Do you guys know any proxy/VPN servers that could handle an extremely aggressive DPI? I prefer not to disclose the exact country and I’d like you to not do it as well.
I’d preferably want one that is cross platform, i.e. linux, win32, android and maybe iOS (iOS is not a must)
TOR? Your describing basically what it was conceived for.
It has all sorts of nifty encapsulation techniques including using port 53 or 443 to encapsulate your traffic.
Have you tried RD gateway to a remote machine outside of your country? All traffic is on 443.
Once you are on that machine the traffic you want to hide never come back to you. You are just sending clicks and keystrokes, and remote is sending back info to ‘draw’ the desktop at your end.
Obviously you need a way, and place to get a remote machine set up somewhere - can be a little VPS in the cloud somewhere.
Go to oracle. Get the always free tier. You can install amnezia vpn via Smartphone App and let it install VPNs by clicking on them.
Install Xray… you are free.
As long as websockets aren’t blocked, one of the most reliable things I’ve used is wireguard + wstunnel. It’s detectable, but even once detected can’t be sniffed on. It kinda depends on if you just want to get around blocks or if you also want no one to know you got around the blocks.
You can use x-ray(v2ray), just host it on local data centers and forward the traffic to somewhere outside
There are some useful guides, you can use x-ui implementations for easier management
The problem I see with this question is… if you’re at risk due to DPI, any solution offered would also be at risk due to the same DPI. You’re on /r/selfhosted after all.
I would suggest abandon any ideas of self-hosting a solution. You would first need to find a remote location, outside the reach of this particular DPI, before you can entertain the idea of circumventing it, leaving you out of scope with the sub.
If I were in that situation, I would primarily seek out ‘public’ internet access that doesn’t link to personal ISP accounts and try via trial and error to SSH tunnel, VPN, or TOR out to a foreign exit node. Perhaps the idea for your particular situation is to use a more obscure protocol or variant application. You could VPN out to a foreign country and TOR through that VPN. Perhaps, a solution would be to use satellite and avoid your land based ISP altogether.
That being said, and understanding the position of not wanting to disclose location, DPI isn’t a ‘standard’ application. What I mean is, that even though DPI is “all or nothing”, I don’t know of anyone actively utilizing the “all” due to the load that would be involved. Different countries apply DPI differently and what may work for one, may not work for another.
My family being Cuban, I understand the situation intimately. Last thing I would be willing to entertain is the idea of self-hosting a way to circumvent DPI out of my home location if in Cuba.
/r/privacy may be a start to figure out a general solution, even if you do decide on self hosting it.
I have a sandbox machine in Germany that i connect in https via browser,rdp connection via guacamole from there is connected to a vpn to add more hops, i can easily restore it after usage.
If you want to check it up this service is free for the moment,and you generate machines around the world in 2sec,.the owner is the ex ceo of Pentester Academy