Looks like it's mostly DNS-based. Meh. But still, this underscores the importance of operating your own VPN if you want to maintain comms through the silly twitches of a gov't like this. The biggest VPN providers are the first to be targeted. Even just having an SSH host outside the country will do fine.
On another note, I recently set up a Tor bridge with pluggable transports to help those in choked areas. It was a fun homelab challenge, and a good way to spread my privilege of having a free connection.
A VPS with a simple SSH server on a nonstandard port, maybe with some port knocking if you think you might be scanned or targeted by accessing from the offending country will do the trick just fine, keeping things reaaaally low profile.
I have my vpn served via port 443 on a server that also runs a website on that same port. But I think there's better ways to make it hard for attackers to block me.
It's actually infuriating this ban. I'm from SL, currently on Nord VPN which hasn't been blocked by 1 of the major ISPs. Both major ISPs are aggressively blocking standard open vpn traffic however. I'm not entirely sure how since this is not my knowledge domain but a default open vpn setup on digital ocean (even on port 443) results in a timeout when contacting the server
I don't understand why one ISP is still allowing Nord and express vpn through. If anyone is open to debug this and help create a work around I'd love help. Feels like a good time to test things.
In the meantime people are using dubious vpn providers and are opening themselves up as easy targets. I dread what would happen if a malicious party created a vpn with malicious intent and then spent some bucks on targeted advertising in SL on the app stores.
This block is such a shit move really. It's become the gov's default crisis time response in the name of national security.
OpenVPN, like many other VPN protocols, does not have censorship resistance as part of its design goals. So, I'm guessing that its traffic patterns are quite easy to detect.
You should have better luck with something like Shadowsocks, or even better, Shadowsocks over a SSH tunnel. There are probably better and more potent alternatives that I'm not familiar with. If you just want to do regular web browsing, a simple thing to try is to just use "ssh -D" for a SOCKS5 proxy and configure your browser to use the proxy.
Also, a possible first step in debugging is to run the same server setup in the same country as the client and see whether it allows you to connect to a domestic server. If it doesn't, it's probably a problem with your client/server setup as the state's firewall probably doesn't need to block domestic VPN connections.
The sad fact is that oppressive governments don't really care. A few geeks who can pierce the firewall are no threat, the government just needs to choke the internet enough to prevent the general public from organising.
Speaking of shadowsocks, I really feel sorry for the author.. I believe his final words were "I hope one day I'll live in a country where I have freedom to write any code I like without fearing"
In the second incident listed above, social media was used both as a vector to spread hate speech and misinformation, and also to help mobs organize.
Regarding the current social media block: at the start, I felt this to be reasonable, as it made sense to slow the spread of misinformation/hate speech for a couple of days, until people's emotions cool down. However, the blocks still continue - and I see no clear justification for continuing them for so long.
I'm guessing this is just an attempt to make the social media blocks more effective. And I suppose the purpose of blocking social media is to suppress public discussion and criticism, which is intended to prevent social unrest like protesting, riots or a sudden change in government? I'm not too sure; it's hard to understand from within a society where it's considered a fundamental right to criticise the government.
Legitimately curious response: have you tried thinking through the answer to this question, and if so, what seems like the likely answer in your view? If not, why not?
I believe there's a lot of potential for CDNs and major sites to offer anti-censorship pass through traffic with HTTP/2 via CONNECT. By having a multiplexed protocol with multiple streams that spans "normal" traffic and tunneled traffic, it should be harder to identify. This would allow major sites or CDN providers to provide service to those people behind such bans and possibly require governments to break a significant portion of the web in order to institute those blocks. I think it's valuable to increase the damage done by government blocking so we can ensure that mainstream persons are sufficiently upset by this conduct. I also think CloudFlare and other major CDN providers should be the ones to provide this type of VPN access either as a product or as a special case offering for people in countries who censor the web.
I realize there are many businesses who wouldn't damage their primary offerings to provide such a secondary service. But it only takes one or two companies to increase the collateral damage of the bans, and thus make them much more costly for the governments imposing them.
Cloudflare also built and opensourced a rust implementation of wireguard which will likely back the service [0], but unfortunately, they didn't collaborate with upstream.
Blocks like this are why I always recommend friends overseas to not use a VPN for which they've ever seen an advertisement. The small guys offer performance that's just as good and the big guys having ten times the number of servers doesn't help when their whole list can be blocked in an instant.
[+] [-] abstractbarista|7 years ago|reply
On another note, I recently set up a Tor bridge with pluggable transports to help those in choked areas. It was a fun homelab challenge, and a good way to spread my privilege of having a free connection.
[+] [-] fb03|7 years ago|reply
[+] [-] obtino|7 years ago|reply
[+] [-] TomK32|7 years ago|reply
[+] [-] darkhorn|7 years ago|reply
Firefox has build-in DNS over HTTPS. That will help.
[+] [-] nstart|7 years ago|reply
I don't understand why one ISP is still allowing Nord and express vpn through. If anyone is open to debug this and help create a work around I'd love help. Feels like a good time to test things.
In the meantime people are using dubious vpn providers and are opening themselves up as easy targets. I dread what would happen if a malicious party created a vpn with malicious intent and then spent some bucks on targeted advertising in SL on the app stores.
This block is such a shit move really. It's become the gov's default crisis time response in the name of national security.
[+] [-] ArchD|7 years ago|reply
You should have better luck with something like Shadowsocks, or even better, Shadowsocks over a SSH tunnel. There are probably better and more potent alternatives that I'm not familiar with. If you just want to do regular web browsing, a simple thing to try is to just use "ssh -D" for a SOCKS5 proxy and configure your browser to use the proxy.
Also, a possible first step in debugging is to run the same server setup in the same country as the client and see whether it allows you to connect to a domestic server. If it doesn't, it's probably a problem with your client/server setup as the state's firewall probably doesn't need to block domestic VPN connections.
[+] [-] mig39|7 years ago|reply
https://www.thehindu.com/news/international/sri-lanka-bans-d...
[+] [-] chelovek89|7 years ago|reply
[+] [-] praptak|7 years ago|reply
[+] [-] abc-xyz|7 years ago|reply
[+] [-] ianlevesque|7 years ago|reply
[+] [-] npsomaratna|7 years ago|reply
Historically, the people here have engaged in "knee-jerk" violence following an initial inflammatory incident; see:
https://en.wikipedia.org/wiki/Black_July
https://en.wikipedia.org/wiki/2018_anti-Muslim_riots_in_Sri_...
In the second incident listed above, social media was used both as a vector to spread hate speech and misinformation, and also to help mobs organize.
Regarding the current social media block: at the start, I felt this to be reasonable, as it made sense to slow the spread of misinformation/hate speech for a couple of days, until people's emotions cool down. However, the blocks still continue - and I see no clear justification for continuing them for so long.
[+] [-] sjy|7 years ago|reply
[+] [-] jessedhillon|7 years ago|reply
[+] [-] devoply|7 years ago|reply
[+] [-] jgowdy|7 years ago|reply
I believe there's a lot of potential for CDNs and major sites to offer anti-censorship pass through traffic with HTTP/2 via CONNECT. By having a multiplexed protocol with multiple streams that spans "normal" traffic and tunneled traffic, it should be harder to identify. This would allow major sites or CDN providers to provide service to those people behind such bans and possibly require governments to break a significant portion of the web in order to institute those blocks. I think it's valuable to increase the damage done by government blocking so we can ensure that mainstream persons are sufficiently upset by this conduct. I also think CloudFlare and other major CDN providers should be the ones to provide this type of VPN access either as a product or as a special case offering for people in countries who censor the web.
I realize there are many businesses who wouldn't damage their primary offerings to provide such a secondary service. But it only takes one or two companies to increase the collateral damage of the bans, and thus make them much more costly for the governments imposing them.
[+] [-] DenseComet|7 years ago|reply
Cloudflare also built and opensourced a rust implementation of wireguard which will likely back the service [0], but unfortunately, they didn't collaborate with upstream.
[0] https://github.com/cloudflare/boringtun
[+] [-] Causality1|7 years ago|reply
[+] [-] octosphere|7 years ago|reply
[+] [-] deependra|7 years ago|reply
[+] [-] andreimiulescu|7 years ago|reply
[+] [-] aaron695|7 years ago|reply
[deleted]