Doesn't load images

[denisemenov]

I have 1 fresh and clean vds with mtproxy in Germany. It's not blocked in Russia. Messages works well, but images not. All links previews, stickers and sent images are not downloaded. Socks5 (dante) on the same server works without this problem.

---

Арендовал vds в Германии (CentOS 7), поставил mtproxy, обновил все пакеты и прокси листы, перезагрузил 200 раз. Работает всё, кроме картинок. Картинки не грузятся совсем: превью ссылок, новые стикеры, отправленные фотографии. Ставлю на тот же сервер dante proxy - работает без косяков с картинками.

[seega]

@denisemenov Yota somehow blocks all files via mtproto (maybe other operators too).

[loskiq]

@denisemenov I rent VPS by Amazon and everything works

[denisemenov]

@seega I have Megafon. I know that it's the same shit, but with Yota i had a lot of problems on shared internet (torrents, cloud storage, speed) few years ago and went to Megafon, which works better. @loskiq i had this issue on Hetzner.

I'll try other operators and vds later. Thanks.

[LibertyPaul]

@denisemenov this is strange, I have VPS in Hetzner with both MTProxy and SOCKS, both work quite well through Yota. A minute ago I was able to scroll down a channel with pics and videos and had no issues with that (via MTProxy).

Any ideas on how to reproduce this issue / gather logs / tcpdump?

[vanoc]

Same. Yota.

[denisemenov]

https://t.me/rknapocalypsetime/108

[denisemenov]

Update: i receive sent images, but telegraph previews still doesn't work. Centos, latest version of mtproto, Hetzner Helsinki, Megafon.

[iqdoctor]

i use ubuntu 18 on vultr.com and digitalocean.com - all is ok.

[seega]

@iqdoctor through Yota and ios/android TG app?

[NexonSU]

Same issue with Yota, even with another port. When I turn off proxy, it works, but very slow. When I use VPN to the same server, it works. When I use any another public proxy, it works.

[jamesfirstv]

Я встречал такое раньше. Если: 1) в локальной сети существуют две машины (например, телефон, раздающий вайфай и ноутбук на вайфае) 2) на телефоне запущен VPN и Телеграм работает через него, но сломан маршрут от ноутбука до интернета, так как VPN на телефоне запущен после подключения ноутбука к вайфаю, то есть после получения настроек от телефонного DHCP 3) на ноутбуке Телеграм работал без прокси и впн хорошо, но после старта впна перестаёт передавать любой медиа контент, только текст, то есть сообщения и техническую информацию

Складывается впечатление о наличии проксирования текстового трафика через любое приложение Телеграма в локальной сети

[NexonSU]

@jamesfirstv да нет, тут просто Yota что-то натворила. Похоже пора заканчивать с этой возней и тупо переходить на IPv6, хоть через брокера.

[exhang]

Решения этой проблемы в данный момент не найдено?

[NexonSU]

@exhang опытным путем было установлено, что йота режет mtproto трафик.

[Kooroshya]

i have same issue , any idea ?

[exhang]

i have same issue , any idea ?

Use socks5 proxy.

[amirhgh]

i use ubuntu 18 on vultr.com and digitalocean.com - all is ok.

I am using Vultr and have the same issue

[nimatrueway]

It's been almost ~ 2 weeks that we have the same problem in Iran with MTProto proxies. Texts are communicated fine, but any non-text data (image/video/..) communication are painfully slow. This is not the case when we use VPNs to access telegram (like Cisco Open-Connect).

P.S. I don't think it has anything to do with AWS (our mtproto-proxy host). because after connecting VPN, our telegram client can download the non-text stuffs through mtproto-proxy.

[NexonSU]

@nimatrueway Yep, seems like it's ISP fault. We need to "encapsulate" our MTProto traffic over... something. I don't know.

[lesha-co]

@NexonSU what is the point of it then? I thought that mtproto should be "pretending to be https so isps can't track it". Today they can block (parts of) MTProto, tomorrow they just ban all socks traffic because it's easily recognizable. Oh and socks proxy passwords aren't secured in any way so they can just sniff them to check if that's really a telegram proxy you're connecting to.

[exhang]

@NexonSU what is the point of it then? I thought that mtproto should be "pretending to be https so isps can't track it". Today they can block (parts of) MTProto, tomorrow they just ban all socks traffic because it's easily recognizable. Oh and socks proxy passwords aren't secured in any way so they can just sniff them to check if that's really a telegram proxy you're connecting to.

Yes, Russian ISP "Yota" sniff MTProto traffic, i use only socks5.

[russianxiii]

Now images are loaded through MTProto and Yota.

[exhang]

Now images are loaded through MTProto and Yota.

No.

[d0tfile]

@exhang did you try random padding mode?

[exhang]

@exhang did you try random padding mode?

Yes, i on padding mode.

[rusinv]

Have similar issue with Yota.

[onikethem]

🤔

در چهارشنبه ۳۰ ژانویهٔ ۲۰۱۹،‏ ۲۳:۳۱ Valery Rusin <notifications@github.com نوشت:

Have similar issue with Yota.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-459087764, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq35wHD3UXA6uoMIqrOdwaiOm7wNcRks5vIfoKgaJpZM4UgNWA .

[herenickname]

Same shit on Yota with mtproto, socks5 works fine.

[RistiCore]

Yota marks all unrecognized traffic as "p2p" and shape it as torrent-traffic — 32 Kbps. The same problem with Wireguard VPN for example: Yota cannot recognize its UDP noise-like traffic like any known service and shrink througput to 32 Kbps.

[onikethem]

☕

در جمعه ۱ فوریهٔ ۲۰۱۹،‏ ۱۴:۱۲ RistiCore <notifications@github.com نوشت:

Yota marks all unrecognized traffic as "p2p" and shape it as torrent-traffic — 32 Kbps. The same problem with Wireguard VPN for example: Yota cannot recognize its UDP noise-like traffic like any known service and shrink througput to 32 Kbps.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-459681375, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq3-HDqk4tgp7LZDwO7dTnpjc3GU05ks5vJBoWgaJpZM4UgNWA .

[NexonSU]

@RistiCore thx, finally someone explained this issue.

[onikethem]

😍😍😍😍😍😍😍😍

در جمعه ۱ فوریهٔ ۲۰۱۹،‏ ۱۴:۲۵ Nexon <notifications@github.com نوشت:

@RistiCore https://github.com/RistiCore thx, finally someone explained this issue.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-459684921, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq38G7pzuCVXwK9o6RJmScCm6p-fFLks5vJB0mgaJpZM4UgNWA .

[onikethem]

Do you have a telegram channel?

در جمعه ۱ فوریهٔ ۲۰۱۹،‏ ۱۴:۲۵ Nexon <notifications@github.com نوشت:

@RistiCore https://github.com/RistiCore thx, finally someone explained this issue.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-459684921, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq38G7pzuCVXwK9o6RJmScCm6p-fFLks5vJB0mgaJpZM4UgNWA .

[onikethem]

I am investing. Anyone have a telegram channel to share my proxy links. I can pay a paycheck 1 bitcoin

در جمعه ۱ فوریهٔ ۲۰۱۹،‏ ۱۴:۲۸ Mohammad Hossini <hossini081@gmail.com نوشت:

Do you have a telegram channel?

در جمعه ۱ فوریهٔ ۲۰۱۹،‏ ۱۴:۲۵ Nexon <notifications@github.com نوشت:

@RistiCore https://github.com/RistiCore thx, finally someone explained this issue.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-459684921, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq38G7pzuCVXwK9o6RJmScCm6p-fFLks5vJB0mgaJpZM4UgNWA .

[herenickname]

Socks5 on tcp/443 is normal on Yota.

[savely-krasovsky]

@denisemenov @ekifox @RistiCore I found the solution. Yota guarantees that they don't shape traffic at 1194 and 51820 ports. I checked and it works. WireGuard also works flawlessly.

[NexonSU]

@L11R That's why OpenVPN working well :D

[savely-krasovsky]

@stek29 I guess it could be closed now.

[onikethem]

So right

در جمعه ۸ فوریهٔ ۲۰۱۹،‏ ۱۷:۵۶ Savely Krasovsky <notifications@github.com نوشت:

@stek29 https://github.com/stek29 I guess it could be closed now.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/TelegramMessenger/MTProxy/issues/105#issuecomment-461819261, or mute the thread https://github.com/notifications/unsubscribe-auth/Asyq32w4f_gYAOti6H2zv1MiG-53njZLks5vLYkTgaJpZM4UgNWA .

[denisemenov]

@denisemenov @ekifox @RistiCore I found the solution. Yota guarantees that they don't shape traffic at 1194 and 51820 ports. I checked and it works. WireGuard also works flawlessly.

Maybe it helps with Yota, but not with Megafon. I tried to use 51820 and media still doesn't load. I do not think that it is normal when we should be limited to use only 1 or 2 ports. For example, there are situations when we cannot use port 1194 because it is already busy.

@stek29 please, open it back.

[denisemenov]

I tried to use firewalld instead of iptables on Centos 7 and the images have been loaded. 🤷‍♂️

[savely-krasovsky]

@denisemenov how using firewalld instead of iptables can cause image loading problems on specific ISP? 🤔

[denisemenov]

I wrote that I have problems not on Yota, but on Megaphone (and Tele2). I also wrote that this problem does not disappear after changing the port. So I was not in favor of the fact that the problem is in a particular provider.

[Nill-R]

@denisemenov @ekifox @RistiCore I found the solution. Yota guarantees that they don't shape traffic at 1194 and 51820 ports. I checked and it works. WireGuard also works flawlessly.

No :( I have trouble on Yota with Wireguard at 51820 and with MTProto on any ports. Now I configured my WireGuard for 1194/udp and all is ok. Yota shapping all unknown traffic. I think tomorrow I'll reconfigure one of my MTProto Proxy for 1194 :) Yota is very bad choice

[Nill-R]

I tried to use firewalld instead of iptables on Centos 7 and the images have been loaded. 🤷‍♂️

But firewalld is user-backend for iptables ;)

[lucidyan]

@stek29 I don't understand why this problem is closed.

First, I think not only YOTA reduces traffic in this way. Other ISP's can do it too.

Secondly, it is a serious vulnerability in the MTProxy that in case of the introduction of something like white lists, completely blocks it.

Are there any plans for mimic other protocols?

[savely-krasovsky]

@lucidyan vulnerability? C'mon, Yota just shapes traffic with unknown signature. Telegram cannot fix it. Don't use Yota, change ISP.

The only solution is to mimic HTTPS for example and launch proxy at 443 port. But in my opinion this feature is out of project scope.

[lucidyan]

@L11R This is a protocol that is designed with only target: to circumvent ISP blocks. And if such traffic is so easy to detect and shape, in my opinion, it does not cope with its task. That is why I consider this a vulnerability issue in the first place.

E.g., tomorrow, the same ISP will start shaping traffic on all ports and then this tool will simply become useless. And there will not be workaround at all, except use some kind of tunnels for all trafiic: but for the large amount of users it will be unacceptable and hard.

[savely-krasovsky]

@lucidyan Yota doesn't detect type of traffic. It just shapes everything unknown. So it's not vulnerability.

If tomorrow ISP will shape traffic on all ports... Well sorry for your shitty ISP, because you will be also unable to use OpenVPN/WireGuard/IKEv2/anything else. There is no out of the box solution if your ISP is fucking crazy.

[lucidyan]

@L11R I have the OpenVPN server, running at the same machine, at the non-standard port and Yota doesn't shape it at all. So I'm going to disagree with you.

P.S. Crazy ISP is not such a problem, as crazy laws.