For bypassing filtering in my country, I've rented an abroad server (CentOS 5) with 256 MB of RAM. Client is Ubuntu 12.04. I run this command in client to set up the tunnel:
ssh -CNfD 1080 <user>@<server-ip>
In Firefox settings, I defined a socks proxy server:
localhost:1080
By using this method, everything works properly and I can bypass the limitations. But, the speed degrades reasonably. I don't know why. I guess some reasons and I want to share them with you and have your opinions:
If I use direct connection, most sites use http, but when I use proxy, all sites have to use the secure connection prepared by ssh. My provider may have decreased the speed of secure connections. (I think this may be the matter, but it seems that https sites not using the proxy still open faster.)
Such tunnelling essentially causes the internet speed to decrease. Maybe because of overhead which applies to secure packets or some other reason. If so, what can I replace? I have a working dedicated server.
PS. The server internet connection speed is much higher than the speed (bandwidth) between client and server.
PPS. May I set up an http tunnel? Or use some software instead of ssh to be faster and has less overhead or not to use https?
Please help me figure out what is really happening, since I'm not so familiar with these concepts.
I am afraid there is not much you can do...
Indeed it is to be expected that speed, latency and throughput decrease when you tunnel your payload data through an encryption tunnel. Reason mainly is the overhead of encryption and also, depending on the connection at hand, the modified (longer) routing. You have to take into account that most of the encryption has to be done by your tunnel endpoint, so your server in this case. If that system lacks computation power, then the result will be reduced throughput, obviously. Things like CDN also won't work the same any more.
It might very well be that your service provider throttles different types of connection. Especially in areas with high control and censorship over communication content it clearly makes sense for the authorities to prefer not encrypted payload, so payload that can be controlled and filtered. Everything that keeps people from using encryption is in their interest. So throttling encrypted communication only makes sense from their point of view. Sad, but true nevertheless.
The only thing that could have an impact is some details about your tunnel endpoint, so your server in this case. Increased computation power could reduce an bottle neck if that system shows high load cause by the encryption.
Also it's network connection is of interest, just as your local connection: the encrypted tunnel requires much more control data on the upload side compared to not encrypted traffic. Since typically the upload bandwidth is much lower than for download this could also be an issue.