Блокировки в Туркменистане (DPI)

Нужна консультация по методов обхода блокировок. Со своей стороны окажу любую доступную поддержку. Блокировки стали чаще и жестче (IP адреса блокируются сотнями). Помогите советом.

Задавайте вопросы.

It would be helpful if you could help us diagnose blocking of Snowflake in Turkmenistan.

We know from past observations that DNS, HTTP, and HTTPS blocking in Turkmenistan is bidirectional: it can be tested easily from outside the country. In this way, we can see that Snowflake is blocked because the domain-fronting channel to the Snowflake broker is blocked:

$ dig @95.85.120.6 +noedns +short +timeout=5 cdn.sstatic.net
127.0.0.1
↑ DNS injection
$ curl --connect-to ::95.85.120.6: --connect-timeout 5 https://cdn.sstatic.net/ -D -
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to cdn.sstatic.net:443
↑ connection reset

Is the domain www.google.com blocked for you? In my tests it is currently not blocked. If www.google.com (or another Google domain) is not blocked, then we may be able to make Snowflake work again, by using an alternative channel for communication with the broker, AMP cache.

@debian_tm, are you willing to help test AMP cache, to see if it can make Snowflake work in Turkmenistan again? To do it, you will need the latest Tor Browser 11.5a1 (alpha release):

Go into the Tor Browser folder and edit the torrc-defaults file:

platform location
linux Browser/TorBrowser/Data/Tor/torrc-defaults
windows Browser\TorBrowser\Data\Tor\torrc-defaults
osx Contents/Resources/TorBrowser/Tor/torrc-defaults

Find the part that says:

## snowflake configuration
ClientTransportPlugin snowflake exec ...

Delete the following options from the line:

-url https://snowflake-broker.torproject.net.global.prod.fastly.net/ -front cdn.sstatic.net

And replace them with these options:

-url https://snowflake-broker.torproject.net/ -ampcache https://cdn.ampproject.org/ -front www.google.com

Then start Tor Browser, and configure it to use Snowflake as a bridge at about:preferences#tor.

For extra debugging information, you can add -log snowflake.log -log-to-state-dir to the ClientTransportPlugin snowflake line in torrc-default.

The problem with editing torrc-defaults is that the changes will be deleted, the next time the browser updates itself. But if this test works for you, we can look for ways to make the change more permanent and usable.

Does Shadowsocks work in Turkmenistan?

Еще надо проверить не заблокированы ли stun сервера. При необходимости вписать свой. Потому что, например, даже в России блокируются первые два из списка. Не знаю, правда, насколько stun обязателен.

Кстати, говорят некоторые (очень немногие) публичные адреса VPNGate от SoftEther работают в Туркменистане. Попробуйте также I2P (но начальный старт должен быть в чистой сети).

It only needs one of the STUN servers to be unblocked.