2 points
VPN detection is simple: track new encrypted connections outside of Russia, connect to the same server, check if it replies as a VPN server. If it does, block the shit out of it. No need for packet inspection or any voodoo.
1 point
Fair enough. I mean, there are ways around that too, like some port knocking scheme, but I assume that this shadowsocks thing solves the same problem in a better way.
But I do stand by what I was responding to on, the bit about the internal IP packets being encrypted and not readable.