A summary on Iran's current internet situation

[poorp]

Hi. UDP is mostly blocked. WireGuard, OpenVPN UDP, Hysteria and such are not working. Iperf3 shows UDP packets being sent but it has around 50% packet loss. Not sure if it's the same with different ISPs, servers and locations. Maybe my servers are compromised, feel free to share your experience. Vmess, Vless, SS, Trojan, Trojan-go, naiveproxy and such barely work (tcp, ws, tls, xtls (cloudflare CDN mostly blocked)). I get great download speeds with some setups but the upload is throttled to less than 1Mbps. Maybe my servers have been limited, feel free to share different results. OpenVPN TCP does not work. Some servers and on some certain ports get connected but no data passes through. Hysteria faketcp mode can't start on Sagernet android app due to some error (can't start some app which I guess is responsible for handling faketcp, maybe it needs root privilege?) Tunneling through a domestic Iran server works with different apps and different protocols for each server but it's very risky and quite expensive. Please add any detail that can help.

Edit: naiveproxy isn't limited in speed like the other proxy tools but it seems to get disrupted after a few minutes of being connected.

[Azadzadeh]

iranians problems in this space basically comes down to not debugging stuff systematically

we ask people to test stuff in a controlled fashion to rule out possible vectors in censorship but they just post info with another set of parameters activated and don't mention the most important thing: the network/isp that they tested it through!

it's as if they got some config working for their particular isp and call it quits...maybe this is the way

my conclusion: if you got something working for both mobile networks, it's gonna work for other isps

[poorp]

iranians problems in this space basically comes down to not debugging stuff systematically

I disagree, Iranians problems come down to a government which has forced normal people to have to deal with this kind of stuff.

we ask people to test stuff in a controlled fashion to rule out possible vectors in censorship but they just post info with another set of parameters activated and don't mention the most important thing: the network/isp that they tested it through!

Not everyone has access to all or many different ISPs. We are trying tho, countless groups and discussions are sharing their setups for others to test on their ISP. Also, ISPs mostly act the same when it comes to censorship so there is basically two groups of them: home connections and mobile. FYI I tested the above mentioned on TCI home connection and MTN mobile network.

[Azadzadeh]

Not everyone has access to all or many different ISPs

That's why we should share what network a particular config works in. for example I don't know of any solution that works in both irancell and hamrah aval. i believe if there is a method for these conditions, it's gonna work for every network.

but it seems the 8 or 10 iranians here also don't have a working solution in the above scenario.

I tested many things (vless+xray+tcp+tls, vless+xray+tcl+xtls, trojan-go (all modes except local cdn), hysteria (almost all modes except port hopping), naiveproxy), none of them work in above condition.

countless groups and discussions are sharing their setups for others to test on their ISP

like where? telegram groups?

[poorp]

@Azadzadeh I have a solutions that works everywhere but I'm too afraid to share it since it might get banned if it gets popular. To give you a hint it involves a server in Iran with one of it's ports being forwarded to a foreign server that has a VPN service like OpenVPN UDP. The port forwarding shouldn't be done with iptables since UDP can't pass through but rather with an app that changes UDP packets and makes them look like tcp or icmp. Tunneling UDP itself also works on some servers but not others, it depends on your Iran server provider. I don't recommend this tho since the Iranian provider always asks for every personal info you have and most of the time f**ks you over with some BS rule about traffic usage or tunneling or ... and/or overcharges you extremely because they know we are desperate. We better find some way of connecting without the need for a domestic server since the server doesn't act any different than ISPs as of now. Even the above mentioned solution can be done without a server but the problem is most apps you can find on Github for this kind of setup don't have a client for mobile phones and usually work just in linux or at most windows. You could set up your own linux server on a small computer or even your laptop with linux and it works the same. You could also write an app or integrate the existing linux app into an existing VPN app like OpenVPN for android if you are a programmer and have all the time in the world but since many projects that are close to this subject have brilliant people working on them already, I think we should keep looking. Hysteria faketcp seems to me just like what I mentioned above but for some reason I can't get it to work.

like where? telegram groups?

Yes, Telegram groups, YouTube channels and so on ...

[Hadi-1624]

a properly configured v2ray/xray setup can get through easily on many operators in Iran; IMO the only problem is upload throttling right now, It seems like they decided to deal with the situation by messing with download and upload speeds, throttling them to the servers outside of Iran. Before this situation it was so easy to connect with xray proxies on mci/rightel/shatel/tci for me.

[poorp]

@Hadi-1624 Yes, that's exactly what I said in the OP. My vmess+tcp+tls or trojan-go setups work but have upload speeds limited to less than 1Mbps. That is not useful.

[msshn]

@poorp I recommend using a domestic relay only as a last resort like november 2019 (Aban 98) when they shut down whole internet and only via a domestic relay you could connect to Internet. The reason is because of all the personal info Iranian VPS providers require for their service which is a huge privacy red flag. The less information they have on you, the better.

[pirooz-gthb]

As far as I know, there is not a unified set of rules which govern the whole country. Each city/region/province or mobile operator or DSL provider has their own rules. I don't if it because they are smart or plain stupid.

[Argo160]

Hello everyone, Not sure if it is a right place to ask this how can i set up a "http proxy" on my vps? I can't find any related script to run

[Azadzadeh]

how can i set up a "http proxy" on my vps?

most of the client circumvention tools here provide both HTTP and SOCKS proxy. is there any particular reason you choose HTTP over SOCKS?

You can use https://github.com/reeceyng/v2ray-agent

[Argo160]

how can i set up a "http proxy" on my vps?

most of the client circumvention tools here provide both HTTP and SOCKS proxy. is there any particular reason you choose HTTP over SOCKS?

You can use https://github.com/reeceyng/v2ray-agent

Thanks I just need to clear my head if a personal http proxy made in domestic relay could work using it in psiphon or not. i am already like %99 that it does not

anyway it seems your given links can't help me to make a http proxy

[techsupport-ali]

@poorp hey man! I'm a fellow Iranian trying to achieve exactly what you are trying to do. I'm an IT Admin living in Germany and I wanted to create a solution for my family and friends in Iran. I naively started by setting up a WG Server on AWS and got it to work from Germany and being all happy about it. after finding out the harsh reality, I came across your posts and effort. I'm new to this topic as my expertise in the IT field are not useful for this project, however since I'm living outside Iran, I have resources that I can provide. I would be very interested if you would like to join forces or at least have a conversation together. here is my email: idevicepurchases@gmail.com

[woodlyer]

WireGuard,OpenVPN UDP,Hysteria these udp based tools all have obvious characteristics. It's not the fault of UDP. May be gost with KCP is good for you. or ICMP tunnel. https://github.com/woodlyer/gostExample

[wkrp]

@woodlyer, do not spam the same information in multiple threads. (#129 #150 #181 #182.) And don't make low-effort posts that only say one thing is bad and another thing is good, without explaining why. If you want to talk about GOST, start a new thread, and give the information an experienced researcher or developer will need to understand and evaluate it: what protocols it uses, how proxy addresses are distributed, what it does to prevent active probing. For use of KCP, you may wish to compare to #9, #14, #30, #35, #36.

[woodlyer]

@wkrp I just want to let more people know a good tool to touch internet, But not always be blocked by wall.
TCP is easily be slow down by drop packets. Now, these tls based tools can be easily blocked by GFW. Although GFW doesn't know what's transfering in tls, but it can just drop some tcp packets to result net speed slow down or just block the port.
The technology based on tcp will always face this problem. UDP can solve this and with some speed up effects.
Gost is a very powerful tunnel and proxy tool to help passing the wall. It support many protocols. It is worth popularizing it.

May be the best pratise to pass the wall is using A kind of tool that have very little users.
May be the more gost is used, gost is also blocked, like kcptun.
Everyone can try it at now, the time it's still effective.

[wkrp]

Gost is a very powerful tunnel and proxy tool to help passing the wall. It support many protocols. It is worth popularizing it.

@woodlyer That's fine—just do it in a new thread. Don't change the subject of existing threads.

[alexandervlpl]

What's the situation with Tor, Snowflake, obfs4?

[poorp]

well I'm pretty sure that UDP is banned on most IPs that belong to datacenters and not the protocols themselves since if that was the case, iperf shouldve worked but it doesnt.

On Tue, Feb 21, 2023, 14:01 woodlyer @.***> wrote:

WireGuard,OpenVPN UDP,Hysteria these udp based tools all have obvious characteristics. It's not the fault of UDP. May be gost with KCP is good for you. or ICMP tunnel. https://github.com/woodlyer/gostExample

— Reply to this email directly, view it on GitHub https://github.com/net4people/bbs/issues/182#issuecomment-1438236990, or unsubscribe https://github.com/notifications/unsubscribe-auth/A3VHC2G2VZOL7RTJG4CTQ7LWYSKRLANCNFSM6AAAAAATH34MLY . You are receiving this because you were mentioned.Message ID: @.***>

[wkrp]

What's the situation with Tor, Snowflake, obfs4?

As for Snowflake, Iran still accounts for more than 50% of users, about 40,000 users from Iran at any time on average.

Here's a recent graph showing countries. It only shows 1 of the 2 bridges that exist currently, but it is the bridge that is more used.

https://opencollective.com/censorship-circumvention/projects/snowflake-daily-operations/updates/2023-06-update

Users in Iran should try the Orbot 17 release candidate, as that has support for both bridges, which will give better performance.