Well, I clicked on your link and took a look.
tls-in-tls refers to the detection of bypassing the GFW protocol XTLS Vision, fixes TLS in TLS, to the star and beyond · XTLS/Xray-core · Discussion #1295 · GitHub, which has nothing to do with your current situation
Your current situation is more like the whitelist in Quanzhou, Fujian, China in 2022
GFW or TSPU’s current processing mechanism is domain blacklist mode, that is, there is a domain name blacklist, SNI blocking is performed on the domains in it, and domains not in it are released, which is relatively loose
But if it is a domain whitelist mode, that is, there is a domain name whitelist, then only the domains in the whitelist can be released, and the rest of the domains are blocked. So the whitelist is much stricter than the blacklist
The same is true for the ip whitelist
At that time, the time was very short, and we didn’t have time to figure out whether it was a simple domain whitelist, a combination of domain whitelist + IP whitelist, or other combinations. . . It ends
If it’s just domain whitelist, there is a solution, which is to “steal” the domain name, ShadowTLS - sing-box ,similar to reality
If it’s an IP whitelist, then there’s no hope, you can think of ways to CDN
You can search these keywords, Quanzhou whitelist or 泉州白名单, I won’t post the relevant links
If all methods fail, you can try Musk’s Starlink, but Russia is also a banned area Starlink | Availability Map