Comments on: How To Hide Your VPN Connections In China, Iran, United Arab Emirates, Oman and Pakistan

By: Toni

Toni — Mon, 12 Oct 2020 03:45:56 +0000

I visited oman in 2018 and had no problem useing a vpn. I was not able to use a encrypted messenger without a vpn. So i started running encrypted im over vpn. Still doing it now for a little extra security.

By: Smee

Smee — Wed, 08 Feb 2017 12:28:27 +0000

In reply to BB.

How did you connect?

telnet 192.168.1.1
Connecting To 192.168.1.1…Could not open connection to the host, on port 23: Connect failed

ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time<1ms TTL=64
Reply from 192.168.1.1: bytes=32 time=1ms TTL=64

By: Smee

Smee — Wed, 08 Feb 2017 11:26:58 +0000

In reply to BB.

Hi,

How did you even connect?
Reason I ask is:
telnet 192.168.1.1
Connecting To 192.168.1.1…Could not open connection to the host, on port 23: Connect failed

ping 192.168.1.1

So I can't even telnet to their modem, my ISP is China Telecom.

By: Zhao Fei

Zhao Fei — Sat, 01 Oct 2016 22:09:01 +0000

im in singapore and i use maskvpn.net they really help me with my router setup. very good support and very stable conecton. i recomend.

By: Haair

Haair — Tue, 29 Sep 2015 19:30:52 +0000

In reply to John Frank. I have tried SSTP in Iran. It doesn't work. One way or another they have blocked it. Neither does OpenVpn, similar story.

By: John Doe

John Doe — Tue, 29 Sep 2015 19:29:13 +0000

In reply to John Frank.

Iran does not block any ports. They have DPI, they block the actual packets of certain types of connections from being transferred.

Also, the way the DPI works is if a connection to a specific IP has a data/connection time ratio above a certain amount, the firewall will throttle it to a standstill and after some time drop and blacklist that connection.

Your best bet is to setup a simple SSH tunnel and ONLY use it on websites actively blocked by Iran and try to look for alternatives on opening websites.

For example the plugin HTTPS Everywhere is a VERY good way to bypass reddit/imgur and some other website’s filtering.

By: John Frank

John Frank — Wed, 23 Sep 2015 16:55:38 +0000

Also check out SSTP. SSTP establishes a connection over secure HTTPS (Port 443). Not only is the use of SSTP, which like HTTPS uses SSL encryption, very difficult to detect over port 443, but blocking that port would severely cripple access to the internet and is therefore not usually a viable option for would-be web censors. SSTP is also considered as the strongest and most secure VPN tunneling system for the usage of SSL, authentication certificates and 2048-bit encryptions. Thus, it could be a workaround to securely access networks that is behind such a sophisticated firewall—in which the traffic for VPN connections is being blocked.

By: BB

BB — Sun, 06 Sep 2015 16:51:15 +0000

I’ve noticed that the China deep packet inspection is more strong than before recently. Especially after their proud 9/3 military weapons show off, and considering to add stunnel to my vpn server and client. However, I am wondering if it will work. Since, it should be very easy to detect a non-https request. simply send a http request to the server, and if got no http response, then they might know this is a fake https server. However, since their deep packet inspection is more and more powerful, I’ll give it a try to add stunnel both in my server and client.

However, do you have any comment if they use http request to detect if this is a fake http server or not ? and is it possible to make the server with stunnel to OpenVPN to pretend a http server ?

Also, since stunnel will wrap the packet as ssl packet, should we use OpenVPN ? Or maybe use other more simplified VPN protocol under stunnel ?

By: BB

BB — Sun, 06 Sep 2015 16:41:08 +0000

In reply to Courtney.

Don’t know you are asking for this. Sorry.
Do it in the following steps ( This is my note how get the superadmin password )

1. telnet 192.168.1.1 ( or other IP of the damm router )

2. login: root, password: admin

3. WAP>shell

4. WAP(Dopra Linux) #cd /mnt/jffs2

5. $ cp hw_ctree.xml myconf.xml.gz // copy the hw_ctree.xml file

6. $ aescrypt2 1 myconf.xml.gz tmp

// decrypt the file `myconf.xml.gz`, HG8245C is different from HG8245, because the ‘C’ means they encrypt the document

7. gzip -d myconf.xml.gz
// Use `gzip` to unzip the myconf.xml.gz, and you will get myconf.xml

8. vi myconf.xml

9. search for the superadmin password : /telecomadmin , then you find the password

Then, you can use browser login the damm router, and delete the TR069 Vlan, which is the one watching you. 🙂

By: ryan sharif

ryan sharif — Wed, 02 Sep 2015 15:15:31 +0000

In reply to Mahdi. Hi Mehdi, Could you please explain how you did it, and which VPN you used? Thanks.