It seems that TSPU (RF) algorithms have learned to accurately detect MTProto traffic inside Fake-TLS, based on payload analysis after connection establishment.
I captured a traffic dump (Wireshark) and discovered the following blocking pattern:
1. Normal availability check and initial handshake succeed. The server responds to TCP SYN, and the TLS Client Hello and Server Hello exchange completes.
2. As soon as Application Data transmission (the actual MTProto session setup) begins, TSPU intervenes in the process.
3. The connection is not actively terminated (DPI does not send a TCP RST), but packet drops occur. The client starts spamming [TCP Retransmission], trying to reach the server, but there is no further response.
By the way, if you simply test server availability, the connection establishes perfectly.
I am using the latest version of mtg (2.2.8) as well as the latest version of Telegram.
It seems that TSPU (RF) algorithms have learned to accurately detect MTProto traffic inside Fake-TLS, based on payload analysis after connection establishment.
I captured a traffic dump (Wireshark) and discovered the following blocking pattern:
By the way, if you simply test server availability, the connection establishes perfectly.
I am using the latest version of mtg (2.2.8) as well as the latest version of Telegram.