bbs
bbs copied to clipboard
net4people
Protocols working in Iran
Hi, Can Iranians who have servers and are using VPNs, tunnels, proxies or any other tools to circumvent the current state of censorship please comment below their setups and briefly explain the config they are using? You can also add a list of pros and cons if you want so others can use this info. I.E. : vless+ws and without tls or xtls is working on most if not all servers and performance is not bad but some websites and apps struggle a lot or wont work at all. (correct me if you have a different experience) pros: easy to setup and use, very popular and relatively cheap cons: not really stable, some websites and apps don't work, ubuntu web-ui client is confusing, mostly in Chinese
That x-ui i just translated it weeks ago,but its no good for sake of keepin it up.for performance there is hysteria and naiveproxy quic protocol. and ffs people fucked so many vps and when i buy single vps from anywhere and boom its already black listed; so plz set it up correct and good and keep it up atleast 2 weeks, if you cant ask someone and idk pay that shit but dont blow up ips.
@alirezaac Don't hysteria and naiveproxy require TLS? If so, what CDN should we use considering Cloudflare being banned? Do you have any tutorials, install scripts or web-UIs for any of them or should we just install and config them manually? If you are buying servers from Iranian providers, DO NOT! If you want I can give you about a dozen foreign provider names you can buy cheap servers from. You can PM me if you want because I don't want my provider getting blasted.
There is oneclicks and there is manuals, most thing is to not falling in active probes and tls fingerprintings first, then comes cdn for insurance, if you had a websocket and it got closed well they are doing tricky things, there is delay and real delay(you can test with v2rayn) so they add another delay to find timedout error in your WS packet, and you will get blacklisted easily. so configuring manually is a priority. github don't have a PM or dm so on you leave a contact way if you mind, i really have problem with finding vps after a month things F ed up.
TLS does not really require a CDN setup. A domain name is all that's necessary to enable TLS.
CDN setup (e.g. CF as both DNS server and proxy for your VPS-hosted proxy) is optional and is meant for additional protection of the IP of your VPS. Although most CloudFlare IPs are currently blocked from working as CDNs.
Well done on the fork of X-UI @alirezaac 👌
We are also building tool in our organisation to make it easier setup new servers and protocols (that actually work) Have a look and we can collaborate on a few of them.
@OnceUponATimeInAmerica I knew it was that way with v2ray and I never bothered because my servers don't have much traffic. I thought it was mandatory for Hysteria and naiveproxy.
Shadowsocks v2ray plugin works same as vless but your problem with specific websites is inn your client side dns route here is a solution for android users
https://github.com/shadowsocks/shadowsocks-android/issues/2670 For IOS i can only help you with shadowrocket app which is not a free app because i didn’t find a free app on iOS that supports v2ray plugin so u wether need to put your global routing on proxy instead of config or manually fix your routing config But for some apps I still experiencing some difficulties to be more specific games because they working via cellular but wont work with wifi for instance mobile legends and i still working to figure it out which i would appreciate it if anybody can help me with
@navid1100 that's exactly my experience too. Thanks for the info. For ios there is an app called "fair".
Yea vless works on fair but it doesn’t support shadowsocks over v2ray plugin and another problem with fair is that there is no settings option available on it its too simple to work with and you can’t change anything on it rather than shadowsocks on android or shadowrocket on ios that come with a lot of options and logs But back to the problem these two protocols are working well and opening all sites and common apps except for mobile legends and maybe some other games that literally works fine on cellular data but wont work on wifi that is odd and confusing
Shadowsocks v2ray plugin works same as vless but your problem with specific websites is inn your client side dns route here is a solution for android users
shadowsocks/shadowsocks-android#2670 For IOS i can only help you with shadowrocket app which is not a free app because i didn’t find a free app on iOS that supports v2ray plugin so u wether need to put your global routing on proxy instead of config or manually fix your routing config But for some apps I still experiencing some difficulties to be more specific games because they working via cellular but wont work with wifi for instance mobile legends and i still working to figure it out which i would appreciate it if anybody can help me with
For iOS try napsternetv.
@navid1100 well I'm using vless and I can't figure out for the life of me how to proxy all traffic including DNS. I can play CS-GO but not apex legends and blocked sites like bbc.com just don't open up. I forwarded a port on a local server as a two-hop system and it works pretty well but it's kinda slow and sites still don't open and also the latency got worse.
So are you using android or ios? And also what client are you using ?
Shadowsocks v2ray plugin works same as vless but your problem with specific websites is inn your client side dns route here is a solution for android users shadowsocks/shadowsocks-android#2670 For IOS i can only help you with shadowrocket app which is not a free app because i didn’t find a free app on iOS that supports v2ray plugin so u wether need to put your global routing on proxy instead of config or manually fix your routing config But for some apps I still experiencing some difficulties to be more specific games because they working via cellular but wont work with wifi for instance mobile legends and i still working to figure it out which i would appreciate it if anybody can help me with
For iOS try
napsternetv.
Already have it but wont work for me i guess ether it wont work with shadowsocks v2ray plugin or there is some internal config that I couldn’t find it does have v2ray import but its doesn’t mention shadowsocks in it
So are you using android or ios? And also what client are you using ?
v2rayNG for android, V2rayA for ubuntu and Netch for windows.
Why don’t you try shadowsocks for android if it supports vless and the problem is that your client trying to route through local dns the mentioned sites are blocked on local dns so you need to put bypass all instead of bypass lan idk about those clients but if you cant find these settings on your clients its possible that your client doesn’t have this option or you can’t find it the client you mentioned for ios fair doesn’t have this issue and routes all through the proxy by default so if it exists on android that a good idea to try it
... idk about those clients but if you cant find these settings on your clients its possible that your client doesn’t have this option ...
My ubuntu client has a mode for forwarding dns and also a mode for fakedns and upon using them most things seem right except for speedtest.net which open but can't test the speed and sometimes it takes a long time for sites to load or I have to reload them in order for them to open. This is all related to the client tho and I will open a new issue on said client and ask them. Also, I'm sorry but I couldn't connect with the shadowsocks android app and the v2ray plugin to my vless server and at this point I just give up and will proceed to stay in bed and be depressed and cry for now (jk (or am I?)).
Yea vless works on fair but it doesn’t support shadowsocks over v2ray plugin and another problem with fair is that there is no settings option available on it its too simple to work with and you can’t change anything on it rather than shadowsocks on android or shadowrocket on ios that come with a lot of options and logs But back to the problem these two protocols are working well and opening all sites and common apps except for mobile legends and maybe some other games that literally works fine on cellular data but wont work on wifi that is odd and confusing
Well your correct mate; they keep dns poisoning the DSL networks so vless or vmess works only on your supposed websites. for ios i guess ADGAURD DNS have such option. for windows im now using yoga dns. this is something at gateway lvl, the more they keep it the more devices become unusable. its not the cost benefit they can keep up with😁
Shadowsocks v2ray plugin works same as vless but your problem with specific websites is inn your client side dns route here is a solution for android users shadowsocks/shadowsocks-android#2670 For IOS i can only help you with shadowrocket app which is not a free app because i didn’t find a free app on iOS that supports v2ray plugin so u wether need to put your global routing on proxy instead of config or manually fix your routing config But for some apps I still experiencing some difficulties to be more specific games because they working via cellular but wont work with wifi for instance mobile legends and i still working to figure it out which i would appreciate it if anybody can help me with
For iOS try
napsternetv. for wifi i am investigating, and things i can confirm that they are forcing tls version to lower, dns poisoning
... idk about those clients but if you cant find these settings on your clients its possible that your client doesn’t have this option ...
My ubuntu client has a mode for forwarding dns and also a mode for fakedns and upon using them most things seem right except for speedtest.net which open but can't test the speed and sometimes it takes a long time for sites to load or I have to reload them in order for them to open. This is all related to the client tho and I will open a new issue on said client and ask them. Also, I'm sorry but I couldn't connect with the shadowsocks android app and the v2ray plugin to my vless server and at this point I just give up and will proceed to stay in bed and be depressed and cry for now (jk (or am I?)).
If you can keep working with adgaurd dns and your fair vless so let me know the result.
Thanks for reply But so you know there are 2 separate issues here which i gonna list:
- dns leak on client side which i took care of but our guy poorp cant since his/her client is different and he don’t know how to do it or it’s client doesn’t have the option in his position he can try you method too
- After fixing dns leak by routing all through your proxy server there is a problem with some games any maybe some other app who knows for now my only problem is games which are hard to look up to since i have fewer logs to look up to the only thing i can tell is its not about the dns leak and routing since i already using shadowrocket and fixed that and it works fine on mobile data but if i connect to a wifi router it won’t work (both DSL and 4/5G outdoor technology called zitel) but irancell 4G works through mobile data
Thanks for reply But so you know there are 2 separate issues here which i gonna list:
- dns leak on client side which i took care of but our guy poorp cant since his/her client is different and he don’t know how to do it or it’s client doesn’t have the option in his position he can try you method too
- After fixing dns leak by routing all through your proxy server there is a problem with some games any maybe some other app who knows for now my only problem is games which are hard to look up to since i have fewer logs to look up to the only thing i can tell is its not about the dns leak and routing since i already using shadowrocket and fixed that and it works fine on mobile data but if i connect to a wifi router it won’t work (both DSL and 4/5G outdoor technology called zitel) but irancell 4G works through mobile data
Excatly, and no one noticed it cause the ASIS settings are set for chinese dns. so we need to find good DOH and dnscrypt for this region first, the problem with games is NAT TYPE and additional delay they are puting in packets in search of WS connections. for the Nat type use nat type testers, likely its 4 and games dont like that. You can go for Hysteria and quic things, hystera have better ip mapping and better performance for gaming. but carefull using udp on some vps services. they have weird rules. the delay problem still exist and make long polling and WS poor performance(maybe self host some dns and test).
Thanks for reply and link it was quite useful and i wished i had it since the beginning but what i don’t understand is that why on earth irancell mobile data works fine and wifi doesn’t also when i first realized that i need to configure shadowsucks on my vps as soon as i got it done and tested it was ok and i could join the game at the beginning i mean the ping was high but since it connected successfully and it was a canada server everything was fine I mean it worked so what did change?
I don't use irancell full time but i noticed they are adding delay, in terms of nat type its ip mapping and they might change it, and whenever you add a layer on it it change, the projects like hysteria helps you map it correct so it seems you didn't change anything.(i suspect nat because fifa had same problem in iran) so on the other side it is good to have other new protocols too so we can have more adoptions on the total bandwidth. so first easy thing is now is to check your NAT(netchx client has one it shows on bottom left). so its better have quic protocol project running for gaming(running dota 2 on Hysteria better ping than normal connection) its more like blood type 1.Open NAT: If you have Open NAT, it means you’re able to communicate with other people, easily join and host multiplayer games with anyone regardless of their NAT type. 2. Moderate NAT: A Moderate NAT type means you’re able to communicate and join multiplayer games with a few people. However, you won’t be able to hear or play with some players. 3. Strict NAT: A Strict NAT type means you’re only able to communicate and play multiplayer games with those online players who have an Open NAT type. some might say this is not important but it is Video calls can be affected too.
Yea i can see but still can’t figure why old fashion vpns didn’t need that and also is whatsapp call problem also caused by nat problem??
I don't use irancell full time but i noticed they are adding delay, in terms of nat type its ip mapping and they might change it, and whenever you add a layer on it it change, the projects like hysteria helps you map it correct so it seems you didn't change anything.(i suspect nat because fifa had same problem in iran) so on the other side it is good to have other new protocols too so we can have more adoptions on the total bandwidth. so first easy thing is now is to check your NAT(netchx client has one it shows on bottom left). so its better have quic protocol project running for gaming(running dota 2 on Hysteria better ping than normal connection) its more like blood type 1.Open NAT: If you have Open NAT, it means you’re able to communicate with other people, easily join and host multiplayer games with anyone regardless of their NAT type. 2. Moderate NAT: A Moderate NAT type means you’re able to communicate and join multiplayer games with a few people. However, you won’t be able to hear or play with some players. 3. Strict NAT: A Strict NAT type means you’re only able to communicate and play multiplayer games with those online players who have an Open NAT type. some might say this is not important but it is Video calls can be affected too.
I mean i just remembered that none of my vpn connections couldn’t establish a call on whatsapp neither voice call nor video call ..it does go on ringing but as soon as other side answering the call it goes on connecting and fail
I don't use irancell full time but i noticed they are adding delay, in terms of nat type its ip mapping and they might change it, and whenever you add a layer on it it change, the projects like hysteria helps you map it correct so it seems you didn't change anything.(i suspect nat because fifa had same problem in iran) so on the other side it is good to have other new protocols too so we can have more adoptions on the total bandwidth. so first easy thing is now is to check your NAT(netchx client has one it shows on bottom left). so its better have quic protocol project running for gaming(running dota 2 on Hysteria better ping than normal connection) its more like blood type 1.Open NAT: If you have Open NAT, it means you’re able to communicate with other people, easily join and host multiplayer games with anyone regardless of their NAT type. 2. Moderate NAT: A Moderate NAT type means you’re able to communicate and join multiplayer games with a few people. However, you won’t be able to hear or play with some players. 3. Strict NAT: A Strict NAT type means you’re only able to communicate and play multiplayer games with those online players who have an Open NAT type. some might say this is not important but it is Video calls can be affected too.
I mean i just remembered that none of my vpn connections couldn’t establish a call on whatsapp neither voice call nor video call ..it does go on ringing but as soon as other side answering the call it goes on connecting and fail
Because i'm acting like a website that stores my backups(the lie to fuck DPI) and the website tries to call my friend through whatsapp(the truth😁) that's the logic behind it, and it can be done if the application's design works in this circumstance.
and remember no matter what server you run(xray v2fly what ever) run the fake website because its gonna be checked for traffic. its better to have it than not, you supposed to be website not the sneaky traffic.
About that i was considering to run a actual website instead of a fake one if it gonna help (a useless one ofc) but back to the last question I didn’t get it really what was the answer is it a nat problem or not i mean can i fix it by fixing nat ?? I mean i got tge logic but not the answer
Imo connecting fine so as insta call and telegram but whatsapp doesn’t like the easy way..😅
Well as i said it depends on mapping my problem was tg call go to other projects have them side by side its hard for a website to do all that job(you have on side of connection limited). you will get better ping and better ip mapping(losing the stealthiness of connection is the price). do not centralize on one project.