming, and remote work.
Read more
VPN Speed Testing in Cross-Border Scenarios: Deep Analysis of Latency, Throughput, and Stability
This article provides an in-depth analysis of key VPN speed testing metrics in cross-border scenarios: latency, throughput, and stability, covering testing methods, influencing factors, and optimization strategies to help users accurately evaluate VPN performance.
Read more
Quantitative Assessment of VPN Connection Health: A Comprehensive Model of Latency, Packet Loss, and Throughput
This article proposes a quantitative assessment model for VPN connection health based on latency, packet loss rate, and throughput. Using weighted scoring and threshold judgment, it helps users quickly diagnose VPN performance issues and optimize network experience.
Read more
Decoding VPN Performance Metrics: Measuring and Optimizing Latency, Throughput, and Packet Loss
This article provides an in-depth analysis of three core VPN performance metrics: latency, throughput, and packet loss, covering measurement methods, influencing factors, and optimization strategies to help network engineers and users improve VPN connection quality.
Read more
VPN Speed Testing Methodology: How to Accurately Assess Real-World Performance
This article presents a systematic methodology for VPN speed testing, covering test variable control, multi-protocol comparison, and separate evaluation of latency and throughput, helping users avoid common pitfalls and obtain truly comparable performance data.
Read more
VPN Protocol Fingerprinting and Countermeasures: Offensive and Defensive Practices Against ISP Deep Packet Inspection
This article delves into how ISPs use Deep Packet Inspection (DPI) to fingerprint VPN protocols, analyzing the fingerprint characteristics of mainstream protocols like OpenVPN, WireGuard, and Shadowsocks. It also provides countermeasures including protocol obfuscation, traffic masquerading, and encryption optimization to help users evade detection and protect privacy.
Read more

FAQ

What is the main advantage of VMess in censored environments?
VMess's main advantage is its high stealth, including traffic randomization padding, TLS camouflage, and active probing defense, making it difficult for DPI devices to identify and block.
How does VMess compare to Shadowsocks in latency and throughput?
VMess typically has 15-20ms higher latency and about 7-8% lower single-connection throughput than Shadowsocks. However, with mKCP enabled under multi-connection concurrency and weak networks, VMess throughput can exceed Shadowsocks.
How can VMess performance be optimized?
Always enable TLS (WebSocket + TLS), adjust mKCP parameters based on packet loss (enable when loss >3%), and combine with camouflage sites and random delays to further reduce fingerprint risk.
Read more