Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Observation regarding V2ray tunneling in Iran. #410

Open
lostsoul6 opened this issue Oct 16, 2024 · 3 comments
Open

Observation regarding V2ray tunneling in Iran. #410

lostsoul6 opened this issue Oct 16, 2024 · 3 comments
Labels

Comments

@lostsoul6
Copy link

Hello Dear @irgfw ,

Since the last 4 months , Iran VPS IPs are limited after some time of using the server for tunneling v2ray traffic . The Iran VPS IPs are Iran Accessed which means they can only be connected to from within Iran and they can't be used for tunneling again . When this happens , the Iran VPS IP gets blocked simultaneously in MCI and Irancell ISPs .

I did a test and found the following :

I got an Iran VPS with 2 IPs . Used first IP only for tunneling and I used the second IP only for my users . So users connected to v2ray configs with the second IP .

What happened was that the IP which was used for tunneling was OK and had no issues but the IP that users used to connect to the VPN was Iran Accessed ! It seems ISPs are detecting the traffic and are blocking the IP that is used for v2ray.

What I noticed when talking to my friends who had this issue is that almost all of them use the following setup:

Vless + TCP + header
Vmess + TCP + header

For instance , I haven't yet seen any Iran VPS IPs being blocked for using shadowsocks or reality in a tunnel setup .

Are the following two setups fully detected by GFW now?

Vless + TCP + header
Vmess + TCP + header

Can you introduce combinations to me that are harder to be detected ?

Thank you.

@ghost
Copy link

ghost commented Oct 17, 2024

I've no idea what works in Iran, but you might try the combination VLESS + gRPC + TLS + CDN. You can easily remove the CDN part if that works better for you. Detailed instructions here.

@irgfw
Copy link

irgfw commented Oct 17, 2024

Hi,
The IRGFW is actively fingerprinting TLS client-hellos and non-TLS handshakes from *ray clients.

  1. DO NOT use VLESS without TLS.
  2. DO NOT use a "header host domain" in VMESS-HTTP configs. (use them without a header and just "/" path)
  3. DO NOT use reverse tunnels. Iranian Firewalls have a susceptible DDoS-Protection system (to prevent foreign hacks and ddoses), and it thinks the Iranian VPS is being attacked when using reverse tunnels. (unless using MUX<4)
  4. DO NOT use Reality setups. Reality is dead in Iran.
  5. Block all Iranian IPs and Domains on both VPSes.(chocolate4u)
  6. Use Port Hopping with a tight port range.
  7. Use creative configs. Like: IPv6, QUIC, Fragment, UDP-Noise, FakeHost, and ... of Xray and tunnels between the client-to-irvps and irvps-to-foreignvps.

In summary, *ray combinations are being blocked and restricted in Iran day after day. Use other cores and other methods if possible.

@RPRX
Copy link

RPRX commented Oct 20, 2024

@irgfw 我认为伊朗封禁 REALITY 主要是基于 Vision without Seed 的固定流量特征,我们计划在今年内推出 Vision Seed

@irgfw I think Iran’s ban on REALITY is mainly based on the fixed traffic characteristics of Vision without Seed. We plan to launch Vision Seed within this year.

@wkrp wkrp added the Iran label Oct 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants