A summary on Iran's current internet situation #182
Comments
|
iranians problems in this space basically comes down to not debugging stuff systematically we ask people to test stuff in a controlled fashion to rule out possible vectors in censorship but they just post info with another set of parameters activated and don't mention the most important thing: the network/isp that they tested it through! it's as if they got some config working for their particular isp and call it quits...maybe this is the way my conclusion: if you got something working for both mobile networks, it's gonna work for other isps |
I disagree, Iranians problems come down to a government which has forced normal people to have to deal with this kind of stuff.
Not everyone has access to all or many different ISPs. We are trying tho, countless groups and discussions are sharing their setups for others to test on their ISP. Also, ISPs mostly act the same when it comes to censorship so there is basically two groups of them: home connections and mobile. FYI I tested the above mentioned on TCI home connection and MTN mobile network. |
That's why we should share what network a particular config works in. for example I don't know of any solution that works in both irancell and hamrah aval. i believe if there is a method for these conditions, it's gonna work for every network. but it seems the 8 or 10 iranians here also don't have a working solution in the above scenario. I tested many things (vless+xray+tcp+tls, vless+xray+tcl+xtls, trojan-go (all modes except local cdn), hysteria (almost all modes except port hopping), naiveproxy), none of them work in above condition.
like where? telegram groups? |
|
@Azadzadeh I have a solutions that works everywhere but I'm too afraid to share it since it might get banned if it gets popular. To give you a hint it involves a server in Iran with one of it's ports being forwarded to a foreign server that has a VPN service like OpenVPN UDP. The port forwarding shouldn't be done with iptables since UDP can't pass through but rather with an app that changes UDP packets and makes them look like tcp or icmp. Tunneling UDP itself also works on some servers but not others, it depends on your Iran server provider. I don't recommend this tho since the Iranian provider always asks for every personal info you have and most of the time f**ks you over with some BS rule about traffic usage or tunneling or ... and/or overcharges you extremely because they know we are desperate. We better find some way of connecting without the need for a domestic server since the server doesn't act any different than ISPs as of now. Even the above mentioned solution can be done without a server but the problem is most apps you can find on Github for this kind of setup don't have a client for mobile phones and usually work just in linux or at most windows. You could set up your own linux server on a small computer or even your laptop with linux and it works the same. You could also write an app or integrate the existing linux app into an existing VPN app like OpenVPN for android if you are a programmer and have all the time in the world but since many projects that are close to this subject have brilliant people working on them already, I think we should keep looking. Hysteria faketcp seems to me just like what I mentioned above but for some reason I can't get it to work.
Yes, Telegram groups, YouTube channels and so on ... |
|
a properly configured v2ray/xray setup can get through easily on many operators in Iran; IMO the only problem is upload throttling right now, It seems like they decided to deal with the situation by messing with download and upload speeds, throttling them to the servers outside of Iran. |
|
@Hadi-1624 Yes, that's exactly what I said in the OP. My vmess+tcp+tls or trojan-go setups work but have upload speeds limited to less than 1Mbps. That is not useful. |
|
@poorp I recommend using a domestic relay only as a last resort like november 2019 (Aban 98) when they shut down whole internet and only via a domestic relay you could connect to Internet. |
|
As far as I know, there is not a unified set of rules which govern the whole country. Each city/region/province or mobile operator or DSL provider has their own rules. I don't if it because they are smart or plain stupid. |
|
Hello everyone, |
most of the client circumvention tools here provide both You can use https://github.com/reeceyng/v2ray-agent |
Thanks anyway it seems your given links can't help me to make a http proxy |
|
@poorp hey man! I'm a fellow Iranian trying to achieve exactly what you are trying to do. I'm an IT Admin living in Germany and I wanted to create a solution for my family and friends in Iran. I naively started by setting up a WG Server on AWS and got it to work from Germany and being all happy about it. after finding out the harsh reality, I came across your posts and effort. |
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as off-topic.
@woodlyer That's fine—just do it in a new thread. Don't change the subject of existing threads. |
|
What's the situation with Tor, Snowflake, obfs4? |
|
well I'm pretty sure that UDP is banned on most IPs that belong to
datacenters and not the protocols themselves since if that was the case,
iperf shouldve worked but it doesnt.
…On Tue, Feb 21, 2023, 14:01 woodlyer ***@***.***> wrote:
WireGuard,OpenVPN UDP,Hysteria these udp based tools all have obvious
characteristics.
It's not the fault of UDP.
May be gost with KCP is good for you.
or ICMP tunnel. https://github.com/woodlyer/gostExample
—
Reply to this email directly, view it on GitHub
<#182 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3VHC2G2VZOL7RTJG4CTQ7LWYSKRLANCNFSM6AAAAAATH34MLY>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
As for Snowflake, Iran still accounts for more than 50% of users, about 40,000 users from Iran at any time on average. Here's a recent graph showing countries. It only shows 1 of the 2 bridges that exist currently, but it is the bridge that is more used.
Users in Iran should try the Orbot 17 release candidate, as that has support for both bridges, which will give better performance. |
Hi.
UDP is mostly blocked. WireGuard, OpenVPN UDP, Hysteria and such are not working. Iperf3 shows UDP packets being sent but it has around 50% packet loss. Not sure if it's the same with different ISPs, servers and locations. Maybe my servers are compromised, feel free to share your experience.
Vmess, Vless, SS, Trojan, Trojan-go, naiveproxy and such barely work (tcp, ws, tls, xtls (cloudflare CDN mostly blocked)). I get great download speeds with some setups but the upload is throttled to less than 1Mbps. Maybe my servers have been limited, feel free to share different results.
OpenVPN TCP does not work. Some servers and on some certain ports get connected but no data passes through.
Hysteria faketcp mode can't start on Sagernet android app due to some error (can't start some app which I guess is responsible for handling faketcp, maybe it needs root privilege?)
Tunneling through a domestic Iran server works with different apps and different protocols for each server but it's very risky and quite expensive.
Please add any detail that can help.
Edit: naiveproxy isn't limited in speed like the other proxy tools but it seems to get disrupted after a few minutes of being connected.
The text was updated successfully, but these errors were encountered: