Upload throttling in Iran #171
Comments
|
Please, this is not the place for this kind of discussion. The purpose of this forum is sharing information that can be useful for developers of circumvention systems or people studying censorship. It is not for technical support. A better place to ask this question may be on a V2Ray support forum. If you think you are experiencing a new kind of blocking in Iran, that would be on topic. But then in order to be useful, your post needs to have some technical information. We would need to know, at a minimum, when you started having problems with the servers (date and time), and what transports you have configured with V2Ray. We would also want to know what client implementations you are using to connect to the servers. If you find that the servers are sometimes blocked, and sometimes unblocked, that can also be an on-topic discussion, because it could enable us to find protocol features that trigger the blocking. But only after you have checked the other Iran threads and checked that it is not something already known, like TLS fingerprint blocking. |
|
@wkrp Laugh, If you will. This test was conducted near 1 AM in Iran GMT, where speeds are usually better. And this test doesn't show packet loss, which is actually the main issue here. The only way(s) to circumvent this issue, is either:
|
|
@arandomgstring thank you very much, that's information we can work with. Do you know what date it started to become throttled? Any news articles or discussions posted elsewhere? Do you know if it affects all ports? The speedtest probably uses HTTPS on port 443. ANother thing to try is QUIC. My immediate thought is to compare to research on throttling in Iran in 2011 and 2012:
|
|
Currently, the best working solution in Iran is peer-to-peer file uploads or sharing using the WebRTC STUN protocol. |
|
@wkrp https://www.zoomit.ir/tech-iran/387816-upload-speed-reduction/ To quote:
According to Zoomit, ISPs claim that there is no problem (lol) and that's it. I couldn't find any other article, and it is to be expected because Goverment is not usually lenient toward bad news. The date of article is for 1 month ago. So it seems it has nothing to do with either of protocol and port. According to my personal experience, however, SSH is almost blocked on port 22 to foreign servers. By that I mean it is heavily throttled to the point of being useless. I can't even run a single command. But changing the port to something high and random fix this issue. As for UDP, after the blockage of Wireguard, it seems that UDP to not well known foreign servers is almost blocked. The exception is port 53 (which is used for DNS), but again sending too much traffic through that port, results in temporarily blockage of that foreign IP. This might have changed, my tests were conducted 1 month ago for this purpose, though I doubt it. QUIC is not an usual traffic in Iran. From my personal experience, only google use this with a few exceptions. So building a VPN with this protocol doesn't seem to be very safe, moreover QUIC uses UDP in the first place, so I doubt about its performance. |
|
Indeed, the future of Iran depends on P2P. It's unfortunate however that users are behind NAT and we need STUN protocol with an intermediary website to initiate initial connection (with UDP or TCP punch holing). The problems are:
@hamedsbt So have you tested those services? What were the results? I mean speed, packet loss, etc? |
thanks for you information bro I was thinking the same for getting an iran VPS and connecting it with the foreign one I currently have multiple protocols running on my foreign VPS |
|
Hello. I recently ran into the same problem. I have 2 servers, I configured both in the same way, but one of the servers works without any problem and one of the servers has 0 upload speed when I test the speed with speedtest. I should also say that the first server had a problem, but the problem was solved by changing the node several times. Does anyone know a solution? |
|
You should carefully study configs here https://github.com/XTLS/Xray-examples to write configs for yourself, instead of relying on oneclick scripts. That said, I think the easiest way to use your Iranian VPS as the first hop and the Foreign VPS as second hop would be as follows:
Look carefully, I used VMESS for inbound of your Iranian VPS and its outbound is VLESS (just what I used for your foreign server).
Of course you need not to write first and third config by your self. The only config you need to write by yourself is the second one, the Iranian server, which its outbound depends on your foreign server's inbound config. This is not the securest way to do this, but it works and I assure you as long as you keep it for personal use, no one will notice what you have done. |
|
Don't pay attention to Speedtest results too much. As long as your server works, hey it works! I mean if the upload speed was actually 0, you couldn't have opened the Speedtest website in the first place. Since you need to send a query to your VPS server, and ask it to open Speedtest for you. With actual 0 upload speed, you couldn't even send such queries. You couldn't have even connected to your server. Anyway, what is the difference between those servers? Have you bought them from different VPS providers? Are they located in different part of the world? What's the difference between those too? |
|
@arandomgstring yes it opens websites but can't use whatsapp call for
example. Yes, it was purchased from one place, but they changed the node
for me several times until the problem of one of them was solved.
…On Thu, Dec 15, 2022 at 11:56 PM arandomgstring ***@***.***> wrote:
@MH140000 <https://github.com/MH140000>
Don't pay attention to Speedtest results too much. As long as your server
works, hey it works! I mean if the upload speed was actually 0, you
couldn't have opened the Speedtest website in the first place. Since you
need to send a query to your VPS server, and ask it to open Speedtest for
you. With actual 0 upload speed, you couldn't even send such queries. You
couldn't have even connected to your server. Anyway, what is the difference
between those servers? Have you bought them from different VPS providers?
Are they located in different part of the world? What's the difference
between those too?
—
Reply to this email directly, view it on GitHub
<#171 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCWHPPGT2WSTL7BXOMTFY3WNN5GRANCNFSM6AAAAAAS4JFRSI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
@arandomgstring I have two questions: 1- I heard about restricted access to iran vpses by the government like you have to validate yourself for them or something like that do you know a good iran datacenter to use for my purpose sry if it's off-topic? ✋ 👍 2- in Iran server config there is 0.0.0.0 for the address: thanks for your time 👍 |
Actually, #131 (in Iran) was plain old TCP TLS fingerprinting. It was an attack not against the peer-to-peer WebRTC/DTLS connection, but against the initial rendezvous step (registration with the Snowflake broker). The earlier #97 / #40014 (in Russia) was DTLS fingerprinting. |
|
Is there a solution to this problem? If this problem continues, we will practically stop using the Internet because we have trouble even sending a message. |
So you are using cloudflare CDN, yes? And by changing node, you mean you have created a few accounts in Cloudflare until one of them worked? If so, it is a known (old) issue. Many VPNs use cloudflare CDN to hide their real IP from ISPs. Our ISPs, foolishly block Cloudflare IPs in response. Each time that you create a Cloudflare account, a random name server (and IP) is given to you. It just so happens that sometimes you get already censored IPs from Cloudflare. So you have to switch accounts to get a non-blocked IP. And the problem you are currently facing with your server stems from the fact that you are using Cloudflare; if you turn it off, you can use your VPS as you normally would. |
Correct. All Iran's Datacenters ask for your national ID + your Iranian phone number that you need to verify. There is no good or bad service, many people are using Arvancloud that has the heaviest restriction regarding proxies, VPNs, etc. And if they catch you using a proxy on their services, they will block your service, and the money you have on their accounts. Then you need to give them an assurance that you won't do it anymore (you can give them nothing of course, but your service remains blocked). Parspack, Asiatech, etc are also being used. Honestly, it doesn't matter where you get your Iranian VPS. You have to test until you find a suitable one that doesn't cost too much and doesn't monitor your activity too much :).
First of all, note that if you don't write "listen": "0.0.0.0" at all, your config itself will assume that "listen": "0.0.0.0". Secondly, 0.0.0.0 means that your proxy server will listen to all network cards that your Iranian VPS has, on port 123. So if a user connects to xx.xx.xx.xx where xx.xx.xx.xx is the IP address of your Iranian VPS and send data to port 123, your proxy server will receive this and redirect it to your proxy server that you have written in outbound. Usually, a VPS has only one IP, but if it has several IPs, then you can connect to any of those IPs and send data to 123 to proxify your traffic. Of course, if you write "listen": "127.0.0.1" you can't proxify your traffic with xx.xx.xx.xx (your server IP) anymore. Since v2ray or xray doesn't listen on all IPs. However, you can make "listen": "127.0.0.1" work as well.
It sounds complex, but it isn't complex at all. It is a lot more secure as well. Take a look at this https://github.com/XTLS/Xray-examples/tree/main/VLESS-WSS-Nginx for example. Your xray listens on "/dev/shm/Xray-VLESS-WSS-Nginx.socket,0666" (It is a unix socket. I know it looks weird, but it is similar to 127.0.0.1. You can write 127.0.0.1 instead of it.) while Nginx with proxy_pass http://unix:/dev/shm/Xray-VLESS-WSS-Nginx.socket; get data from you on xx.xx.xx.xx and redirect it to /dev/shm/Xray-VLESS-WSS-Nginx.socket, which will proxify your traffic as a result. |
Hi. no By changing the node, I did not mean changing the account in Cloudflare, but changing the location of the vps by the support team. I don't know why some servers have no problem with v2ray but some servers show 0 upload speed. |
|
@arandomgstring |
|
@Evolve6996 @MH140000 |
Unfortunately, this is not the case. Because my ip was changed several times by the place I bought the server from, but the problem was not solved until they gave me the first ip that I had received before and changed the server node again, and the problem was solved. But recently, my friend bought another server from the same country, but he has a problem with the upload speed. |
I started changing my VPNs from UDP like 3 mounts ago I think most VPNs works not good on UDP now |
|
@Evolve6996 |
|
on windows, you can do it in the registry there are multiple guides on google it's called Nagle's algorithm I don't know server can force it or not. I have a question about how to run a DNS server on my VPS to get around geo-restricted websites and services if you know how to do that please let me know I don't wanna talk here cause its offtopic seems GitHub does not have dm 😞 thanks 👍 |
Interesting, I saw Nagle's algorithm on wikipedia. It doesn't seem to be disabling ack packets altogether, rather it controls the generated traffic, making it more efficient. But I might be wrong. You can use BBR feature on linux though, to make your traffic more efficient. Use this https://github.com/iyidengme/Linux-NetSpeed-By-ylx2016 . But I don't know which option is the most efficient one. I am using BBR+FQ and it does make things better, for me at least.
Why do you want to run a DNS server in the first place? you can simply force DNS queries through v2ray by using either proxifier, neckoray, or fakedns, or many other possible options. However, if you really need to run dns server, you can do it by https://dnscrypt.info/implementations . Also here https://tachyondevel.medium.com/%E6%BC%AB%E8%B0%88%E5%90%84%E7%A7%8D%E9%BB%91%E7%A7%91%E6%8A%80%E5%BC%8F-dns-%E6%8A%80%E6%9C%AF%E5%9C%A8%E4%BB%A3%E7%90%86%E7%8E%AF%E5%A2%83%E4%B8%AD%E7%9A%84%E5%BA%94%E7%94%A8-62c50e58cbd0 you can see how DNS requests are parsed by xray. |
hmm heard from multiple sources about Nagle I never test it to see if it actually works but heard from players of world of warcraft it did make a difference for them. btw, I think it needs Wireshark and right now I don't have time for it to test. I am kinda sure about reducing ack delays good for gaming tho you can use (TCP optimizer tool by speed guide) they have articles about these options too.
don't know how it exactly works and if there are different good configs and variations of it for gaming. I just know it's about TCP window size and it should comes into play when congestion happens and ... btw I have read it causes more retransmitting
I want it for PayPal and some games I think proxy dns through Xray will cause like if anything happens in terms of blocking or throttling for Xray it will impact your dns aswell right? i didn't say wanna forward queries only i like to do something simmilar to electro or shecan service but in very smaller scale so traffic should comes from vps server aswell not only queries right? they gonna block my server connection maybe i don't wanna bypass censor tho thanks ❤️ |
|
@Evolve6996
Yes.
You don't want to bypass censor?! Well at any rate with DNSencrypt you can make something similar to shekan service. Although shekan is plain DNS, and DNSencrypt uses https or tls to hide your service. Then with an application such as YogaDNS you can connect to your DNS server. |
|
hi there guys.
|
|
@Hadi-1624 |
guys, TLDR I analyzed the situation and found something this could be a workaround for current upload or download throttling to foreign hosts it worked for me very good but I don't know what would be the impact of it in terms of blacklisting your VPS by government firewall or anything happens when you enable allow insecure option in terms of Tls authentication. btw in your v2ray client set your Sni field to something whitelisted in Iran something like an Iranian website for example Uplod.ir then enable allow insecure option hope this works for you 💟 |
|
@Evolve6996 thanks very much.
…On Thu, Dec 22, 2022 at 1:39 PM Evolve6996 ***@***.***> wrote:
*Solution for throttling? :*
guys, TLDR i analyzed the situation and found something this could be a
workaround for current upload or download throttling to foreign hosts it
worked for me very good but I don't know what would be the impact of it in
terms of blacklisting your VPS by government firewall or anything happens
when you enable allow insecure option in terms of Tls authentication. btw
*in your v2ray client set your Sni field to something whitelisted in Iran
something like an Iranian website for example Uplod.ir then enable allow
insecure option, it fixed my throttling*
hope this works for you 💟
—
Reply to this email directly, view it on GitHub
<#171 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCWHPOLTDVGP4WGUZIVPC3WOQSFZANCNFSM6AAAAAAS4JFRSI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
It's totally fine, but since they are throttling upload based on SNI rather than IP range, shows that some foreign servers are not being throttled, otherwise they would have done their restriction based on IP rather than SNI, which is full-proof and resistant against SNI tempering. But what are these foreign servers? Google drive maybe? If so, then changing SNI to these unthrottled foreign domains seems to be a safer option. The main downfall of your method is that it's incompatible with CDNs, but I think that is it. |
|
@Evolve6996 Apparently, limited addresses solve the problem. I tested many domains but it didn't work except for one or two of them. |
|
@arandomgstring Thanks for your tips about ssh, I'd like to try that. |
|
I had an additional question |
We cannot never know, unless you try it, in theory, if you become successful at using ArvanCDN, your proxy will work even in the case of national Internet. But from what I have heard and know, their CDN is very incapable, to the point that famous Iranian websites have opted for hostdl CDN which is super expensive btw. |
|
hi. If you get any more info please share it here because it's only one or
two domains that solve the problem with sni.
…On Fri, Dec 23, 2022 at 10:51 AM arandomgstring ***@***.***> wrote:
@Hadi-1624 <https://github.com/Hadi-1624>
Is it possible to use Arvan Cloud CDN and a domain to bypass upload limit
restrictions?
We cannot never know, unless you try it, in theory, if you become
successful at using ArvanCDN, your proxy will work even in the case of
national Internet. But from what I have heard and know, their CDN is very
incapable, to the point that famous Iranian websites have opted for hostdl
CDN which is super expensive btw.
—
Reply to this email directly, view it on GitHub
<#171 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCWHPI56KO5XCT4UTZJYN3WOVHIFANCNFSM6AAAAAAS4JFRSI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
The procedure for doing so is similar to that of Cloudflare . Except that instead of using Cloudflare name servers, you will use Arvan name servers. And don't forget that CDNs usually work with websockets, so the network settings of v2ray is ws. |
oh good to know its safe 👍
didn't test it finding them should be easy tbh my internet now behave weirdly also and it changes from time to time and IP to IP it's now fine without sni tempering I cannot test now 😕
probably doesn't matter there is no foreign CDN to work well currently I think Cloudflare works good for whitelisted IPs or domains? I have a question is DNSencrypt can bypass censors like vpn? @MH140000 > hi. If you get any more info please share it here because it's only one or test linkirani.ir soft98.ir leader.ir it could be anything whitlisted. if it not solves your server's problems maybe your server is suffering from throttling plus something different. |
|
@Evolve6996 Hi. Where can I find the white list of websites?
…On Sun, Dec 25, 2022 at 1:23 PM Evolve6996 ***@***.***> wrote:
@arandomgstring <https://github.com/arandomgstring>
It's totally fine, but since they are throttling upload based on SNI
rather than IP range, shows that some foreign servers are not being
throttled, otherwise they would have done their restriction based on IP
rather than SNI, which is full-proof and resistant against SNI tempering.
oh good to know its safe 👍
I have read about allowing insecure it seems it discards certificate
validation. now if I check this option it means regardless of the
certificate it creates a tls connection so still everything encrypted right?
But what are these foreign servers? Google drive maybe? If so, then
changing SNI to these unthrottled foreign domains seems to be a safer
option.
didn't test it finding them should be easy tbh my internet now behave
weirdly also and it changes from time to time and IP to IP it's now fine
without sni tempering I cannot test now 😕
The main downfall of your method is that it's incompatible with CDNs, but
I think that is it.
probably doesn't matter there is no foreign CDN to work well currently I
think Cloudflare works good for whitelisted IPs or domains?
@MH140000 <https://github.com/MH140000>
hi. If you get any more info please share it here because it's only one or
two domains that solve the problem with sni.
test linkirani.ir soft98.ir leader.ir it could be anything whitlisted. if
it not solves your server's problems maybe your server is suffering from
throttling plus something different.
—
Reply to this email directly, view it on GitHub
<#171 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ACCWHPPITA42GOMKDHDGCMLWPAKTJANCNFSM6AAAAAAS4JFRSI>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
how do we find them bro unless see their whitelist? all you can do is trial and error. |
I bought two servers from Hetzner Germany |
میشه ولی اصل پیشنهاد نمیشه مگر اینکه بخوایید استفاده شخصی انجام بدید But it is not recommended unless for personal use |
Would you please explain how to set Sni? I can not find it on my panel. I am using x-ui panel Chinese version. |
Which part of the panel is this option located exactly? |
I did it but it didn't work |
|
I bought two servers at the same time in one day from Germany location, Falkenstein. |
it's not on the panel bro I said your client, not the server I am using v2rayn it has an option if you using nekoray or something you can use it
That's sad, use other websites as well seems (google.com) is also working I tested on my VPS. |
|
The fact that each region and area have their own different throttling makes this very frustrating. |
Hi, several days ago I tested and it works properly but a bit slow. |
|
There is a situation that i do not understand.
Why is this happening? when using no vpn and using speed tests, my upload speeds are very low and fluctuating to the countries outside Iran. Edit: I do not use any relay servers, I am using cloudflare for CDN |
Hi
Are You ok ?
Recently, I have a problem uploading on the servers I built in Iran
And when I test the network, the upload speed is below zero
This problem has caused me to face frequent hi-fi interruptions and I don't know how to fix this problem
Please help me to increase the upload and download speed
The text was updated successfully, but these errors were encountered: