Hacker Neue

Preferences
jimbobthrowawy parent
How many of these VPN services can be used without the app by configuring them in iOS settings? I know "private internet access" can be used that way.
votkon
those protocols that can be configured from iOS are already blocked in Russia. You'll need an obfuscated Wireguard or other stealth protocols to make it work there. You can't configure them from the settings, but you can download the app and just add the configs there. That's what Le VPN does with Le VPN Give - they just give away the coupons to generate a VPN config, which you then just copy into the open source VPN app, which is still available in App Store.
lwtve
I've not tested protocols that are available on iOS "out of the box" (guessing L2TP, IPSec?), but here's my two cents:

1. It differs from ISP to ISP. Right now I'm using a major ISP and I have no problems connecting to a Hetzner IP via:

- plain WG

- OpenVPN

- Shadowsocks

My mobile operator blocks OpenVPN, other methods work.

2. Time could also play a role - there seem to be "tests" about how the government could block some protocols without affecting business etc. - these happen bi-monthly and last ~2-5 days. My friend uses a different major ISP and he reported broken Shadowsocks this week, though it started working again.

3. The endpoint also matters (obvious in hindsight). "Internal" endpoint seem to "break" very rarely, if at all. Obvious, if you consider that a lot of people need to remote into their corp nets.

votkon
The main difference there is right now is that mobile operators have much better hardware because it's newer. That makes it easier for them to implement government-requested blocks including using DPI. The landscape is changing right now, that's true as each provider got it's own issues and tech abilities.

They can block services by IPs, but that the game they failed miserably while trying to block telegram. Also most modern VPNs(well at least Le VPN does it) rotate their IPs to avoid blocks. It's a lot of work, but that's a lot of work for those who try to block them too..

They can also block ports, but that's easy to change.

I saw them blocking the domain names, to kill the API communication of VPN apps, but that's a pathetic move too - you just buy another domain, push the update and that's it.

I'd recommend using Wireguard with Amnezia modification. It obfuscate the WG handshake as well as transport channel.

This item has no comments currently.

Keyboard Shortcuts

Story Lists

j
Next story
k
Previous story
Shift+j
Last story
Shift+k
First story
o Enter
Go to story URL
c
Go to comments
u
Go to author

Navigation

Shift+t
Go to top stories
Shift+n
Go to new stories
Shift+b
Go to best stories
Shift+a
Go to Ask HN
Shift+s
Go to Show HN

Miscellaneous

?
Show this modal