Has anyone been able to connect from iran to an outside server using openvpn? If so what were you settings? (port, tcp/udp etc)
At first after the election OpenVPN was getting through. But then last week it started getting blocked. I tried a number of different OpenVPN servers and using UDP 1194 and TCP 443 but no luck.
Hideway I am the manager of Hideway.eu which is offering OpenVPN services. Actually I may tell you that we are still getting successful connects from Iran. Even though we are also getting reports of people unable to connect to our website and/or our VPN. We are also getting reports of very slow connections from Iran. So my conclusion at this time is that there is no complete block of VPN traffic but the censorship varies with location and/or ISP (do you have different ISPs in Iran?) Best regards from free Austria, Otto
It's because of different ISPs. it seems it's blocked in some ISPs and it's recheable trhru some others. it's correct about websites too. you can open youtube in some, and it's filtered in some others
Help by western admin Hello, how about a blackboard with information for western sys-admins willing and able to provide anonymous vpn-nodes of any kind? Me and a couple of colleagues of the same profession might be able to give support by providing nodes with IPs which are not blacklisted by Iranian government yet. What do you think?
Well, I am sure every user would love you for that - please if you do, could you give the setting up info in a way that even a layman could understand. Thanks.
Any chance on getting information on which ISPs are still letting it through? Neither Datak nor Shatel work for me. UDP 443 connects but doesn't transfer data and TCP 443 doesn't connect at all.
A very easy way to find out what ports your ISP is blocking, use the ShieldsUP service at grc.com https://www.grc.com/x/ne.dll?bh0bkyd2 Before you do the test, disable all firewall software, both router firewall and software firewall on your machine. Then go to https://www.grc.com/x/ne.dll?bh0bkyd2 and click the "Proceed" button. On the next page, click the "All service ports" button. ShieldsUp will then scan your machines main service ports. If you made sure all your firewall is disabled, then any port that turns up with green color is blocked by your ISP. It is important that you disable your firewall, or in your router set your computer in "Demilitarized Zone (DMZ)", as if your firewalls are running you have no way of telling who is blocking your ports, your firewall or your ISP. So diable your firewalls first, then do the scan.
Ports are the least of our troubles. Its the deep packet inspection that keeps things from coming through. It doesn't matter which port you pick, it figures out what your trying to send and blocks it.
The communication is encrypted, so I don't think deep packet inspection will give them anything else than gibberish....maybe they block that too?
They don't need to know what your sending to know that its VPN. VPN is encrypted, but deep packet inspection can still tell your opening a VPN connection and block it.
I am sorry to report that deep packet has a pre-phase that tags packets that are encrypted to be routed to a decryption engine prior to inspection.
On a follow up I would try DNS poisening attack simultaniously with getting a vpn connected in an attempt to momentarily route around the regime's control.
Who can do a DNS poisoning? get real. You can poison the whole pond to catch a fish, but you will be fully exposed.
Maybe its not rubbish...but hey im not an expert . Iran's Web Spying Aided By Western Technology - WSJ.com . Iranian Traffic Engineering Security to the Core | Arbor Networks Security . A Deeper Look at The Iranian Firewall Security to the Core | Arbor Networks Security . hope this can be of any help for someone
Damn this sucks Hey guys, I am living abroad and am Iranian and will be travelling to Tehran in August for about three months and it appears that there is no hope for OpenVPN? Even if configured on port 80? 123? etc. Basically any obscure port? Man this sucks.. Anyway any tips for what I can do before I leave?? My apartment will be completely empty since I live alone and will have noone to configure or tweak anything for me!! Is there no hope? I was sure OpenVPN would work.. and also have PPTP but that is easy to block. I am hoping my ip address has not been banned already as it is difficult to change it with my isp (even though its supposed to be dynamic.. go figure..) What about VPN through proxy? I basically only have access to one broadband account which is mine so only got 1 ip address.. but maybe I can get another one.. I would rather not give my ip to anyone for testing purposes as I don't wanna risk anything.. but once I am in Iran I will give it out to some trusted peoples (friends, family, etc,) and hopefully they can assist others.. BTW.. I am typing this from the library so it is not my home ip. Thanks guys!!
DPI: Not The above articles only show that Iran is blocking traffic by ports. There is no evidence to suggest that they are blocking on any sort of content. This have been shown over and over. The do appear to be selectively blocking http traffic by URL. in some cases, not for whole domains either. just certain pages. Simply put, too much traffic is getting through. The best article on this is here One More Time: Iran Isn’t Using Deep Packet Inspection The SiliconANGLE Please don't let FUD win out on this one.
Hmm.. whats FUD? I arrive in Tehran On August 18.. hopefully things are a bit cooler censorship wise.
A solution for OpenVPN problem Dear Otto, it seems major ISPs are blocking famous ports as well as addresses. the best way may be setting some of your servers on well-known ports usually used for other services (such as DNS, which they won't block!) This will help, Thanks for your support, -DownwithDictator
DownwithDictator, Would ports 80, 123, 443, etc. work? What if they block SSL? My understanding is OpenVPN needs SSL to run, no? Also wouldn't DPI stop it anyway?? My understanding based on what I've read so far is there is absolutely no 100% guaranteed method of beating the filters esp DPI.. unless everything has been overly exaggerated... if I sent someone my VPN ip address what is the likelihood it would get blocked?? It's private address and noone knows it.. I can run openvpn on it on any port udp or tcp.. but dpi would "see" it? (not the traffic but that there is a vpn connection running).
For those who are wondering FUD = Fear Uncertainty and Doubt. THe concept of spreading false information to cause these feelings in others.
Probably.. Are you in Iran? I think they have some wireless Internet or wimax services setup or at least in trial.. Like datak.ir ? I will be in Tehran for about 2 months or maybe more staying in hotel but maybe I can get someones residential address if needed (I also.want to open a bank a/c) thanks
if you have a PC outside Iran, just leave it on and remote desktop to it. It'll probably be slow...I don't know if they're blocking RDP protocols, or perhaps VNC (slower than RDP).
We were discussing that sort of thing in another thread recently. I mentioned that years ago I used Apple Remote Access for operating my home Mac from my work Mac but I couldn't try using the email or net remotely because I only had the one modem - which was being used for the Mac to Mac setup. I've got no idea if two modems could be used simultaneously in a situation like that, i.e. Remote (and modem) --> Home (and modem) Home (modem) --> ISP
Hi I have a linux server in turkey I get vpn to my family in iran it is work very good but I install open vpn on the server and I can connect to server from every very but cannot connect from iran. is there any connection to open vpn website in this program ??? because this site is filter in iran
Are you sure it's actually blocked? I just now (February 21, 11:30pm, Tehran time) had a long conversation with my brother in Iran and we found out that the network filter where he was, was preventing VPNs not by IP but by simply cutting off any connection that sends too much data to one location too fast. By throttling the bandwidth to 1 kilobyte per second, we were able to get him the connection he needed.
Dear Ben in Seattle, How did you limit the speed of primary connection negotiation in OpenVPN ? Does this affect the speed of data flowing in tunnel ? Regards, Maani
