Tell HN: VPN Situation in Iran
Over the past years, I would create a OpenVPN server with a port other than default OpenVPN port (1194) and share the connection with my family member in Iran. Using a random port was needed because default OpenVPN is blocked in Iran for sometime (probably since 2010). But recently [after the recent internet shutdown] I notice a change. My family member cannot even connect to a server IP address or (private) domain using any port so VPN doesn't work anymore. Instead they are only able to connect to the outside world using locally paid VPNs but applications that have end-to-end encryption doesn't work anymore with these VPNs (Telegram, WhatsApp and etc).
So my theory is they cut off the connection to outside and people are only able to connect with outside world using certain VPNs that are probably made by the government. Not really sure.
31 comments
[ 0.29 ms ] story [ 88.2 ms ] threadFYI: Tor Browser (Bundle) 11.5.4 – (All Platforms) release is due, probably within a few hours
Help people in Iran reconnect to Signal – a request to our community : https://www.signal.org/blog/run-a-proxy/
Also, what DNS are they using, is DoH or DoT able to be used?
Another option if SSH is still permitted to VPS providers, one could tunnel over SOCKS connections through a VPS VM initially as the first hop, then through a friends home in that same region outside of Iran as the second hop to minimize the number of CATPCHA's one is subjected to. SSH can make multiple hops transparent to the client. Ensure DNS resolution in the browser is set to use the upstream SOCKS connection. As with the previous proposal, try to make the VM look like a git repo or something else work related.
One could find some examples of both of the above ideas on SuperUser, StackExchange and ServerFault.
Here [1] is a previous discussion on the topic or Iran internet lock-down.
[1] - https://news.ycombinator.com/item?id=33025954
I would suggest using Outline (based on Shadowsocks but with easy interface)
Or set up OpenConnect Server on Cisco Anyconnect mode, it is based on HTTPS and it looks exactly as https on the wire
Either way, I agree Shadowsocks is another great option. The more options people have the better.
Outline on the other hand appears to be a service that someone would have to trust and pay for. Commercial VPN providers are a great targets for swooping up large swaths of dissenting citizens. I believe people should stick with tools they can entirely host themselves. Using a VPN provider is probably fine for things like Netflix region selection but very much not for subverting a states control. It's risky enough to pay for a VM. People outside of Iran could contribute VM's for this purpose.
Not just ss but also xray/v2ray, cloak, goodbyedpi, trojan-gfw etc.
Imagine if your ISP blocks the front page of The Post yet you are still allowed to talk to me. Well, I can simply read the information to you over the phone under a plausibly deniable "eg even number of words in a sentence =1" algorithm.
In the end I found the easiest solution was to use SSTP (which is just PPP over TLS). I just used this [1] for the server implementation. And Windows has built in support for it so saves a lot of trouble if you wanna share it with family.
1. https://www.softether.org/
https://www.wsj.com/articles/iranian-protesters-struggle-to-...
https://www.iranintl.com/en/202202123131
may help
Tell HN: The Internet situation inside Iran
https://news.ycombinator.com/item?id=33025954
If state actors can see you wearing a mask, it still means you're visible.
Make a website. HTTPS. Put something like PHProxy on it. If you really want to, stick on some messaging, like a BBS. Then you can upload stuff. It's not going to be quite as quick as snapping a pic on WhatsApp or Twitter, but it's not bad.
Then put a plausible front on the website. Like, if you're in the grains business, put some public data about grain prices, trade broker services, weather, that sort of thing.