Hey everyone! I’m in Egypt for few weeks, but for my big surprise. both VPN and connection to cloud mongodb instance (I’m developing api for a project) doesn’t work anymore. I’ve dived deep, and it seems Egyptian government uses something like dpi (deep pocket inspection) to ban VPNs.
As I understood, and please help me here if you know, there’s bulletproof way using ssl (encryption that normally used for https) that can’t be analyzed using DPI, or at least much costly so.
solution I found that works perfectly is https://getoutline.org/ - it used improved shadow-socks that was recommended in this thread. I wish I knew about outline before. Found by the advice in local Hurghada remote-it workers telegram chat.
Hey u/realcryptopenguin I know this thread is 3 months old, but I’m currently struggling with the same issue and I’ve come across your Outline solution. I built my own server on GCP and used it through Outline following this video https://youtu.be/t-UYYBxJQpk?si=NeiFXviCfFl9XLui , but choosing the paid options for better connectivity. However, it’s totally unstable! So how did you get over this issue? and how did you use outline for this or which guide did you follow for example?
Thank you in advance
I switched from Wireguard to Ocserv and love it. Just install ocserv in your server and download the Anyconnect client on your phone or PC and it works from everywhere. Look for guides on installing free ocserv SSL server.
Ive had this issue for years from there. They’ve used DPI for well over a decade. Spent a fortune importing kit and knowledge from China to set up their censorship and filtering regime.
You MIGHT have success trying to burrow it into something else or ICMP (with huge performance hits but not guaranteed.
I had a similar experience with openVPN when visiting a university campus that blocked VPN. The workardound was to set up the server use TCP port 443 instead of the default udp port. Maybe there is something similar that can be done in wireguard?
As others pointed out, the DPI is detecting the handshake and blocking it (regardless of any port), so you have to find a way to obfuscate the handshake. My solution was to tunnel wireguard entirely through shadowsocks that I ran on amazon lightsail.
Yea they have DPI that identifies wireguard on whatever port you put it.
You can use SSTP as it’s actually TLS tunnel so they have no way to differentiate it from normal web traffic.
Hey I just found your thread as i’ve just come back from Egypt and while I was there, I couldn’t wireguard VPN home to check cameras/home automation systems etc. I also couldn’t VoIP and I use VoIP as my main mobile number. When I googled, I found out that Egypt bans VoIP and wireguard!
What worked for me though was Zerotier. I had already installed it at home on my router and didn’t use it much because I already used wireguard. But ZT worked perfectly, and allowed me to use my VoIP while I was on Orange Egypt too.
This seems like kind of an issue for remote workers to be honest. I was hoping to work from there and while it’s mildly inconvenient and I found a solution, they could quite easily start blocking more stuff too.
thanks, have you tried it in Egypt? it seems it based on OpenConnect VPN Protocol - is it more DPI resistance than wireguard? Short googling shows that it was made mostly to be compatible with some Cisco solution as I understood, rather than avoid dpi.
