The GFW of china does do HTTP SNI DPI Detection of the softetherVPN protocol and actively probe and block them

[oscar]

The GFW of china does do HTTP SNI DPI Detection of the softetherVPN protocol and actively probe and block them

So here's my question:

1.If Softether VPN project adds a function to hide as SNI/http client hello handshakes in the softether vpn protocol using a plugin in the software,then even if the DPI scanner of the firewall do active probing,but because there's no identical handshakes or SNI parterns for them to block and do tcp blocking,this make it harder for DPI firewalls like in china & iran to stop the softether vpn protocol

2.Just like the project v2ray shadowsocks,it implements obfuscation and customize strings and keys for client/server encryption,but softether seems using the old AES-128 at all times,if the DPI just scans the header of the http/s get/post string and the client hello data,it can block the connection in real time,so what if softether also implements such custom strings and keys function into the software itself in the future?

3.Note that currently it's impossible for a DPI firewall to stop a connection based on shadowsocks/v2ray in a real scenario,all traffic just like a normal https session but all identical information are obfuscated and cannot read in a readable ASCII form of text,the DPI firewall now only block ip address very rudely based on IP CIDR range and AS Number,notice the word RUDELY,because it's neither AI or machine learning to do the blocking,the method behind the tcp and ip blackholing is just very rudely implemented