Tell HN: Russia has started blocking OpenVPN/WireGuard connections

Unfortunately, thanks to the Great Firewall of China, there has been a lot of resources put in to fingerprint VPNs and block them by state actors.

Fortunately, however, there is equally years of some of the smartest minds on the planet working to bypass Chinese censorship, so there are some great OpenVPN alternatives.

I really encourage you to look into something like Shadowsocks which Chinese people have found great success in using over the last several years.

In your case, however, it's worth mentioning that if you can't connect at all then it's likely they've blocked the commercial IPs of the VPN nodes.

It's quite sad that projects like Streisand[0] were archived, but I'm sure there are other alternatives that might make it just as easy to roll onto a server.

[0] https://github.com/StreisandEffect/streisand

I have the fortune to reside in Russia-controlled Donbas. Over here they have been blocking all WireGuard connections for a long time. OpenVPN seems to be blocked selectively depending on the host. The government and commerce must need it more than WireGuard.

It isn't consistent. Different ISPs block different hosts and protocols at different times. I assume we are a kind of test and staging environment for censorship in Russia.

In the interest of anonymity I am not going to respond to your questions.

Russian here, living in Russia.

My paid VPN provider stopped working months ago. Then my self-hosted Outline server stopped working. Then my self-hosted OpenVPN stopped working too. Both were hosten on Digital Ocean (Frankfurt).

What currently works for me is self-hosted Outline running on an US server, but I suspect that won't last long.

Looks like I have no choice but to learn how to self-host XRay. A smart friend told me that it still works and is hard to block, but unfortunately he has no personal experience with it -- and no need for it anymore, since he emigrated to another country.

Does anyone here have any experience with XRay / XTLS-Reality?

I don't believe it is true. They might block commercial solutions, but i'm using Wiregiard with exit point in Netherlands right now, works fine (although on certain providers, I've seen some throttling, but that could just be coincidental)

UPD: I asked some friends, some of them have faced probmes. I guess it is not protocol block, but instead combination of protocol and "suspicious" server. Mine has stuff other then VPN running on it, so it might have flown under the radar.

Hey there! Lots of experience with this having lived in China for 2 years. I recommend you look into xray-core or v2ray.

https://github.com/v2fly/v2ray-core

https://github.com/XTLS/Xray-core

Here are my configs: https://github.com/acheong08/notes/tree/main/xray

Why this over WireGuard or OpenVPN or commercial solutions? Because it’s obfuscated and you’re much less likely to get caught. Try hosting a small game server on the same machine as well so the traffic doesn’t look too out of place.

What is interesting is that since 2022 a lot of sites and host services decided to ban access from Russia. Quite often to a very simple things - nothing related to technology. And I don't remember anybody outside Russia found it crazy. (I am too lazy for VPN and accessed through web.archive.org to the most of the stuff). So, when Russia closes some access it is an attack on the freedom. And when West blocks access from Russia it is protection of the freedom :)

For example, I found about some 'world oldest tree' competition through the news that it banned trees from Russia. Curious enough, I found their site and.... it rejected me by IP.

Typing this from Moscow, over OpenVPN. I have been around the country over the last year and am yet to experience protocol-level blocks (although there are credible reports this happened, just not in my experience). It seems like the current wave is about blocking popular providers. Folks with own server, like myself, are not a target so far.

I'd expect the government to cool down expansive internet censorship until the "elections" in March, since hitting the preapproved outcome figures will be harder this way.

You can use wstunnel to bypass firewall. I had many feedbacks from chinese/turkish/iranian people using it with success. Easy to setup also with static binaries.

https://github.com/erebe/wstunnel/

Maybe it's the right place to advertise Snowflake. It's a browser extension that allows people to bypass Tor censorship if I understood correctly : https://snowflake.torproject.org/

Because of the issues with OpenVPN/Wireguard blocking, a few months ago I completely switched to shadowsocks which I think mostly works. But it looks like https://github.com/amnezia-vpn/amneziawg-go -- is the way to go, which is an obfuscated wireguard.

It's worth mentioning that the Russian government has a plan to completely detach the country from the wider Internet. This system has already been tested and is available at the flick of a switch.

Unfortunately, it's probably a matter of time until this system is activated for real and the Iron Curtain drops to the floor. Then Putin will find some way to blame the West and rally against us.

Try SquareX's disposable browser - works for me in China and is basically Remote Browser Isolation but for consumers. It seems free right now - https://www.sqrx.com

Working around DPI blocks is possible as long as you can get your hands on foreign VPS. Just invent your own protocol and use it for yourself. Wrap it with HTTPS or even HTTP, nobody's has resources to analyse every single website protocol.

However some huge ingress/egress traffic to unknown website with few random pages looks very suspiciously. So it's possible to select those websites using statistics analysis.

Now the question to hackers: how do I hide tunnelled traffic so its statistics does not look suspicious?

Ideally one would use some CDN webserver (like cloudflare or amazon), however without encrypted SNI, host is extractable with DPI.

And here I am writing this post via Wireguard VPN through my home router marking traffic to an outside VPN gate with ease.

I haven't been able to use my OpenVPN server since August 2023. All connections are reset. Surprised someone could still use it. Perhaps it was rolled out on a per-ISP basis.

Might be a case of me being too stupid to use ctrl + f

But its very much worth mentioning that Russia has totalitarian laws that criminalize the use of vpns.

Hello, this project can help you solve some problems, but the problems you have are far more complicated than we imagined, so there may not be a good solution for you.

https://github.com/Useful-open-source-project/Share-vpn-buil...

  OpenVPN/WireGuard, a protocol similar to VPN, has been identified. What we use now is a proxy protocol. It is not probabilistically recognized by VPN protocol operators or firewalls. After all, they can also enter AI to help them improve their firewalls, so we  We also have to find ways to resist or improve our agency agreement so that he is no longer afraid of the firewall.

I had a friend recently visit China and he needed access to the real internet and the VPN providers he had used before were blocked.

It took me all of 10 minutes to set up a OpenVPN server in East Asia on DigitalOcean. The container even comes with a client installer that has the parameters preloaded.

Worked fine.

Most probably related with the revolts started in the Russian republic of Bashkortostan the last week.