Do you guys know any proxy/VPN servers that could handle an extremely aggressive DPI? I prefer not to disclose the exact country and I’d like you to not do it as well.
I’d preferably want one that is cross platform, i.e. linux, win32, android and maybe iOS (iOS is not a must)
TOR? Your describing basically what it was conceived for.
It has all sorts of nifty encapsulation techniques including using port 53 or 443 to encapsulate your traffic.
Just use TOR, I run a Snowflake instance just so people like you can circumvent their government’s censorship.
Bro what country is this? North korea? /s
Also this thread is an eyesore. This is r/selfhosted you guys.
Op, would you mind explaining why a simple vpn with wireguard setup won’t work? Assuming you’ve already tried that route?
Try to deploy amnezia vpn on your own vps. Use open vpn over cloak or shodow socks. Or you can try outline
You can try trojan GitHub - trojan-gfw/trojan: An unidentifiable mechanism that helps you bypass GFW.
Have you tried RD gateway to a remote machine outside of your country? All traffic is on 443.
Once you are on that machine the traffic you want to hide never come back to you. You are just sending clicks and keystrokes, and remote is sending back info to ‘draw’ the desktop at your end.
Obviously you need a way, and place to get a remote machine set up somewhere - can be a little VPS in the cloud somewhere.
Proton VPN has a stealth protocol which may work
Consider seeing if a plain HTTPS or SOCKS proxy doesn’t suit you good enough.
Go to oracle. Get the always free tier. You can install amnezia vpn via Smartphone App and let it install VPNs by clicking on them.
Install Xray… you are free.
DPI will only see that its a VPN not what is being transported.
Have you looked at Outline VPN on port 443. Based on shadowsocks. I’m using it on windows and android. Its easy to setup on servers and clients.
Tunneling over DNS/EDNS? Facebook Messenger / Whatsapp as a tunnel? It really depends on what services are available to work with.
As long as websockets aren’t blocked, one of the most reliable things I’ve used is wireguard + wstunnel. It’s detectable, but even once detected can’t be sniffed on. It kinda depends on if you just want to get around blocks or if you also want no one to know you got around the blocks.
Use OCserv it uses HTTPS and can switch to udp for speed but that can be disabled
say that is about China, don’t be afraid 
Shadowsocks obfuscation was the go-to for me.
You can self-host it but it is a pain in the ass if you do not have good subnetting skills
You can use x-ray(v2ray), just host it on local data centers and forward the traffic to somewhere outside
There are some useful guides, you can use x-ui implementations for easier management
The problem I see with this question is… if you’re at risk due to DPI, any solution offered would also be at risk due to the same DPI. You’re on /r/selfhosted after all.
I would suggest abandon any ideas of self-hosting a solution. You would first need to find a remote location, outside the reach of this particular DPI, before you can entertain the idea of circumventing it, leaving you out of scope with the sub.
If I were in that situation, I would primarily seek out ‘public’ internet access that doesn’t link to personal ISP accounts and try via trial and error to SSH tunnel, VPN, or TOR out to a foreign exit node. Perhaps the idea for your particular situation is to use a more obscure protocol or variant application. You could VPN out to a foreign country and TOR through that VPN. Perhaps, a solution would be to use satellite and avoid your land based ISP altogether.
That being said, and understanding the position of not wanting to disclose location, DPI isn’t a ‘standard’ application. What I mean is, that even though DPI is “all or nothing”, I don’t know of anyone actively utilizing the “all” due to the load that would be involved. Different countries apply DPI differently and what may work for one, may not work for another.
My family being Cuban, I understand the situation intimately. Last thing I would be willing to entertain is the idea of self-hosting a way to circumvent DPI out of my home location if in Cuba.
/r/privacy may be a start to figure out a general solution, even if you do decide on self hosting it.
edit: incantations and spell failures
I use Shadowsocks with XRay/Cloak fronted by Cloudflare but I"m only bypassing restrcited networks not trying to keep out of prison. GL.
I have a sandbox machine in Germany that i connect in https via browser,rdp connection via guacamole from there is connected to a vpn to add more hops, i can easily restore it after usage.
If you want to check it up this service is free for the moment,and you generate machines around the world in 2sec,.the owner is the ex ceo of Pentester Academy