Already blocked in Iran

[AliAkhtari78]

Hi there I set up the WA proxy on my VPS, then tried to connect to it; it didn't work at all, but after I connected my device to a VPN, the proxy worked very well.

Is there any way to bypass the problem? How can I forward the IR and non-IR VPS traffic using an ssh tunnel? Should I forward all ports? And can the default port number be changed?

[vargha1]

I have the exact same problem

[striped3964]

The proxy only works on some ISPs. hamrahe aval works on port 80. The server I used was Hetzner.

[JohnSirous]

The self-signed certificate is for address "proxy.whatsapp.com". that make's it easy to detect by DPI. in Iran, ISPs block websites based on TLS fingerprint and SNI name.

[vargha1]

@JohnSirous do you know how to change SNI name to something else???? where is it located?

[0hq]

Also interested to whether any changes can be made to make deep packet inspection harder here.

[AliAkhtari78]

I tried port forwarding using ssh tunnel, but it didn't work for unknown reasons.

[slawlor]

you can easily change the SNI name to whatever you want in the /proxy/src/generate-certs.sh file. You're welcome to try other configurations, they aren't specifically set for any client.

By default the container will generate a new certificate on bootup each time it starts as well, using this file for the properties and generation code

[GewoonJaap]

Could you try: https://whatsapp-proxy.com

Server # 2 uses a custom SNI name

[AliAkhtari78]

None of these works, and the same error: "Failed to connect to proxy."

[GewoonJaap]

@AliAkhtari78 Did you entered the ip and the port? Because in another GitHub thread some proxies worked.

[ydagnhienil]

Would you please try this one from Iran with modified certificate and port and let me know if it works: 68.183.70.255:5432

We are trying to find out if Iran is blocking some datacenter by default.

[AliAkhtari78]

@AliAkhtari78 Did you entered the ip and the port? Because in another GitHub thread some proxies worked.

Yes, I did

68.183.70.255:5432

This one is working. What is the trick?

[ydagnhienil]

I've changed the certificate SSL_SUBJECT and CA_SUBJECT in file src/generate-certs.sh rebuild the image and start it. I thought maybe they are scanning the IPs with the open whatsapp port (5222) and block that. Accordingly I've changed the docker-compose.yml and removed all the other ports: ports:

• "5432:5222" # JABBER

[JohnSirous]

Would you please try this one from Iran with modified certificate and port and let me know if it works: 68.183.70.255:5432

We are trying to find out if Iran is blocking some datacenter by default.

All Meta data-centers are blocked in Iran.

[ydagnhienil]

@AliAkhtari78 the one which you tested was by Digitalocean datacenter. Can you please test this one which is hosted by Oracle and let me know id it works: 141.148.228.97:82

[dgoryeo]

ld the

@ydagnhienil, would you be able to share your code --yml asns ssh?

[dgoryeo]

Can one use the docker command to remap ports?

docker run -it -p 80:80 -p 443:443 -p 5432:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 whatsapp_proxy:1.0

Will this command override the yml settings?

[slawlor]

Can one use the docker command to remap ports?

This should be addressed in the FAQ. tl;dr; yes you can, but 443 will cause problem in re-mapping. Additionally you don't need to expose all the ports, just the ones you're going to use.

[slawlor]

97 should help with certification property detection

[dgoryeo]

I just tried with 3 IP addresses from google cloud: 2 from Europe West, and 1 from US Central. All three were blocked from Iran -- ping does not go through. I wonder if any IP from Google pool of IPs is blocked. The IPs star with 34.xxx.xxx.xxx.

Does anyone know a good way to get an static IP / dedicated IP address? I'm suspecting that getting IPs from any VPN provider would have similar faith as the Google IPs --being blocked. Any thoughts?

[JohnSirous]

@AliAkhtari78 the one which you tested was by Digitalocean datacenter. Can you please test this one which is hosted by Oracle and let me know id it works: 141.148.228.97:82

Really slow connection It seems they interrupt TCP handshake or puts lots of delay

[JohnSirous]

Government actively check news and websites that published proxies and VPNs. when you put the IP-address of proxies in a public website, they easily block all IPs.

[GewoonJaap]

Are there any hosting providers that offer servers in Iran? Would be handy to check if proxies are blocked or not

[dgoryeo]

I don't live in Iran but it is my understadning that there are no providers in Iran. There is an active reddit thread on this. Most posts indicate that known VPN providers are blocked, however some of the ExpressVPN servers in the Netherlands go through. The situation chages daily and people inform each other in real time to switch servers when needed.