August 18, 2023
China's GFW is the granddaddy of all firewalls. It is evolving rapidly, so the information you read here may be out of date by the time you read it. The current preferred method is Xray REALITY, especially with gRPC or HTTP/2 transports. Pay particular attention to making sure your domestic traffic does not go out to a foreign server then immediately return to the country, as that marks your server as a sure proxy server. Restrictions are particularly tight during "sensitive" periods. Outside of sensitive periods, the GFW switches from blocking mode to surveillance mode. A summary of counter-censorship methods is here.
Egypt started blocking VPN protocols in 2017. OpenVPN was the last one blocked. A blog post from 2022 says you can be successful in evading DPI if you pass OpenVPN through Shadowsocks. The key step is to include a statement such as socks-proxy 127.0.0.1 1080
in the OpenVPN client configuration, where 1080
is the local port for the Shadowsocks client. This is only possibly on desktop computers, not on mobile. You also need to route your server address directly to prevent a routing loop. I've consolidated notes from various sources into a post openvpn-over-shadowsocks.html that outlines the process for Windows, Linux, and macOS.
The GFW Iran appears to have started with technology similar to the GFW China, but rapidly became even stricter. Some notes on counter-censorship techniques for Iran are here. The latest news at the time of writing is that high traffic causes an IP address to be throttled and eventually blocked.
Roskomnadzor (Роскомнадзор) has imposed more and more restrictions over the last few years. Blocks are often imposed ISP by ISP by installing a TSPU (ТСПУ, технические средства противодействия угрозам) within the ISP itself. Sites that advise on how to bypass censorship may themselves be blocked. VPN protocols may still work with minor changes, e.g. by sending a spoof packet to the WireGuard port to impede identification of the protocol. Other suggestions include having a relay server in a domestic data center with no TSPU; initiating the connection from outside Russia coming in; or passing OpenVPN over a SOCKS proxy. For the latest counter-measures, consult ntc.party.
Journalists are in jail. Social media are blocked. Major VPNs are blocked. Alternatives that may work include Proton, Mullvad, and Kaspersky. GoodbyeDPI may also work.
Turkmenistan (ISO 3166 code TM
) is a landlocked country in Central Asia with an official population of 7 million. So many people have fled the country that the real population may be half the official figure. It is one of the worst countries in the world for Internet censorship, forcing Muslims to swear on the Quran that they will not use a VPN. A few people have been able to get through the firewall using Tor with bridges. Psiphon has also been known to work in Turkmenistan. GreatFire's FreeBrowser has also been reported to work. There are occasionally posts about Turmenistan on ntc.party.
If your country is not listed here, it means I have no information about it. You should of course start by determining the legality of VPNs in your country. That's something I can't advise you about. If VPNs are legal, you might be able to use one of the ordinary mass-market VPN providers, the kind that clog up search engine results with their affiliate links. Then you might try Tor with bridges, as bridges are specifically designed for evading censors. And if none of those work, you can look into the Chinese methods to see if they work in your country.