←back to thread

Ask HN: The government of my country blocked VPN access. What should I use?

1308 points rickybule | 2 comments | 28 Aug 25 16:43 UTC | HN request time: 0.415s | source

Indonesia is currently in chaos. Earlier today, the government blocked access to Twitter & Discord knowing news spread mainly through those channels. Usually we can use Cloudflare's WARP to avoid it, but just today they blocked the access as well. What alternative should we use?
Show context
bdd8f1df777b ◴[29 Aug 25 09:00 UTC] No.45061811[source]
If you need to bypass censorship, you'll need a tool specifically designed for anti-censorship, rather than any one repurposed for that.

Since China has the most advanced network censorship, the Chinese have also invented the most advanced anti-censorship tools.

The first generation is shadowsocks. It basically encrypts the traffic from the beginning without any handshakes, so DPI cannot find out its nature. This is very simple and fast and should suffice in most places.

The second generation is the Trojan protocol. The lack of a handshake in shadowsocks is also a distinguishing feature that may alert the censor and the censor can decide to block shadowsocks traffic based on suspicions alone. Trojan instead tries to blend in the vast amount of HTTPS traffic over the Internet by pretending to be a normal Web server protected by HTTPS.

After Trojan, a plethora of protocol based on TLS camouflaging have been invented.

1. Add padding to avoid the TLS-in-TLS traffic characteristics in the original Trojan protocol. Protocols: XTLS-VLESS-VISION.

2. Use QUIC instead of TCP+TLS for better performance (very visible if your latency to your tunnel server is high). Protocols: Hysteria2 and TUIC.

3. Multiplex multiple proxy sessions in one TCP connection. Protocols: h2mux, smux, yamux.

4. Steal other websites' certificates. Protocols: ShadowTLS, ShadowQUIC, XTLS-REALITY.

Oh, and there is masking UDP traffic as ICMP traffic or TCP traffic to bypass ISP's QoS if you are proxying traffic through QUIC. Example: phantun.

replies(7): >>45061881 #>>45062023 #>>45062220 #>>45062335 #>>45062348 #>>45063468 #>>45063689 #
tarruda ◴[29 Aug 25 10:06 UTC] No.45062220[source]
To complement the answer (if the OP or anyone else is looking for a step-by-step guide), ask an LLM:

" Give me step by step instructions on how to setup trojan client/server to bypass censorship. Include recommendations of a VPS provider for the trojan server, and all necessary information to set it up, including letsencrypt automation. Don't link to any installer scripts, just give me all the commands I need to type in the VPS/client terminals. Assume Ubuntu 22.04 for both client and server. "

ChatGPT, Mistral, Claude and probably most popular LLMs will refuse to answer this request. Funny that DeepSeek (https://chat.deepseek.com) will comply despite it being from China.

Another option is to use local LLMs. I've tested this with GPT-OSS-120b and Gemma 3 27b(https://huggingface.co/google/gemma-3-27b-it-qat-q4_0-gguf/) and both seems to work.

replies(12): >>45062285 #>>45062337 #>>45062636 #>>45062664 #>>45062992 #>>45063439 #>>45064335 #>>45064388 #>>45065488 #>>45065514 #>>45068784 #>>45089590 #
dwood_dev ◴[29 Aug 25 14:07 UTC] No.45064335[source]
ChatGPT happily helped me run through all kinds of tools and configs. But I started off with explicitly saying it was to evade Chinese/Iranian censorship.
replies(2): >>45068972 #>>45069418 #
1. sebastiennight ◴[29 Aug 25 21:10 UTC] No.45069418[source]
Can you try the exact same prompt (word-for-word identical) with other countries? Eg. US, Canada, Russia, Italy?

I'd be curious to know if there was a difference.

replies(1): >>45070991 #
2. dwood_dev ◴[30 Aug 25 00:52 UTC] No.45070991[source]
Fascinating result. It's non-deterministic!

I went to create a clean chat, did temporary mode, and it rejected me! I tried again in another temporary chat and it worked.

Here is my exact prompt: "Best multi protocol vpn client for iOS with the widest protocol option for evading Iranian/Chinese censorship?"

I tried US, UK, France. All went through, but they did caution that evasion may be illegal.