Iran firewall can find fake tls

[sae13]

last night i got new vps I configured faketls and it has only one user, today they blocked my ip

[erfantkerfan]

yep they found a way to somehow detect the traffic and also they don't block IP they only block those packets meaning you can ssh to your server.

[seriyps]

This should be fixed in the latest telegram beta versions

[FreedomPrevails]

This should be fixed in the latest telegram beta versions

This issue is not fixed in current latest beta version. do you have any news if they are working on a solution ? I dont understand why they should use fake tls, when real TLS is there and using it will resolve the issue forever.

[devlifeX]

Any solution? My servers get blocks every day, mtproto not working on all ISP.

[HamedJafarzadeh]

Same here, I cannot run a MTProxy anymore, it connect perfectly outside of Iran, but Inside of Iran it doesn't connect. However the IP is not banned, I have access to SSH and all inside Iran.

[FaridAghili]

Any news on this?

[sae13]

Any news on this?

I think if something needs to happen it should happen in main MTProxy code https://github.com/TelegramMessenger/MTProxy/issues/35

[TheHolyLoli]

Same here, I cannot run a MTProxy anymore, it connect perfectly outside of Iran, but Inside of Iran it doesn't connect. However the IP is not banned, I have access to SSH and all inside Iran.

same thing happened to me tonight.ip is not blocked.i can access everything else,and connect just fine outside iran.whats going on?

[seriyps]

Maybe they updated their DPI?

[devlifeX]

Follow these step COULD helpful for mtproto servers.

1. Don't use famous VPS Providers (hetzner or OVH etc...)
2. Don't expose Your Mtproto in public (PRIVATE IS SAFE)
3. Don't Use a link for more than 1 User (Give Unique link for each user)
4. Don't Share your VPS to many users (Keep your users less than 10 for each VPS)
5. Use Port 443 and Keep update Mtproto repository

[TheHolyLoli]

Follow these step COULD helpful for mtproto servers.

1. Don't use famous VPS Providers (hetzner or OVH etc...)
2. Don't expose Your Mtproto in public (PRIVATE IS SAFE)
3. Don't Use a link for more than 1 User (Give Unique link for each user)
4. Don't Share your VPS to many users (Keep your users less than 10 for each VPS)
5. Use Port 443 and Keep update Mtproto repository

i do almost all of the above...cant get any other cheap VPS so im stuck with hetzner but the thing is i used port 22 and unlike any other ports...i has been working for over 6 months without problem now.even port 443 didnt work more than 3 weeks for me btw. no port is working(only for mtproto though) now

[devlifeX]

send message if you need help @darius_h tlgeam Id.

[ylot0]

3. 为每个用户提供唯一链接

请教，如何为每个用户提供唯一链接？

[qiangweihewu]

Hi guys! I found this project which uses wss relay as way of proxy so that it can use cdn like Cloudflare. However, I don't know the specific steps how to build it, especially how to get the payload. Could anyone here give more detailed instructions on how to build it and even more, make it work on phone apps. Here is it: https://github.com/arm64v8a/NekoXProxy Thanks!

[seriyps]

Hi guys! I found this project which uses wss relay as way of proxy so that it can use cdn like Cloudflare. However, I don't know the specific steps how to build it, especially how to get the payload. Could anyone here give more detailed instructions on how to build it and even more, make it work on phone apps. Here is it: https://github.com/arm64v8a/NekoXProxy Thanks!

It looks like it can only work with custom Telegram client, not with the standard one

[qiangweihewu]

Hi guys! I found this project which uses wss relay as way of proxy so that it can use cdn like Cloudflare. However, I don't know the specific steps how to build it, especially how to get the payload. Could anyone here give more detailed instructions on how to build it and even more, make it work on phone apps. Here is it: https://github.com/arm64v8a/NekoXProxy Thanks!

It looks like it can only work with custom Telegram client, not with the standard one

I have tested it, at least it works on official desktop client by adding it to the client's http proxy.