proxy icon indicating copy to clipboard operation
proxy copied to clipboard

Published 20 hours ago verified publisher icon WhatsApp

Already blocked in Iran

Open AliAkhtari78 opened this issue 2 years ago • 24 comments

Hi there I set up the WA proxy on my VPS, then tried to connect to it; it didn't work at all, but after I connected my device to a VPN, the proxy worked very well.

Is there any way to bypass the problem? How can I forward the IR and non-IR VPS traffic using an ssh tunnel? Should I forward all ports? And can the default port number be changed?

AliAkhtari78 avatar Jan 07 '23 04:01 AliAkhtari78

I have the exact same problem

vargha1 avatar Jan 07 '23 07:01 vargha1

The proxy only works on some ISPs. hamrahe aval works on port 80. The server I used was Hetzner.

striped3964 avatar Jan 07 '23 09:01 striped3964

The self-signed certificate is for address "proxy.whatsapp.com". that make's it easy to detect by DPI. in Iran, ISPs block websites based on TLS fingerprint and SNI name.

JohnSirous avatar Jan 07 '23 09:01 JohnSirous

@JohnSirous do you know how to change SNI name to something else???? where is it located?

vargha1 avatar Jan 07 '23 11:01 vargha1

Also interested to whether any changes can be made to make deep packet inspection harder here.

0hq avatar Jan 08 '23 04:01 0hq

I tried port forwarding using ssh tunnel, but it didn't work for unknown reasons.

AliAkhtari78 avatar Jan 08 '23 07:01 AliAkhtari78

you can easily change the SNI name to whatever you want in the /proxy/src/generate-certs.sh file. You're welcome to try other configurations, they aren't specifically set for any client.

By default the container will generate a new certificate on bootup each time it starts as well, using this file for the properties and generation code

slawlor avatar Jan 09 '23 15:01 slawlor

Could you try: https://whatsapp-proxy.com

Server # 2 uses a custom SNI name

GewoonJaap avatar Jan 09 '23 18:01 GewoonJaap

None of these works, and the same error: "Failed to connect to proxy."

AliAkhtari78 avatar Jan 10 '23 04:01 AliAkhtari78

@AliAkhtari78 Did you entered the ip and the port? Because in another GitHub thread some proxies worked.

GewoonJaap avatar Jan 10 '23 07:01 GewoonJaap

Would you please try this one from Iran with modified certificate and port and let me know if it works: 68.183.70.255:5432

We are trying to find out if Iran is blocking some datacenter by default.

ydagnhienil avatar Jan 10 '23 07:01 ydagnhienil

@AliAkhtari78 Did you entered the ip and the port? Because in another GitHub thread some proxies worked.

Yes, I did

68.183.70.255:5432

This one is working. What is the trick?

AliAkhtari78 avatar Jan 10 '23 08:01 AliAkhtari78

I've changed the certificate SSL_SUBJECT and CA_SUBJECT in file src/generate-certs.sh rebuild the image and start it. I thought maybe they are scanning the IPs with the open whatsapp port (5222) and block that. Accordingly I've changed the docker-compose.yml and removed all the other ports: ports:

  • "5432:5222" # JABBER

ydagnhienil avatar Jan 10 '23 09:01 ydagnhienil

Would you please try this one from Iran with modified certificate and port and let me know if it works: 68.183.70.255:5432

We are trying to find out if Iran is blocking some datacenter by default.

All Meta data-centers are blocked in Iran.

JohnSirous avatar Jan 10 '23 09:01 JohnSirous

@AliAkhtari78 the one which you tested was by Digitalocean datacenter. Can you please test this one which is hosted by Oracle and let me know id it works: 141.148.228.97:82

ydagnhienil avatar Jan 10 '23 11:01 ydagnhienil

ld the

@ydagnhienil, would you be able to share your code --yml asns ssh?

dgoryeo avatar Jan 10 '23 14:01 dgoryeo

Can one use the docker command to remap ports?

docker run -it -p 80:80 -p 443:443 -p 5432:5222 -p 8080:8080 -p 8443:8443 -p 8222:8222 -p 8199:8199 whatsapp_proxy:1.0

Will this command override the yml settings?

dgoryeo avatar Jan 10 '23 15:01 dgoryeo

Can one use the docker command to remap ports?

This should be addressed in the FAQ. tl;dr; yes you can, but 443 will cause problem in re-mapping. Additionally you don't need to expose all the ports, just the ones you're going to use.

slawlor avatar Jan 10 '23 15:01 slawlor

#97 should help with certification property detection

slawlor avatar Jan 10 '23 16:01 slawlor

I just tried with 3 IP addresses from google cloud: 2 from Europe West, and 1 from US Central. All three were blocked from Iran -- ping does not go through. I wonder if any IP from Google pool of IPs is blocked. The IPs star with 34.xxx.xxx.xxx.

Does anyone know a good way to get an static IP / dedicated IP address? I'm suspecting that getting IPs from any VPN provider would have similar faith as the Google IPs --being blocked. Any thoughts?

dgoryeo avatar Jan 10 '23 18:01 dgoryeo

@AliAkhtari78 the one which you tested was by Digitalocean datacenter. Can you please test this one which is hosted by Oracle and let me know id it works: 141.148.228.97:82

Really slow connection It seems they interrupt TCP handshake or puts lots of delay image

JohnSirous avatar Jan 11 '23 12:01 JohnSirous

Government actively check news and websites that published proxies and VPNs. when you put the IP-address of proxies in a public website, they easily block all IPs.

JohnSirous avatar Jan 11 '23 12:01 JohnSirous

Are there any hosting providers that offer servers in Iran? Would be handy to check if proxies are blocked or not

GewoonJaap avatar Jan 11 '23 13:01 GewoonJaap

I don't live in Iran but it is my understadning that there are no providers in Iran. There is an active reddit thread on this. Most posts indicate that known VPN providers are blocked, however some of the ExpressVPN servers in the Netherlands go through. The situation chages daily and people inform each other in real time to switch servers when needed.

dgoryeo avatar Jan 11 '23 13:01 dgoryeo