Hello! I've got experience working on censorship circumvention for a major VPN provider (in the early 2020s).

- First things first, you have to get your hands on actual VPN software and configs. Many providers who are aware of VPN censorship and cater to these locales distribute their VPNs through hard-to-block channels and in obfuscated packages. S3 is a popular option but by no means the only one, and some VPN providers partner with local orgs who can figure out the safest and most efficient ways to distribute a VPN package in countries at risk of censorship or undergoing censorship.

- Once you've got the software, you should try to use it with an obfuscation layer.

Obfs4proxy is a popular tool here, and relies on a pre-shared key to make traffic look like nothing special. IIRC it also hides the VPN handshake. This isn't a perfectly secure model, but it's good enough to defeat most DPI setups.

Another option is Shapeshifter, from Operator (https://github.com/OperatorFoundation). Or, in general, anything that uses pluggable transports. While it's a niche technology, it's quite useful in your case.

In both cases, the VPN provider must provide support for these protocols.

- The toughest step long term is not getting caught using a VPN. By its nature, long-term statistical analysis will often reveal a VPN connection regardless of obfuscation and masking (and this approach can be cheaper to support than DPI by a state actor). I don't know the situation on the ground in Indonesia, so I won't speculate about what the best way to avoid this would be, long-term.

I will endorse Mullvad as a trustworthy and technically competent VPN provider in this niche (n.b., I do not work for them, nor have I worked for them; they were a competitor to my employer and we always respected their approach to the space).

If you need to bypass censorship, you'll need a tool specifically designed for anti-censorship, rather than any one repurposed for that.

Since China has the most advanced network censorship, the Chinese have also invented the most advanced anti-censorship tools.

The first generation is shadowsocks. It basically encrypts the traffic from the beginning without any handshakes, so DPI cannot find out its nature. This is very simple and fast and should suffice in most places.

The second generation is the Trojan protocol. The lack of a handshake in shadowsocks is also a distinguishing feature that may alert the censor and the censor can decide to block shadowsocks traffic based on suspicions alone. Trojan instead tries to blend in the vast amount of HTTPS traffic over the Internet by pretending to be a normal Web server protected by HTTPS.

After Trojan, a plethora of protocol based on TLS camouflaging have been invented.

1. Add padding to avoid the TLS-in-TLS traffic characteristics in the original Trojan protocol. Protocols: XTLS-VLESS-VISION.

2. Use QUIC instead of TCP+TLS for better performance (very visible if your latency to your tunnel server is high). Protocols: Hysteria2 and TUIC.

3. Multiplex multiple proxy sessions in one TCP connection. Protocols: h2mux, smux, yamux.

4. Steal other websites' certificates. Protocols: ShadowTLS, ShadowQUIC, XTLS-REALITY.

Oh, and there is masking UDP traffic as ICMP traffic or TCP traffic to bypass ISP's QoS if you are proxying traffic through QUIC. Example: phantun.

I also want to add here because a lot of people either mention Tor as a succesful solution, or mention why Tor is not a solution but state completely wrong reasons. And I have a good soapbox to stand once in a while.

Number one reason why Tor is dead is Cloudflare.

Let me digress here. In my opinion, Cloudflare does a lot more censoring than all state actors combined, because they singlehandedly decide if the IP you use is "trustworthy" or "not", and if they decided it is not, you're cut off from like half of the Internet, and the only thing you can do is to look for another one. I'd really like if their engineers understood what Orwellian mammoth have they created and resign, but for now they're only bragging without the realization. Or at least if any sane antitrust or comms agency shred their business in pieces.

And Cloudflare by default makes browsing with Tor unusable. Either you're stuck with endless captchas, or you're banned outright.

Number two reason why Tor is dead is all other antifraud protections combined. Try paying with Stripe through Tor. There is quite a big chance you'll get an "unknown error" of sorts on Stripe side. Try to watch Netflix in Tor - exit nodes are banned.

Everyone kept shouting "Tor bad, Tor for criminals", and it became a self-fulfilling prophecy. It's really hard to do just browse web normally in Tor, because all "normal" sites consider it bad. The "wrong" sites, however, who expect Tor visitors...

I lived in China for a while and there were several waves of VPN blocks. Also very few VPN services even try to actively support VPN-blocking nations anymore. Any commercial offering will be blocked eventually.

What I settled on for decent reliability and speeds was a free-tier EC2 hosted in an international region. I then setup a SOCKS5 server and connected my devices to it. You mentioned Cloudflare so whatever their VM service is might also work.

It's very low profile as it's just your traffic and the state can't easily differentiate your host from the millions of others in that cloud region.

LPT for surviving the unfree internet: GitHub won't be blocked and you'll find all the resources and downloads you need for this method and others posted by Chinese engineers.

Edit: If you're worried about being too identifiable because of your static IP, well it's just a computer, you can use a VPN on there too if you want to!

Australia and UK might soon go down this path.

Something quite depressing is if we (HN crowd) find workarounds, most regular folks won't have the budget/expertise to do so, so citizen journalism will have been successfully muted by government / big media.

- Tor. Pros: Reasonably user friendly and easy to get online, strong anonymity, free. Cons: a common target for censorship, not very fast, exit nodes are basically universally distrusted by websites.

- Tailscale with Mullvad exit nodes. Pros: little setup but not more than installing and configuring a program, faster than Got, very versatile. Cons: deep packet inspection can probably identify your traffic is using Mullvad, costs some money.

- Your own VPSs with Wireguard/Tailscale. Pros: max control, you control how fast you want it, you can share with people you care about (and are willing to support). Cons: the admin effort isn't huge but requires some skill, cost is flexible but probably 20-30$ per month minimum in hosting.

I live in Indonesia, and I don't find any recent news that mention X (formerly Twittwr) and or Discord being blocked by the government. The only relevant news from a quick Google search I can find is about the government threatened to block X due to pornography content in 2024. You can even check for yourself if a domain is blocked by visiting https://trustpositif.komdigi.go.id/.

Also for your unability to access the VPN, as far as my experience goes, in the past some providers do block access to VPN. But, I am not experiencing that for at least the last 5 years.

So, maybe you can try changing your internet provider and see if you can connect to VPN?

As a long-standing supporter of Internet freedoms in Russia, I could advise you to use multiple tools at the same time, to avoid them being blocked.

What would probably work UNLESS they roll out pretty sophisticated DPI that could block by signatures and do active probing:

1. AmneziaVPN (https://amneziavpn.org) - they have the hosted option, or you could run your own on a cheap VPS (preferable). They use Xray/REALITY or a variant of Wireguard with extra padding that confuses DPIs. Should be good enough.

2. Psiphon

3. Lantern

4. Sometimes Tailscale works surprisingly well (even in Russia where they have advanced DPI systems!)

Here's a link to several Tor browser mirrors for you so you could download the VPN software itself:

https://mirror.freedif.org/TorProject/

https://mirrors.mit.edu/torproject/download/

A couple of Tor bridges in case Tor is blocked:

  webtunnel [2001:db8:9947:43ae:8228:97b7:7bd:2c2e]:443 6E6A3FCB09506A05CC8E0D05C7FEA1F5DA803412 url=https://nx2.nexusocean.link ver=0.0.1
  webtunnel [2001:db8:a436:6460:fa7b:318:4e8e:9de3]:443 F76C85011FD8C113AA00960BD9FC7F5B66F726A2 url=https://disobey.net/vM8i19mU4gvHOzRm33DaBNuM ver=0.0.2

Mastodon is not easy for regimes to completely block, and most instances won't block you for using Tor. Mastodon saw a huge migration from Brazil when X was blocked there.

https://joinmastodon.org/

XRay / XTLS-Reality / VLESS work rather fine, and is said to be very hard to detect, even in China.

I followed [1] to set up my own proxy, which works pretty fine. More config examples may be helpful, e.g. [2].

[1]: https://cscot.pages.dev/2023/03/02/Xray-REALITY-tutorial/

[2]: https://github.com/XTLS/Xray-examples/blob/main/VLESS-TCP-XT...

I'm currently traveling in Uzbekistan and am surprised that wireguard as a protocol is just blocked. I use wireguard with my own server, because usually governments just block well known VPN providers and a small individual server is fine.

It's the first time I've encountered where the entire protocol is just blocked. Worth checking what is blocked and how before deciding which VPN provider to use.

Hey there – greetings from one of the most heavily censored regions in the world.

I once considered using an Indonesian VPS to bypass my country's censorship. However, the Indonesian VPS provider actually refused my direct connection request from my country. I was quite frustrated at the time, wondering why they refused me. But now I understand – it turns out these two countries are in cahoots.

Emmm, if you want to break through the censorship, you can start here: https://github.com/free-nodes/v2rayfree

It provides many free proxy nodes that are almost unusable in my country, but might work in Indonesia (although you may need a lot of patience to test which ones actually work).

A good proxy software is Clash.Meta for Linux (you’ll need to install Linux on Windows using VMware, then set up Clash.Meta).

You can start by installing the Windows version of the proxy client software (V2rayN) for a simple way to bypass censorship, but it's not a long-term solution.

A special reminder: these free nodes are not secure (they could very well be "honeypot" lines, but if you're not from my country, the police should have no way of dealing with you). You need to quickly set up your own route by purchasing a U.S. VPS and setting up your own proxy nodes.

Lastly, I recommend a good teacher: ChatGPT. It will solve all the problems you encounter on Linux. Also, use the Chrome browser with translation.

Good luck!

IMO, the safest route for an individual with tech competency is to setup a small instance server in the cloud outside your country and use ssh port forwarding and a proxy to get at information you want.

For an example of a proxy service https://www.digitalocean.com/community/tutorials/how-to-set-...

That will give you a hard to snoop proxy service that should completely circumvent a government blockaid (they likely aren't going to be watching or blocking ssh traffic).

If VPNs don't work for you, I recommend using an anti-censorship tool with an obfuscation protocol like v2ray which is commonly used in China.

https://github.com/v2fly/v2ray-core https://github.com/XTLS/Xray-core https://github.com/net4people/bbs https://en.wikipedia.org/wiki/Great_Firewall

Nations severing peoples connections to the world is awful. I'm so sorry for the chaos in general, and the state doing awful things both.

Go on https://lowendbox.com and get a cheap cheap cheap VPS. Use ssh SOCKS proxy in your browser to send web traffic through it.

Very unfancy, a 30+ year old solution, but uses such primitive internet basics that it will almost certainly never fail. Builtin to everything but Windows (which afaik doesn't have an ssh client built-in).

Tailscale is also super fantastic.

Give Obscura a try, we get around internet restrictions by using QUIC as transport, which looks like HTTP/3 and doesn't suffer from TCP-over-TCP meltdown: https://obscura.net/

Technical details: https://obscura.net/blog/bootstrapping-trust/

Let us know what you think!

Disclaimer: I'm the creator of Obscura.

Probably just an unfortunate timing. Cloudflare is going down in this region [1] at the same time with the protests and unrest caused by the news of a motorcycle taxi driver who got run over by a swat car during a protest [2].

Such coincidence might seems like the government trying to do some damage control by restricting internet access, but I hope that's not what happen here. At the moment, cloudflare status for Jakarta is still "rerouted".

[1] https://www.cloudflarestatus.com/incidents/1chpg2514kq8

[2] https://www.youtube.com/watch?v=-jONV0mb9nw

I would recommend Psiphon [1,2] most (all?) of their code is open source and their main goal is to get around censorship blocks. They do have some crypto side projects but the main product is very solid.

[1] https://psiphon.ca/ [2] https://github.com/Psiphon-Inc

Folks who are looking to bypass censorship, and those who live in countries where their internet connection is not currently censored who would like to help, can look to https://snowflake.torproject.org/

WireGuard should still work. Tons of different providers. I trust Mullvad but ProtonVPN has a free tier. If they start blocking WireGuard, check out v2ray and xray-core. If those get blocked... that means somehow they're restricting all HTTPS traffic going out of the country

If you can still get SSH access and can establish an account with a VPS provider with endpoints outside your country of origin, https://github.com/StreisandEffect/streisand is a little long in the tooth but may still be viable.

In this scenario, Chinese have very rich experience. you need to use the advance proxy tool like clash ,v2ray, shadowsocks etc.

I'm reading posts that indicate (at least some of) the blocking is at the DNS level.

https://old-reddit-com.translate.goog/r/WkwkwkLand/comments/...

Cloudflare says some issue affecting Jakarta has been resolved. They aren't saying what the issue was.

https://www.cloudflarestatus.com/incidents/1chpg2514kq8

The most effective solution is to use X-ray/V2ray with VLESS, or VMESS, or Trojan as a protocol.

Another obfuscated solution is Amnezia

If you are not ready to set up your own VPN server and need any kind of connection right now, try Psiphon, but it's a proprietary centralized service and it's not the best solution.

Furthermore, you can always run another VPN on top of that if you don’t trust the outer one with the actual plaintext traffic.

As a quick solution before implementing the more sophisticated suggestions in this thread, you can try getting a small cheap VPS from somewhere outside and trafficking all your traffic through it via sshuttle[1]. For example, Vultr (not an endorsement) has some with ~$3/month that should be sufficient for your case.

[1] https://github.com/sshuttle/sshuttle

In case known VPN providers are blocked you can pick a small VPS from a hoster like Hetzner and setup your own VPN.

On a related note, does anyone have insight into *why* the Indonesian government is doing this?

I work often in China. I somehow haven’t had my WireGuard VPN back to my own home server blocked, yet. It’s pointed to a domain that also hosts some HTTPS web services so that might help.

Prior to this, pre-Covid I used to use shadowsocks hosted on a DO droplet. Shadowsocks with obfs, or a newer equivalent (v2ray w/ vmess or vless protocol) and obfs (reality seems to be the current hotness) will probably work within Indonesia given their blocking will be way less sophisticated than China. The difference here is that it’s a proxy, not a VPN, but it makes it a lot easier to obfuscate its true nature than a VPN which stands out because obfuscation isn’t in its design.

Hosting on big public VPSs can be double edged. On one hand, blocking DO or AWS is huge collateral. On the other, it’s an obvious VPN endpoint and can help identify the type of traffic as something to block.

If you have access to reddit, r/dumbclub (believe it or not) has some relatively current info but it’s pretty poor signal to noise. Scratch around there for some leads though.

Note that this stuff is all brittle as hell to set up and I usually have a nightmarish time duct-taping it all together. That’s why I’m overjoyed my WireGuard tunnel has worked whenever I’ve visited for a year now.

One other left-field option, depending on your cost appetite, is a roaming SIM. Roaming by design tunnels all data back to your own ISP before routing out so even in China roaming SIMs aren’t blocked. It’s a very handy backup if you need a clear link to ssh into a box to set up the above, for example.

This might not be the case for Indonesia currently, but for countries like Russia, China, Iran most of the mentioned solutions will not work. I've had to evade Russian censorship for years now - the censors (Roskomnadzor) use DPI and other means of classifying network traffic, and currently the following things are outright blocked:

- Tor

- Wireguard and derivatives (incl. Mullvad, Tailscale, ProtonVPN)

- OpenVPN

- Shadowsocks (incl. Outline)

What still works is Xray-core [1] with vless and Reality protocols, whatever those mean. Xray-core is an innovation over v2ray [2]. v2ray might also still work, but I've never tried it. If you have the capacity to run your own VPS, the simplest solution would be to install the 3x-ui [3], which is something like "Xray-core with a simple to use UI in a single package ready-to-use", but you'd also need to setup some basic security measures and a firewall.

For those technically inclined, here [4] is a rough ansible playbook to install 3x-ui on a blank Debian machine. Additional configuration will be needed in the UI itself, there is a lot of online tutorials, and I link to one of them in [5] (in Russian, unfortunately). Don't just trust me blindly, please review before running!

There are also commercial xray-aware VPN providers, but I wouldn't publicly vouch for any of them.

I found it very strange that there is not much info on HN about xray and v2ray, and I also hope it stays this way for most of the people here and not here. However, we live in a weird reality and have to actively engage in such an arms race now.

As a side note, if anyone here has quality info about security of the xray-core implementation, I'd be happy to get familiar. I didn't look at the code myself and still am slightly suspicious, but oh well it works :shrug:

[1]: https://github.com/XTLS/Xray-core

[2]: https://github.com/v2fly/v2ray-core

[3]: https://github.com/MHSanaei/3x-ui/

[4]: https://pastebin.com/DjFQ8c6Z

[5]: https://habr.com/ru/articles/731608/

An expensive but functional option is to enable roaming on a foreign eSIM. Getting an eSIM is relatively easy. Roaming mobile traffic is routed from the country in which the SIM is from, not the country that you're in, meaning that an eSIM from e.g. an American carrier will not be subject to the censorship in your country.

I've used this on multiple trips to China over the past decade (including a trip last year). You can find carriers that will charge very low (or even no) roaming rates.

I’m not sure this is the right conversation right now, but is this thread heading towards “how do we make totalitarian governments become liberal democracies?”

It’s a nice technical question on how to run a VPN but the ultimate goal is not the best technical solution but the ability to avoid detection by the state. And that’s not a technical problem but an opsec one

If someone is participating in online discussions (discord and twitter) to spread local news - then it’s hard to know who is who, and who to trust - and that’s kind of the why Arab spring did not spring “hey wear a red carnation and meet me by the corner” can become a death sentence

The answer to opsec is avoid all digital comms - but at this point you are seriously into “regieme change”, or just as Eastern Europe did, keep your heads down for forty years and hope those who leave you economically behind will half bankrupt them selves bringing you back.

I think in the end, a thriving middle class with a sufficient amount of land reform, wealth taxes which can over a generation push for liberalisation sounds a good idea.

Our job in the very lucky liberal West is to keep what our forefathers won, and then push it further to show why our values are worth the sacrifice in copying

I'm in Indonesia right now as well and my Proton VPN still works. But I would see it as a short-term solution.

I'd recommend using Outline - it's a one click setup that lets you provision your own VPN on a cloud provider (or your own hardware).

Since you get to pick where the hardware is located and it is just you (or you and a small group of friends & family) using the VPN, blocking is more difficult.

If you don't want the hassle of using your own hardware you can rent a Digital Ocean droplet for <$5 per month.

https://getoutline.org/

AmneziaWG client worked just fine with normal Wireguard servers in Egypt where official Wireguard clients doesn't, WGTunnel app on android support both protocols.

https://github.com/amnezia-vpn/amneziawg-go https://github.com/wgtunnel/wgtunnel

What is going on if you don’t mind my asking? Our local news does not mention anything. Nor does ddging help? Any sources?

You should use people power to work to make Indonesia a more open, democratic society.

Yes, it's hard work. Yes, it will take a long time. Yes, you personally may not get very far with your efforts.

But if Indonesians don't take responsibility for and work to improve Indonesia then the rest of it doesn't matter.

It very much depends on how the block is implemented technically.

I can only talk about Russia where I'm from — we have quite a lot of success with DPI bypass tools like GoodbyeDPI. If that fails, use VPN protocols specifically designed for censorship circumvention, like VLESS. Better yet, get yourself a VDS in another country and self-host your VPN there.

Wireguard or OpenVPN might work, if someone has a server set up, set up your client to connect.

If those don't work you can try something like wssocks (https://github.com/genshen/wssocks) or wstunnel (https://github.com/erebe/wstunnel). It tunnels connections through WebSockets, so you can make the connection look like a regular HTTPS connection. Another option would just be a regular-old HTTPS proxy (Nginx, Apache2, etc). Set up an HTTPS proxy somewhere on the internet, connect through it, but configure it to return a regular web page if someone tries to make a non-proxy connection through it. Another tool that may help setting up is chisel (https://github.com/jpillora/chisel). Those HTTPS ones may work if, when authorities connect to the host, it returns pages that look like some kind of private video server. (Maybe run an actual video server, in addition to the proxy...) Also, try to enforce TLS 1.3 for the HTTPS server.

And another option, if all else fails, is to run a straight-up SOCKS proxy over the internet, on a weird port. It might be so obvious they aren't looking for it.

To mask your DNS requests with the SOCKS proxy, use something like Tor-DNS (https://github.com/bfix/Tor-DNS), or set up a VPN through the SOCKS proxy and use DNS through that route. Another option is DNS-over-HTTPS.

Chinese have developed a significant amount of sophisticated tools countering internet censorship. V2ray as far as I recall is the state-of-the-art.

To use them, one need to first rent a (virtual) server somewhere from a foreign cloud provider as long as the payment does not pose a problem. The first step sometimes proves difficult for people in China, but hopefully Indonesia is not at that stage yet. What follows is relatively easy as there are many tutorials for the deployment like: https://guide.v2fly.org/en_US/

Somewhat dated read here:

https://www.reddit.com/r/Tailscale/comments/16zfag4/travelin...

Some good ideas, though. There seems to be OSS alternatives for TailScale control servers which would make it harder to block - I'd go that route. The top recommendation boils down to, "Set up several different methods, and one will always work".

As someone based in China, it's a bit surprising that techniques used by Chinese people get very few mentions here, while I do think they are quite effective against access blocking, especially after coevolving with GFW for the past decade. While I do hope blocking in Indonesia won't get to GFW level, I will leave this here in case it helps.

I found this article [0] summarizing the history of censorship and anti-censorship measures in China, and I think it might be of help to you if the national censorship ever gets worse. As is shown in the article, access blocking in China can be categorized into several kinds: (sorted by severity)

1. DNS poisoning by intercepting DNS traffic. This can be easily mitigated by using a DOT/DOH DNS resolver.

2. Keyword-based HTTP traffic resetting. You are safe as long as you use HTTPS.

3. IP blocking/unencrypted SNI header checking. This will require the use of a VPN/proxy.

4. VPN blocking by recognizing traffic signatures. (VPNs with identifiable signatures include OpenVPN and WireGuard (and Tor and SSH forwards if you count those as VPNs), or basically any VPN that was designed without obfuscation in mind.) This really levels up the blocking: if the government don't block VPN access, then maybe any VPN provider will do; but if they do, you will have a harder time finding providers and configuring things.

5. Many other ways to detect and block obfuscated proxy traffic. It is the worse (that I'm aware of), but it will also cost the government a lot to pull off, so you probably don't need to worry about this. But if you do, maybe check out V2Ray, XRay, Trojan, Hysteria, NaiveProxy and many other obfuscated proxies.

But anyways, bypassing techniques always coevolve with the blocking measures. And many suggestions here by non-Indonesian (including mine!) might not be of help. My personal suggestion is to find a local tech community and see what techniques they are using, which could suit you better.

[0] https://danglingpointer.fun/posts/GFWHistory

Years ago, I created a very basic HTTP proxy using Google Cloud. The idea relies on Google Cloud wouldn't be blocked because the industry in that country probably also needs Google Cloud to function, so the government couldn't touch it.

You can see it here: https://github.com/paddlesteamer/gcrproxy. I don't know whether it works or not (maybe something has changed; it is very old code), but the idea beneath it remains. And I think it is also applicable to other cloud services, too. Cheaper (even free to some point) than having your own VPS.

Give Trojan proxy a try. It's supposed to go unnoticed since it works on the https port 443. Something like: https://www.anonymous-proxies.net/products/residential-troja... If you get it with a residential IP is even better. Works great in Iran and China and i suspect will wotk great for you too

Personally, I like Amnezia VPN, it has some ways to work around blocks: https://amnezia.org/en You can very easily self-host it, their installer automatically works on major cloud platforms.

Though if Indonesia has blocked VPNs only now, possibly they only block major providers and don't try to detect the VPN protocol itself, which would make self-hosting any VPN possible.

Just curious: Anyone know if things like Starlink are viable?

The thing about fighting against vpn blocks is that if you win, the govt can just turn off the internet. Something like starlink would be ideal in these circumstances, but you'd have to have the receivers in the country before lockdown.

I was wondering something like this but in a different capacity.

What with certain countries (they know who they are) and their hatred for encryption, it got me wondering how people would communicate securely if - for example - Signal/WhatsApp/etc. pulled out and the country wound up disconnecting the submarine cables to "keep $MORAL_PANIC_OF_THE_DAY safe."

How would people communicate securely and privately in a domestic situation like that?

You can also setup your own, get a VM in the free world and setup an open VPN server. https://www.digitalocean.com/community/tutorials/how-to-set-...

Shadowsocks over websockets is the way to have traffic indistinguishable from browser traffic. A bit difficult to configure manually: https://developers.google.com/outline/docs/guides/service-pr...

use vless/xray, barely blockable by anything

Aren't there local (online or print) newspapers to get news from, as an alternative to Discord? Hope I'm not asking a dumb question

Western governments should have entire budgets focused on software to circumvent great firewalls.

VPN services are just someone else's computers. Any cloud provider with a low performance virtual machine can become a VPN gateway using Linux distribution of your choice for around $4.

OpenVPN or WireGuard are my tools of choice. Professionally, I also use OpenVPN's EasyRSA PKI framework for certificates, but you can just generate your keys using any tutorial out there. "OpenVPN Cookbook" ebook from Packt is my go to source. For performance reasons, WireGuard is better.

AmneziaWG is a decent option for censorship resistance, and it can be installed as a container on your own server.

I live in Pakistan and two years back we had this exact same problem, (election interference) and frankly, you just try to scrape through solutions, but without an answerable government, there is little you can do.

We tried things like Proton VPN and Windscribe VPN, as well as enabling MT proxy on Telegram, but soon govts find it easier to just mass ban internet access.

Use Netblocks.org to analyse the level of internet blockage and try to react accordingly.

I would use SSH dynamic TCP forwarding (-D). Then use "SOCKSv5" proxy configuration in your browsers and in your apps (if that's supported). You can hve remote SSH server listen on different ports and IPv6. Maybe speed and latency will not be the best, but it'd be OK. Simple and easy.

Try some of the more niche VPN protocols like IKEv2/IPSec or zinc.

SSH over socks is another option or you can run your own proxy server, nobody will ever know... This makes me wonder if you cannot just run OpenVPN on a different port like 443 since it's also TLS based.

There's https://refraction.network/ but I am not sure how feasible that is at the moment (or at all). I came across it when researching some TLS stuff in golang (programming language).

AmneziaVPN has censorship circumvention options and makes it easy to set up a self hosted instance of that's what you prefer, or use their hosted service.

https://amnezia.org/

I would rent a server in an outside jurisdiction and use it as proxy. It isn't too hard to setup and you can share it with others too. I believe it would be completely legal as well. As least it should be.

That said, you are much less anonymous with that. But you could opt for your server using an additional VPN service to mitigate that.

You could use something like https://github.com/database64128/swgp-go to obfuscate WireGuard traffic.

Using full-blown VPNs under such environments has the disadvantage of affecting your use of domestic web services. You might want to try something like https://github.com/database64128/shadowsocks-go, which allows you to route traffic based on domain and IP geolocation rules.

Can you try both WireGuard and MASQUE? you can do that by using `warp-cli tunnel protocol set MASQUE'. if you want to try WireGuard, `warp-cli tunnel protocol set WireGuard'

Weird. I'm in Indonesia and can access VPNs, X and Discord.

Grab a VPS and use SOCKS5 tunneling via SSH.

Hi, not well educated on the details of VPNs and network security so this may be a basic question, but - VPNs are used regularly by corporates to enable secure intranet access to people offsite, etc - surely completely blocking VPNs or detecting and punishing VPN users is severely detrimental to business and not something countries would want to do carte blanche? How does this work?

Go here. https://github.com/net4people/bbs/issues

Very helpful community.

You can try using forks of existing protocols. Those are usually harder to detect. My country also blocks OpenVPN and Wireguard, but AmneziaWG works great for me.

Hello! I use Octohide VPN - it has VLESS protocol that can bypass geo-blocks (in countries like Russia, China). Its fast, the connection to a server takes merely a second and I do not even have an account as there is no registration required. Try it and see whether it helps you.

Do you still have access to GitHub?

If so you can run BrowserBox in a GitHub action runner exposed via IP or ngrok tunnel. That will give you a browser in a free region. Easy set up via workflow.

You’ll need a ngrok API key and a BrowserBox key. Hit us up: sales@dosaygo.com for a short term key at a discount if it works for you.

We will offer keys for free to any journalists in censored regions.

Get a cheap VPS for less than $10/mo or a dedicated server for like $25/mo and ssh tunnel into it. You can also use it to be your devserver, run your blog, etc. I've been using french located OVH servers in France for many years, it just works.

A question related to the question, for which I apologize:

It seems to me that using WireGuard (UDP) in conjunction with something like Raptor Forward Error Correction would be somewhat difficult to block. A client could send to and receive from a wide array of endpoints without ever establishing a session and communicate privately and reliably, is that correct?

https://www.privacytools.io/privacy-vpn

I would just configure a VPS outside the country and tunnel thru that

Censorship circumvention tools specialize in this, and are extensively used in China, Iran, and Russia. I work on Lantern, and we're not seeing any significant interruptions to connections in Indonesia at the moment. https://lantern.io/download

Hope it helps!

Use Astrill - if you can afford. You could try AirVPN, much cheaper, but if Astrill does not work, probably no VPN will. https://expatcircle.com/cms/privacy/vpn-services/

Why is Indonesia in chaos?

Mullvad has some anti-censorship features (shadowsocks) that it will automatically use if regular connections fail and works reliably in China as well (and has for the last 2+ years). You could give it a shot.

The real problem of course is that no government is going to block twitterredditmetadiscordandwhathaveyou long enough to risk people becoming informed citizens.

Your first option until you get settled is to use an SSH reverse proxy:

    ssh -D 9999 user@my.server

This gets you a temporarily usable system and if you can tunnel this way successfully installing some WireGuard or OpenVPN stuff will likely work.

EDIT: Thanks it's -D not -R

Launch an EC2 instance in the US region (Ubuntu, open ports 22 and 1194), then connect via SSH and run the OpenVPN install script. Generate the .ovpn profile with the script and download it to your local machine. Finally, import the file into the OpenVPN client and connect to route traffic through the US server.

I’m in Indonesia at the moment for vacation.

Just checked with NordVPN connected to their server Indonesia #54 (Borneo) and I was able to access twitter.com (via Chrome) and Discord (via app).

I’m on iPhone.

nextdns recently created geo spoofing methods, I may be wrong, I usually am but I am curious as to if these censorship can be fixed by nextdns.

I don't know if indonesia is becoming exactly like china/ so a complete crackdown as people are discussing things as if its for china, but I feel like that there are definitely some easier things than hosting your own server or using shadowsocks.

Check if proton vpn/mullvad vpn are working once please, they are definitely plug n play and proton even offers a free tier.

Use the Tor browser window in Brave. It's nowhere near as anonymous as the Tor browser, but the built in ad blocking makes browsing via Tor usable. And that's what you and your compatriots are interested in.

Prepare to fill in Cloudflare captchas all day, but that's what it takes to have a bit of privacy nowadays.

Please consider the potential consequences of circumventing the ban. Do what you do, but above all stay safe!

Try this, https://github.com/database64128/swgp-go, setup is a bit complicated but it works extremely well.

Working from China, i've rented VPS outside of the country and set up tailscale exit nodes - as my private VPN. Speed is not always optimal but it mostly works.

Try the Tor Browser, and use bridged mode to to make it look like you aren't using Tor.

https://www.torproject.org/

About VPNs I don't know but you could all start using Nostr instead of Twitter and Discord.

Also Telegram using MTProto proxies (that you have to host, do not use those free ones out there), if those don't qualify as VPNs.

In this case the blockage will probably just be up for a few days, until the protests calmed down.

Other than that: tor

SOCKS proxy over SSH?

Usually when countries block websites they don't block major cloud providers, like AWS and Google Cloud. Because most websites are hosted on them. So you can get a cheap VPS from AWS or GCP (always free VM is available) and host OpenVPN on it.

Use a less-known DoH or DoT provider.

They just "blocked" Reddit today, I selected another DoH provider from the menu in my browser settings, and continued.

Set up a VM on AWS/azure/gcp/... in the desired cell, install a VPN server and done. Once you have automation in place it takes ~2 minutes to start, you can run it on demand so you can pay per minute.

All the various proxy solutions offered are good (although the simplest ones - like squid - haven't been mentioned yet). You can also use a remote desktop or even just ssh -Y me@remote-server "firefox"

I've heard of shadowsocks being advertised for such use cases.

https://shadowsocks.org/

May I suggest getting a cheap VPS in another country and using SSH to tunnel traffic, or even setup a window manager on the VPS.

Hey I run Skipvids.com we receive alot of Indonesia traffic. I think we are still accessible there.

Remote desktop (RDP/AnyDesk/etc) into a VM hosted somewhere else?

URnetwork works where many don't http://ur.io . It used a grab bag of techniques, open source

Try looking into tor bridges.

You could also buy a VPS and use SSH tunneling to access a tor daemon running on a VPS. Host some sort of web service on the VPS so it looks inconspicuous

A one way plane ticket, a rifle, or a drone swarm. (What I’d use if my country blocked VPNs)

In China uses Rocket Shadow. Alternatively, you could purchase an eSIM, such as Holafy.

Get a Digitalocean droplet, and host your own Outline instance. Their manager app makes this a 1-click process.

Love Indonesia. Spend the last six months on Bali. This VPN thing is a shame!

Sama-sama bro, confirming this from Jakarta. It's a mess. My group chats were blowing up yesterday when WARP and Twitter suddenly went down. Felt like they pulled the plug right when everyone needed info on the protests.

Be very careful with random free VPNs being shared around on WhatsApp right now, many could be honeypots.

Like others have said, the most reliable long-term fix is rolling your own. I've had a cheap VPS in Singapore for years for moments just like this. The latency is low and it's been rock solid. I'm using v2ray with a simple setup, and it's been working fine because it just looks like normal web traffic to my ISP (Indihome). The guides posted in the top comment are excellent starting points.

For my less technical friends, I've been helping them set up ProtonVPN. Their 'Stealth' protocol seems to be holding up for now, but who knows for how long. The hardest part is getting this info to people who aren't tech-savvy.

Stay safe out there, everyone. Jaga diri.

I block Twitter at home… it’s not a huge loss

Maybe TOR? https://www.torproject.org/

I like mullvad. You can buy a prepaid card off amazon. I figured out how to setup wireguard on various unixes Mac/linux/openbsd

I'd recommend Obscura because it uses Wireguard over QUIC and it pretty good at avoiding these blocks. It's also open source.

https://amnezia.org/

Make your own VPN using a VPS and something like openvpn.

Not every website will allow it, but it should get you access to more than you have now.

A proxy service like shadow socks works. There are thousands of providers for $X/month for a decent amount of traffic

Mullvad

Use the open-source SoftEther VPN. It sends your traffic over software-defined Ethernet wrapped in HTTPS. https://en.m.wikipedia.org/wiki/SoftEther_VPN

Here's a list of public instances hosted by volunteers: https://www.vpngate.net/en/

For anyone reading this who still lives in a somewhat free country and has resources to spare, please consider hosting a public instance or mirroring the VPN Gate site.

Depending on the circumstances, maybe ditch the landline local ISP for a satellite connection with a foreign ISP?

An alternative is using an eSIM with an “internet breakout” via another country.

Esimdb is a good place to start.

I recommend using tor over snowflake relays to connect. It is meant to be censorship proof.

Get a VPS, arrange your own IPV6. Setup a tunnel and block all non encrypted traffic.

you can use anything that has a VM.

let's say Github codespaces. Launch a new codespace, setup vpn or just squid. Use it.

It will not stop working unless your gov. decides to block said service (GitHub) too.

does this include bali? curious as that would impact the large international population.

Try a ssh socks5 proxy to a cheap vps.

It worked well for me in UAE when other solutions didn’t

OP, you can rent a VPS from a reputable and cheap provider within the NA region - OVH, Vultr, Linode etc. are decent. Also check out lowendtalk.com

Then, setup Tailscale on the server. You can VPN into it and essentially browse the internet as someone from NA.

You should use a jet. Actually that's a Russian joke.

Residential VPNs, but try to find ones that are ran ethically.

Buy a VSP elsewhere and run Wireguard over IPSec

localtunnel.me, some node in the cloud, tunnel…

Take the power back?

As an aside about professional and engineering ethics:

If you’ve ever worked in the DPI space and actively participated in the development or installation of state surveillance and censorship products…

Shame.

Shame.

Shame.

I'm in also indonesia and nordvpn is still working fine for me, but you may want to consider trying socks5 via ssh as others are suggesting.

Psiphon works

shortwave radios would enable you to still get news of major events - not 2 way though

SSTP or other HTTPS like VPN

I'm in also indonesia and nordvpn is still working fine for me, but you may want to consider trying socks5 via ssh as others are suggesting

I can relate to this because my country has an election soon and I'm sure we wont have internet for 3 - 5 days then.

Tor should be pretty good even for environments where they crack down on VPNs, although it can be a bit slow, at least it works.

The closest I've come to this is on an airplane where almost everything was blocked. SSTP to a server I spun up worked well.

try Bright Data / luminati and the traffic is http to the proxy as well.

If you are a journalist or other, contact Team Cymru.

People in Turkey use https://github.com/ValdikSS/GoodbyeDPI together with DNS over HTTPS (DoH).

There's a new VPN that you might try, built by Boycat.

https://www.boycat.io/vpn

Don't know if it will help in this situation as it's designed to be a VPN not controlled by Israel, but it might be worth a try.

Get a cheap VPS anywhere, and use DSVPN https://github.com/jedisct1/dsvpn

Uses TCP and works pretty much anywhere.

surfshark works also Im on MTM no issues! Same with Biznet

Full disclosure, I run a commercial VPN service (Windscribe).

There are 2 paths you can take here:

1. Roll your own VPN server on a VPS at a less common cloud provider and use it. If you're tech savvy and know what you're doing, you can get this going in <1hr. Be mindful of the downsides of being the sole user of your custom VPN server you pay for: cloud providers log all TCP flows and traffic correlation is trivial. You do something "bad", your gov subpoenas the provider who hands over your personal info. If you used fake info, your TCP flows are still there, which means your ISP's IP is logged, and deanonymizing you after that is a piece of cake (no court order needed in many countries).

2. Get a paid commercial VPN service that values your privacy, has a diverse network of endpoints and protocols. Do not use any random free VPN apps from the Play/App stores, as they're either Chinese honeypots (https://www.bitdefender.com/en-us/blog/hotforsecurity/china-...) or total scams (https://www.tomsguide.com/computing/vpns/this-shady-vpn-has-...).

Do not go with a VPN service that is "mainstream" (advertised by a Youtuber) or one that has an affiliate program. Doing/having both of these things essentially requires a provider to resort so dishonest billing practices where your subscription renews at 2-5x of the original price. This is because VPNs that advertise or run affiliate programs don't make a profit on the initial purchase for that amazing deal thats 27 months with 4 months free or whatever the random numbers are, they pay all of this to an affiliate, sometimes more. Since commercial VPNs are not charities, they need ROI and that comes only when someone rebills. Since many people cancel their subscriptions immediately after purchase (to avoid the thing that follows) the rebill price is usually significantly more than the initial "amazing deal". This is why both Nord and Express have multiple class action lawsuits for dishonest billing practices - they have to do it, to get their bag (back). It's a race to the bottom of who can offer the most $ to affiliates, and shaft their customers as the inevitable result.

Billing quirks aside, a VPN you choose should offer multiple VPN protocols, and obfuscation techniques. There is no 1 magic protocol that just works everywhere, as every country does censorship differently, using different tools.

- Some do basic DNS filtering, in which case you don't need a VPN at all, just use an encrypted DNS protocol like DOH, from any provider (Cloudflare, Google, Control D[I also run this company], NextDNS, Adguard DNS)

- Then there is SNI filtering, where changing your DNS provider won't have any effect and you will have to use a VPN or a secure proxy (HTTPS forward proxy, or something fancier like shadowsocks or v2ray).

- Finally there is full protocol aware DPI that can be implemented with various degrees of aggressiveness that will perform all kinds of unholy traffic inspection on all TCP and UDP flows, for some or all IP subnets.

For this last type, having a variety of protocols and endpoints you can connect to is what's gonna define your chance of success to bypass restrictions. Beyond variety of protocols, some VPN providers (like Windscribe, and Mullvad) will mess with packets in order to bypass DPI engines, which works with variable degree of success and is very region/ISP specific. You can learn about some of these concepts in this very handy project: https://github.com/ValdikSS/GoodbyeDPI (we borrow some concepts from here, and have a few of our own).

Soooo... what are good VPNs that don't do shady stuff, keeps your privacy in mind, have a reasonably sized server footprint and have features that go beyond basic traffic proxying? There is IVPN, Mullvad, and maybe even Windscribe. All are audited, have open source clients and in case of Windscribe, also court proven to keep no logs (ask me about that 1 time I got criminally charged in Greece for actions of a Windscribe user).

If you have any questions, I'd be happy to answer them.

sshuttle. Tunnel your connections inside ssh.

Isn't there an SSH proxy command as long as you have shell access ?

The best time to develop meshnets was 15 years ago. The second best time is now. What is actually holding us back here? Almost everyone has powerful radio equipment these days.

ssh -D 48323 -p 61423 my-vps.big-company.com

An airport.

Tailscale

Starlink?

Shadowsocks used to be the thing that _really_ worked in CN. Not sure what's current there.

AWS ap-southeast-3 should still be up, and isn't in a different partition like CN, govcloud, iso etc. So a VM there and a vpc peer in the US should get you around a lot of stuff.

Can you SSH outside the country?

If so, then you have a VPN.

SSH tunnel on cheap VPS, a couple.

Use an ethical one

https://www.boycat.io/vpn

You could rent a cheapo instance at a cloud provider and tunnel https over ssh.

That’s basically undetectable. Long lived ssh connection? Totally normal. Lots of throughput? Also normal. Bursts throughput? Same.

Not sure how to do this on mobile.

Tailscale might be an option too (they have a free account for individuals and an exit node out of country nearly bypasses your problem) It uses wireguard which might not be blocked and which comes with some plausible deniability. It’s a secure network overlay not a VPN. It just connects my machines, honest officer.

OVH VPS-1 and your own configuration.

HTTPS to you own proxy on a foreign VPS.

Just please be safe and necessarily paranoid

One way they tend to "solve" workarounds is making examples of people

SSH SOCKS proxy if you have an SSH host somewhere that is not Indonesia.

SSH tunneling on port 80 could work since it's rarely blocked, rent a cheap vps.

2121

2323

aaaaaaaaaaaaaaaaaaaaaaaaaa

sadsa das asd asd sa

megavpn, should be around a dollar a month for 5 devices.

Use an Actual Private Network? Radio links that you control. Peer with someone who owns a Starlink terminal. Rent instances in GCP's Jakarta datacenter.

There are many options, but avoiding the legal consequences may be a grey area:

https://www.stunnel.org/index.html

https://github.com/yarrick/iodine

https://infocondb.org/con/black-hat/black-hat-usa-2010/psudp...

..and many many more, as networks see reduced throughput as an error to naturally route around. =3

Easy, you can just create any generic Linux Amazon EC2 instance (or just about any cloud provider of your choice; in fact, the smaller the provider, the better) and use it as a SOCKS5 proxy via SSH tunnel with -D flag... Then set one of your browsers (e.g. Firefox) to connect via that proxy.

Indistinguishable from any other server on the internet.

Maybe you could buy VPS in another country and set up VPN server yourself?

You've come to a wrong place to ask. Most people here (judging by recommendations of own VPN instances, Tor, Tailscale/other Wireguard-based VPNs, and Mullvad) don't have any experience with censorship circumvention.

Just look for any VPNs that are advertised specifically for China, Russia, or Iran. These are the cutting edge tech, they may not be so privacy-friendly as Mullvad, but they will certainly work.

[flagged]

Blocking Twitter is a good start, now Facebook, Instagram, Whatsup and TikTok.

This is a good start but more should be blocked. Then force ISP to block ads.

Not just for Indonesia but all countries. But we still have a lot more to do to fix the web.