Internet censorship circumvention for Iran
This post discusses possible solutions for Iranians wanting to circumvent Internet censorship.
On May 22, 2023, a user published on GitHub a long report on the state of Internet censorship in Iran. He wrote that restrictions are implemented ISP by ISP. Blocking techniques are different between MCI Hamrah Aval and MTN Irancell. As well as TCP blocking, UDP is commonly throttled, making audio and video calling impractical. In some cases the “GFW Iran” applies a blanket block to entire server IP address ranges. This makes circumvention techniques useless. No proxy server will work on such an IP.
The best protocol this user had found was Xray REALITY. Even here, apart from IP address blocks, you must also pay attention to blocks on certain SNIs. Courtesy of SasukeFreestyle, here is a list of SNIs believed to work in Iran:
1 | www.google-analytics.com |
The GFW Iran is rapidly implementing new blocking and throttling strategies. A more recent SNI suggestion to reduce throttling:
1 | www.speedtest.net |
In order to set up Xray REALITY, you will need a virtual private server (VPS). Acquiring a VPS can be a problem. On September 23, 2022, Anthony J. Blinken, U.S. Secretary of State, announced a relaxation of sanctions to allow Iranians to purchase anti-censorship technology. “As a result of this expanded General License,” he wrote, “technology firms will be able to provide more digital services to people in Iran, from access to cloud computing services to better tools to enhance their online security and privacy.” Unfortunately I have heard of few tangible outcomes from the General License. Some VPS providers you might try are AlphaVPS, RackNerd, Noez, or Aeza.
You’ll also need computer knowledge. Although using an installation script makes server set-up easier, administering a Linux server is not a job for beginners.
Manual configuration
Various articles on this blog demonstrate setting up an Xray REALITY server and client:
Scripted configuration
The above tutorials assume you want to set up your server manually, step by step. There are also various scripts on GitHub. Here is one such script:
FastReality script
I also tried another script, the FastReality script. I found this only worked where my user was set up to authenticate with a password. I could not get the script to work on a server that used SSH key authentication. Also, contrary to the instructions in the README, I found it was necessary to run bash as root:
1 | sudo curl -s https://raw.githubusercontent.com/MohsenHNSJ/FastReality/master/Reality.sh | sudo bash |
You then wait a few minutes for the script to run.
At the end of the run, the script displays a QR code.
You can check the status of the xray service with:
1 | systemctl status xray |
You can check the logs for the xray service with:
1 | journalctl -u xray |
For the client, I used https://github.com/2dust/v2rayN/releases/download/6.27/v2rayN-With-Core.zip and substituted in the latest xray.exe version 1.8.3 from https://github.com/XTLS/Xray-core/releases/download/v1.8.3/Xray-windows-64.zip. (Copy Xray-windows-64\xray.exe into v2rayN-With-Core\v2rayN-With-Core\bin\Xray replacing the existing xray.exe.)
You can change the v2rayN panel language to English or Farsi if you prefer. If you have never done this before, watch the video demonstration How to change v2rayN to English.
To allow you to use any browser, find the v2rayN icon in the system tray, right-click on the icon to bring up the context menu, then select Set system proxy.
Now use the menu option to add a server by the method Scan QR code on the screen. Make sure your QR code is visible when you click this button.
You may need to adjust the parameters. For example, in the screenshot the IP address is an internal IP address. It must be changed to the public IP address of the server.
Click Confirm.
Visit a site outside the firewall to see if you can connect. For example, visit https://www.bbc.com/persian.
