How to circumvent censorship with two VPS servers?

[Saya47]

Hello I'm from Iran, my connectivity is throttled to addresses outside of my country, but I know that VPS servers inside the country are not throttled, so I was thinking, how do I set up V2Ray or Shadowsocks+Cloak in a manner where I will connect with any of the aforementioned protocols or even OpenVPN to the Iran VPS and the Iran VPS must route all outgoing traffic to another VPS outside of my country?

Thanks very much for reading.

[seakfind]

The original Shadowsocks wiki outlines two methods of building a relay. The first uses iptables. The second uses haproxy. Would these work with "Cloak-ed" traffic too? https://github.com/shadowsocks/shadowsocks/wiki/Setup-a-Shadowsocks-relay

[arandomgstring]

@Saya47 For v2ray, https://github.com/net4people/bbs/issues/171#issuecomment-1353655913 perhaps. But it'd be better if people use different protocols. A mixture of ssh proxy with v2ray would be most satisfying, I'd like to see that.

[pirooz-gthb]

Have you tested different proxy protocols (VMess especially) to check which one works for you? If you can keep your server outside of Iran, it's better to keep it there.

[arandomgstring]

@pirooz-gthb Testing any non-TLS based protocol doesn't make much sense imho. Even though VMess has similar traffic to that of tls, it doesn't have "real TLS handshake", because you don't own a real certificate. If you are talking about vmess + tls, well why would you slow your network unnecessarily when you can use vless + tls that has same effect? or maybe Trojan + TLS, doesn't matter much. Currently vless + tls + ws + nginx works fine for me.

If you can keep your server outside of Iran, it's better to keep it there.

What would you do when they restrict access of home users to national network only? With an Iranian VPS you can bypass this. And what do you do about upload speed that has bothered lots of users? https://github.com/net4people/bbs/issues/171. No one likes additional costs, but sometimes, it's the necessity that dictates our actions.

[Azadzadeh]

With an Iranian VPS you can bypass this. And what do you do about upload speed that has bothered lots of users?

They can just block local data-centers' international access too. People are already reporting that their local CDN's upload speed is being throttled since a couple of days ago.

Also, I believe it's better not to popularize this method as it leads to centralization and a single point of failure in our international internet access. We should hide behind services (CDNs, datacenters) that are hosting popular international websites since blocking their infra would be costly for the censor.

[arandomgstring]

@Azadzadeh

They can just block local data-centers' international access too.

I hope they do. By doing so, every single website inside country becomes inaccessible to foreign countries, even the ones that advertise their propaganda.

We should hide behind services (CDNs, datacenters) that are hosting popular international websites since blocking their infra would be costly for the censor.

Sure, which CDN(s) do you recommend? Is there any?!

[Azadzadeh]

Sure, which CDN(s) do you recommend? Is there any?!

CloudFlare. Websites using cloudflare are not inaccessible yet.

[arandomgstring]

@Azadzadeh

Have you been successful in using Cloudflare? I am seeing many people complaining about CDN based proxies on cloudflare. Either they get bogon IPs, or their cloudflare's IP is blocked, or cloudflare IP is accessible in certain ISPs, while in others not.

[Azadzadeh]

Have you been successful in using Cloudflare?

Oh you mean the orange setting (proxy). No, I just use it in dns-only mode (gray) and yeah it doesn't hide the IP in this mode. Still, my personal opinion is that we shouldn't use local CDNs as proxy even if it works, even if the channels are encrypted.

[Saya47]

Coming back to this, I finally was able to get hold of two VPS servers! And I tested it with Shadowsocks+Cloak and it works well! I was just wondering, I'm now using TLS+Trojan, how should I go about forwarding the packets to the main server with this config? It seems confusing because certification is involved here, and I don't know which IP address of which server is supposed to be certified and set up for DNS.