←back to thread

Ask HN: The government of my country blocked VPN access. What should I use?

1309 points rickybule | 2 comments | 28 Aug 25 16:43 UTC | HN request time: 0.022s | source

Indonesia is currently in chaos. Earlier today, the government blocked access to Twitter & Discord knowing news spread mainly through those channels. Usually we can use Cloudflare's WARP to avoid it, but just today they blocked the access as well. What alternative should we use?
Show context
Humorist2290 ◴[28 Aug 25 17:04 UTC] No.45054496[source]
- Tor. Pros: Reasonably user friendly and easy to get online, strong anonymity, free. Cons: a common target for censorship, not very fast, exit nodes are basically universally distrusted by websites.

- Tailscale with Mullvad exit nodes. Pros: little setup but not more than installing and configuring a program, faster than Got, very versatile. Cons: deep packet inspection can probably identify your traffic is using Mullvad, costs some money.

- Your own VPSs with Wireguard/Tailscale. Pros: max control, you control how fast you want it, you can share with people you care about (and are willing to support). Cons: the admin effort isn't huge but requires some skill, cost is flexible but probably 20-30$ per month minimum in hosting.

replies(12): >>45054512 #>>45054517 #>>45054567 #>>45054628 #>>45054699 #>>45054720 #>>45055029 #>>45055389 #>>45055401 #>>45055431 #>>45056362 #>>45059374 #
codethief ◴[28 Aug 25 18:31 UTC] No.45055401[source]
> - Tailscale with Mullvad exit nodes

Tailscale is completely unnecessary here, unless OP can't connect to Mullvad.net in the first place to sign up. But if the Indonesian government blocks Mullvad nodes, they'll be out of luck either way.

> - Your own VPSs with Wireguard/Tailscale

Keep in mind that from the POV of any websites you visit, you will be easily identifiable due to your static IP.

My suggestion would be to rent a VPS outside Indonesia, set up Mullvad or Tor on the VPS and route all traffic through that VPS (and thereby through Mullvad/Tor). The fastest way to set up the latter across devices is probably to use the VPS as Tailscale exit node.

replies(1): >>45056373 #
1. jkaplowitz ◴[28 Aug 25 19:58 UTC] No.45056373[source]
Tailscale + Mullvad does have a privacy advantage over either one by itself: the party that could potentially spy on the VPN traffic (Mullvad) doesn’t know whose traffic it is beyond that it’s a Tailscale customer. Any government who wanted to trace specific traffic back to OP would need to get the cooperation of both Mullvad and Tailscale, which is a lot less likely than even the quite unlikely event of getting Mullvad to cooperate.
replies(1): >>45058728 #
2. codethief ◴[29 Aug 25 00:50 UTC] No.45058728[source]
True, but OP's threat model doesn't involve state actors outside Indonesia, so traffic analysis of the "last mile" between Mullvad node and whatever non-Indonesian service OP is trying to use (Twitter, Discord, …) is not really relevant here. (Assuming Indonesia doesn't have capabilities we don't know of.)

What might be more interesting is the case where the Indonesian government forces Twitter/Discord to give up IP addresses (which I find hard to believe but it's certainly not impossible). But then they'd still have to overcome Mullvad. It's much more likely that if OP has an account on Twitter/Discord, it is already tied to their person in many ways, and this would probably be the main risk here.