this post was submitted on 02 Jul 2023
64 points (100.0% liked)

Blahaj Lemmy Meta

2230 readers
140 users here now

Blåhaj Lemmy is a Lemmy instance attached to blahaj.zone. This is a group for questions or discussions relevant to either instance.

founded 2 years ago
MODERATORS
 

‘tis a sad day to be an Arab queer on Lemmy.

you are viewing a single comment's thread
view the rest of the comments
[–] alsiniz 11 points 2 years ago (3 children)

Yeah there’s VPNs, but it’s a constant game of cat and mouse to find one that works. They use deep packet inspection to analyse internet traffic and scramble anything that resembles a VPN.

I even tried renting a server and running OpenVPN on it to have my own VPN server, but that started getting scrambled in the first week of use.

Sucks subscribing to a VPN then finding out it doesn’t work like a week later, which has happened to me more times than I can count.

[–] [email protected] 3 points 2 years ago* (last edited 2 years ago) (2 children)

Hmm. Well, if you don't mind the risk of breaking the rules...

  • Try Tor? The nodes there may be ephemeral enough for them to be hard to block.

  • If you still have the server and it's Linux and you can handle the technical side, set up an SSH tunnel and dump traffic through that. Something like ssh -L 127.0.0.1:8080:127.0.0.1:8080 [email protected]. Then install a SOCKS proxy on the server, have it listen on 127.0.0.1 (not on 0.0.0.0, especially since they could scan the server to see if it has a SOCKS proxy, but also to keep random people from using it). Then tell your web browser that you're using a SOCKS proxy on 127.0.0.1 on your local machine. If all you need is web browsing, that should work. They may not allow VPNs, but they may not kill SSH.

What you really need is some kind of encrypted transport that has legit -- well, legit in terms of state censorship, anyway -- bidirectional high-bandwidth use.

I wonder if anyone's done a VPN that masquerades as a BitTorrent client? That should fit the bill.

googles

https://github.com/danoctavian/bit-smuggler

That guy apparently put together a VPN that runs over BitTorrent for his masters thesis, targets the state censorship use case. Doesn't look like it's seen much work for a long time, though. That might be a bit of a project.

EDIT: Also, regarding the SOCKS proxy approach, it sounds like forcing DNS-over-HTTP always on is probably a good idea. I dunno how the UAE has things rigged up, but it sounds like Firefox, at least, defaults to doing a DoH lookup, then if that fails, falling back to standard DNS, and a state that can control traffic at the edge of their networks is gonna be able to probably monitor DNS lookups and cause DoH lookups to sporadically fail, which would cause DNS queries to be leaked, and I reckon that having DNS queries about dubious sites like lemmy.blahaj.zone going out of your computer occasionally is a likely a good way to get the attention of whatever monitoring stuff they have.

[–] [email protected] 2 points 2 years ago

I had OpenVPNAS for a while as a trial license, and i wasn't trying to get around any state censorship but i was able to use ssl encrypted data over a http connection rather than something that looked like vpn. I wonder if they can catch that.

[–] alsiniz 2 points 2 years ago

Thank you for the detailed response! Tor only works when wrapped by a VPN first, but as I stated ones that work are hard to come by.

I admittedly haven’t tried SSH/SOCKS because my primary need for VPN is for unblocking VoIP like discord and I’m not sure how to do that unless I route all traffic through that proxy, but that’s likely to get picked up by DPI and scrambled.

Bit smuggler looks super interesting 👀. I’ll have to look into it.

The only thing I’ve managed to get to work consistently is ExitLag ironically. I’ve been paying for it for years. I think whatever form of VPN they’re using with their whole dual route system manages to evade DPI better than any paid or DIY approach I’ve tried over the years and is stable enough to stream YouTube at high bit rates. I think the fact that they don’t even advertise themselves as a VPN has also helped them.

Yeah I def understand that my DNS activity is probably feeding their black list, but in the case of blahaj.zone I think the domain was auto blacklisted for containing too many trigger words like LGBTQ, trans, etc. It’s too small of a site to have been manually blacklisted imo. Especially when lemmynsfw.com remains unblocked.

[–] [email protected] 3 points 2 years ago (1 children)

Have you tried something like this https://github.com/dmitriykuptsov/soho-vpn-over-tls/
yet?

Or maybe one of these: https://github.com/topics/deep-packet-inspection

Just some ideas. Sorry you have to deal with an extra shitty government.

[–] alsiniz 1 points 2 years ago* (last edited 2 years ago) (1 children)

I have not, but those are some neat resources you shared that warrant looking into 👀. Thank you!

[–] [email protected] 1 points 1 year ago

Might not be useful, but v2ray might work if open vpn fails. Docs should have and English option in the corner.

[–] [email protected] 2 points 2 years ago (1 children)

sorry if this is obvious but does Tor work?

[–] alsiniz 3 points 2 years ago

Tor does not work unless first wrapped by a VPN, but few VPNs work to begin with.