Yes! Last time I used sshuttle (bypassing content blocks in India by tunneling to a server in the US), my bandwidth dropped from 10mbps to 1mbps. Back then wireguard didn’t exist, but IPSEC could easily saturate the 10mbps link. I suspect it’s a combination of TCP-over-TCP and a horrible default buffer size that makes sshuttle unusably slow.
You don't need VPNs to bypass censorship blocks in India. Well, at least in my experience.
Apps that manipulate TCP packets locally to break fingerprinting [0] like GoodbyeDPI (Windows) [1], GreenTunnel (cross platform CLI) [2], Intra (Android) [3] have been adequate.
Pretty sure sshuttle doesn't suffer from TCP over TCP, similar to how normal SSH tunnels don't because they operate at layer 4 and copy the bytes manually onto the multiplexed connection. Layer 2-3 tunnels is typically where you run into issues.
I assume you’re talking about tunneling TCP over DNS queries. Does that really work on airplanes? A link to the code would be appreciated.
I thought captive portals force you to use their DNS servers by grabbing all UDP packets with the DNS port (regardless of destination IP) and those servers respond with the webserver’s IP regardless of what you query.
It does TXT record lookups or equivalent. Those get resolved correctly without any interference from the captive portal. Here is something similar in technical nature to what I have used in the past (free DNS VPN apps on ios) https://github.com/JadenGeller/Burrow-Client
Last I checked, wireguard had much better performance than sshuttle. May or may not matter for your use case, but it's a reason.