this post was submitted on 29 Apr 2024
43 points (100.0% liked)

Selfhosted

40677 readers
463 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

Where I live wireguard and openvpn are completely blocked and my isp doesn't provide a public ip.

Tailsclale and cloudflare tunnels don't work either.

Is there a last resort method for accessing my home server (a mini pc running openwrt and docker).

Thanks!

top 22 comments
sorted by: hot top controversial new old
[–] [email protected] 19 points 7 months ago (1 children)

Tor's obfs4 protocol is pretty difficult to block, and it has some other transports that are options if obfs4 is unusable in a heavy censorship regime. This page is a good overview of how to start; with the right transport and bridge setup it'll be extremely difficult for your ISP to prevent you having access.

You could make your home server a securely-accessed onion site and connect to a remote-access-via-web service you're running there. That part might be a little challenging (and this process overall may be overkill) but it'd be very challenging for them to block it, I think, so if you've tried some things and had no luck, that might be the way to do it.

Be careful obviously

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago)

Tor only works with Snowflake bridges and the speed is very low.

[–] [email protected] 15 points 7 months ago

Sounds like your government is fairly strict on what you can do. I would suggest Tor but that may be illegal. I would be careful not to do anything that could jeopardize your safety.

[–] [email protected] 13 points 7 months ago* (last edited 7 months ago) (2 children)

Can you ssh out? You could setup a VPS somewhere and use remote port forwarding to tunnel back home.

ssh -R 80:localhost:80 user@vps # forward HTTP traffic from remote host to the local host

You can even run ssh over an ssh tunnel for inceptiony goodness.

ssh -R 2222:localhost:22 user@vps  # your home system
ssh -p 2222 homeuser@vps  # From your remote system
[–] [email protected] 5 points 7 months ago (1 children)

Yes I can SSH to my US vps. I'll give this a try thank you.

[–] [email protected] 6 points 7 months ago* (last edited 7 months ago)

SSH port forwarding is quite handy. You can have SSH setup a SOCKS proxy that you can use to send your browser traffic through the tunnel as well.

[–] [email protected] 1 points 7 months ago (1 children)

have you heard of sshuttle?

[–] [email protected] 3 points 7 months ago

Interesting - I had not. It was ages ago I was doing something like what I posted (well before that project ever got started) and it worked "well enough" for what I was doing at the time. Usually I'd run a SOCKS proxy on that second SSH line (-D 4444) and just point my browser at localhost:4444 to route everything home (or use foxyproxy to only route some traffic home).

Looks like sshuttle may have better performance though and provide similar functionality.

[–] [email protected] 8 points 7 months ago* (last edited 7 months ago) (2 children)

Find a cheap hosting solution that provides a fixed IP address, then host your own VPN or proxy server there.

Edit: if you use a non-standard port for the VPN, it should be less likely to be blocked.

[–] [email protected] 8 points 7 months ago* (last edited 7 months ago) (1 children)

To add on to this answer:

If they're blocking Wireguard/OpenVPN at the protocol level, there may not be anything you can do (running on a different port, etc).

If HTTPS works, between a cloud VPS and your home connection, you might be able to setup Nginx + VPN-WS on your cloud host to make a websocket-based VPN.

https://github.com/unbit/vpn-ws

I haven't tried this, but it looks solid enough. Just make sure you configure Nginx correctly for authentication since it doesn't do that on its own (intentionally since most web servers already have a solid authentication framework / plugin system).

You may also try SSH port forwarding. Basically your home device maintains a persistent connection to the cloud server over SSH and forwards one or more ports (its SSH, for example) over that, and the cloud server makes that available.

[–] [email protected] 3 points 7 months ago* (last edited 7 months ago)

This is the case unfortunately. They are blocked at protocol level.

[–] [email protected] 6 points 7 months ago

Wireguard doesn't obfuscate its traffic so non-standard ports may not help depending on how sophisticated the blocking is (they could recognize the protocol and block your traffic regardless of port).

[–] [email protected] 5 points 7 months ago* (last edited 7 months ago)

Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I've seen in this thread:

Fewer Letters More Letters
HTTP Hypertext Transfer Protocol, the Web
HTTPS HTTP over SSL
IP Internet Protocol
SSH Secure Shell for remote terminal access
SSL Secure Sockets Layer, for transparent encryption
VPN Virtual Private Network
VPS Virtual Private Server (opposed to shared hosting)

[Thread #725 for this sub, first seen 29th Apr 2024, 17:15] [FAQ] [Full list] [Contact] [Source code]

[–] [email protected] 4 points 7 months ago (1 children)

Have you tried https://shadowsocks.org/? I don't have any experience with it, but heard it is good at masquerading your traffic and making it almost impossible for your ISP to block it

[–] [email protected] 1 points 7 months ago

Shadowsocks is deprecated and doesn't work anymore.

[–] [email protected] 3 points 7 months ago (1 children)

@[email protected] I would try an ssh tunnel... not the best solution (you need to configure it as a SOCKS proxy and specify ports, etc), but worth a try.

[–] [email protected] 1 points 7 months ago (1 children)

It seems like this is the only solution. I'll give it a go.

[–] [email protected] 1 points 7 months ago

@[email protected] good luck and report back how it goes! :-)

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago) (1 children)

Try all the VPN technologies until you find one that may not be blocked.

Ipsec, ll2p, etc https://en.m.wikipedia.org/wiki/Tunneling_protocol

Heck... Ssh with port forwarding

Try configuring your VPN to use no encryption, that might allow it to get through

[–] [email protected] 1 points 7 months ago

All protocols are blocked. Proxying through v2ray/xray still works.

[–] [email protected] -1 points 7 months ago (1 children)

@mfat Depending on how they’re blocking VPNs (i.e. blocking specific ports, or allowing specific ports), you may be able to run one on a non-standard port. As an extreme example, you could run Wireguard on port 80 (HTTP), which is practically the last possible port that can ever be blocked on public internet.

[–] [email protected] 1 points 7 months ago* (last edited 7 months ago)

No they are blocked at protocol level no matter which port you use.