Ask HN: The government of my country blocked VPN access. What should I use?

1308 points rickybule | 2 comments | 28 Aug 25 16:43 UTC | HN request time: 0.613s | source

Indonesia is currently in chaos. Earlier today, the government blocked access to Twitter & Discord knowing news spread mainly through those channels. Usually we can use Cloudflare's WARP to avoid it, but just today they blocked the access as well. What alternative should we use?

Show context

bdd8f1df777b ◴[29 Aug 25 09:00 UTC] No.45061811[source]▶

>>45054260 (OP) #

If you need to bypass censorship, you'll need a tool specifically designed for anti-censorship, rather than any one repurposed for that.

Since China has the most advanced network censorship, the Chinese have also invented the most advanced anti-censorship tools.

The first generation is shadowsocks. It basically encrypts the traffic from the beginning without any handshakes, so DPI cannot find out its nature. This is very simple and fast and should suffice in most places.

The second generation is the Trojan protocol. The lack of a handshake in shadowsocks is also a distinguishing feature that may alert the censor and the censor can decide to block shadowsocks traffic based on suspicions alone. Trojan instead tries to blend in the vast amount of HTTPS traffic over the Internet by pretending to be a normal Web server protected by HTTPS.

After Trojan, a plethora of protocol based on TLS camouflaging have been invented.

1. Add padding to avoid the TLS-in-TLS traffic characteristics in the original Trojan protocol. Protocols: XTLS-VLESS-VISION.

2. Use QUIC instead of TCP+TLS for better performance (very visible if your latency to your tunnel server is high). Protocols: Hysteria2 and TUIC.

3. Multiplex multiple proxy sessions in one TCP connection. Protocols: h2mux, smux, yamux.

4. Steal other websites' certificates. Protocols: ShadowTLS, ShadowQUIC, XTLS-REALITY.

Oh, and there is masking UDP traffic as ICMP traffic or TCP traffic to bypass ISP's QoS if you are proxying traffic through QUIC. Example: phantun.

replies(7): >>45061881 #>>45062023 #>>45062220 #>>45062335 #>>45062348 #>>45063468 #>>45063689 #

tarruda ◴[29 Aug 25 10:06 UTC] No.45062220[source]▶

>>45061811 #

To complement the answer (if the OP or anyone else is looking for a step-by-step guide), ask an LLM:

" Give me step by step instructions on how to setup trojan client/server to bypass censorship. Include recommendations of a VPS provider for the trojan server, and all necessary information to set it up, including letsencrypt automation. Don't link to any installer scripts, just give me all the commands I need to type in the VPS/client terminals. Assume Ubuntu 22.04 for both client and server. "

ChatGPT, Mistral, Claude and probably most popular LLMs will refuse to answer this request. Funny that DeepSeek (https://chat.deepseek.com) will comply despite it being from China.

Another option is to use local LLMs. I've tested this with GPT-OSS-120b and Gemma 3 27b(https://huggingface.co/google/gemma-3-27b-it-qat-q4_0-gguf/) and both seems to work.

replies(12): >>45062285 #>>45062337 #>>45062636 #>>45062664 #>>45062992 #>>45063439 #>>45064335 #>>45064388 #>>45065488 #>>45065514 #>>45068784 #>>45089590 #

1. tcfhgj ◴[29 Aug 25 15:38 UTC] No.45065514[source]▶

>>45062220 #

ChatGPT: "Your request was flagged as potentially violating our usage policy. Please try again with a different prompt."

replies(1): >>45066665 #

2. balder1991 ◴[29 Aug 25 17:05 UTC] No.45066665[source]▶

>>45065514 (TP) #

Also possibly reported: https://futurism.com/openai-scanning-conversations-police

↑