New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Pakistan ISPs blocking IPs using VPN, etc.
Hello,
We have some clients from Pakistan, who use their purchased VPSs as VPNs.
They have used normal openvpn, as well as the "encrypted/scrambled" approach.
Give it a week or two, and the IP gets blocked at the ISP level from within Pakistan.
Any ideas / solutions to bypass this?
Thanks :-)
Comments
Using encryption is illegal in Pakistan. Maybe that's why.
There must be a different approach. They'd go without any VPN, but also there are voice servers running, which another thing that gets blocked ... hence the VPN server.
Try to make it not look like VPN, maybe using non-default ports like 80 or 443.
VPN already runs on 443, still same issue...
I am completely off the hook these days ...
The largest telco uses Chinese DPI tech - Likely due to less total throughput (no, not likely, reality) they can run more deeper anylsis and block easier.
SSH tunnels should work.
Actually they are not blocking VPNs specifically but the new infrastructure which they have introducted to block illegal content is not well optimized yet so that is causing a problem for legit users as well.
The only way I can think of fixing this as of now is asking your clients to report the IP blocking of their VPS at [email protected] & tell them that they are not doing anything illegal on their IP like hosting pornographic or content contaiing religious hatred and then PTA(Pakistan Telecommunication Authority) would unblock their IPs in 3 or 4 working days.
Have you tried this method?
Yes the European IPs of several of the game servers that we run for our gaming community were blocked in Pakistan. I emailed them about it with Gametracker links & they unblocked them within 3 or 4 days.
LOL no. That's not true.
According to http://www.techglobex.net/2011/08/pakistan-to-ban-encryption-software-and.html it seems to be the case though.
A vpn using port 8080 or maybe 21 or maybe 1080, is it possible?
Unlikely, it's DPI which (with ZTE/Huawei) does not rely on port info.
Try Softether, it is suppose to bypass DPI and disguise the vpn traffic as normal https traffic if you set it to run at port 443.
Use ICMP VPN. That might help.
If they are blocking IP, have you tried ipv6 IP's ?
please give feedback on IPV6 if you try it.
if SSH is working, you can route your vpn via SSH connection
e.g. with openvpn client script using TCP add (if socks port is 8080)
"socks-proxy localhost 8080"
openvpn via SSH is useful for skype and other applications.
if only web browsing, use web browser SSH socks
Till now, scramble openvpn working from China, except during busy hour
to europe, when you get lots of TLS handshake and reset errors,
outside busy hour it connects first time.
Does not work
Ask clients to use WITRIBE instead of PTCL as ISP. WITRIBE is fighting with PTA to fight against this blockade. Im using VPNs on WITRIBE even VONAGE devices without any issues since years
If you intend to use PTCL, just prioritize traffic via IPv6 and get an HE IPv6 tunnel. Works for me. I can even stream youtube
Any idea why on earth is PTA blocking legitimate traffic?
The government doesn't give two s**ts about anything other than keeping content in line with their religious and idealistic beliefs.
Having an HE IPv6 tunnel (far from Pakistan) would bring some issues as the devices are routing voice, etc.
It's just a random article with no source. The only thing the govt. cares about here is to block unlicensed international call termination gateways. They want to protect the monopoly of PTCL.
When it comes to Pakistan don't believe everything you read in the western media. According to me and millions of people who actually live in Pakistan encryption is not banned. SSL, SSH, PGP etc are all working fine. NADRA itself uses PKI to secure ID data of our citizens. Also see my site. If encryption is banned how come I'm not in jail ?
The government doesn't care about religion. It's actually some people who start protesting so they have to enact some token blocks to appease them. So politics basically.
Only 1% of the population has broadband so most people have no idea what they are protesting even.
VPNs got nothing to do wit their religious beliefs as far as I know.
I don't see that reported problem have any concern with VPN, Encryption or political blockage. I think, it is a case of Illegal call termination aka grey traffic.
And interesting fact about it is that, It is very hard to bypass, when they are monitoring for symmetrical bandwidth (incoming =~ outbound) !
While this is true ... voice traffic is not very high when compared to video for example.
Surely you are joking. They have blasphemy laws for christ's sake.
That falls under the idealistic beliefs I mentioned.
VPNs allow the people to access information the government feels it has a right to withhold from them.
No I'm not joking. Pakistani laws are based on English laws. Pakistan used to be a British colony and most of our laws are inherited from that time period. Blasphemy laws are of course newer but an example of the sort of laws the British left us with:
http://tribune.com.pk/story/677009/judicial-review-christian-divorce-law-is-insulting-to-women/
Anyway, generally speaking, laws are not enforced here. This is a pretty lawless country.
You have to wonder why PTCL doesn't protest against it. Maybe, just maybe youtube being blocked has nothing to do with an "anti-religious" video and it has to do with the millions they save in bandwidth costs while still charging the same to the customers.
And the reason they block VoIP so PTCL can maintain it's monopoly and because "it costs the Pakistani economy" is no different than killing someone who invents a cheaper alternative of petroleum.
The way people seem to get around this in other countries like UAE, Saudi Arabia is to use two way satellite. Its slow/expensive but you don't get this type of interference.
Not viable for budget providers .. surely not for $5 per month :P
I am not meaning for the provider but the user