pluhmen

Dear tech bubble!

We as a company are struggling with the ongoing internet restrictions in #Iran as some of our colleagues live and are gradually unable to work there.

We do have a bunch of options to provide almost any every service even world wide.

Question is what will probably work, what's supposed to be resilient and stable for their everyday work.

#DevOps #Censorship

CC @qbi @nd @psy to gain reach. Thanks!

Jan 9, 2023 at 6:32pmWeb
Show threadpluhmenJan 10, 2023
Thank you all for your feedback, in the next couple of days we will test some of the proposals. 💛
Show threadRanizJan 9, 2023
@pluhmen @qbi @nd @psy
I'm not at all familiar with what kind of restrictions Iran imposes, but OpenVPN or Wireguard over port 443 might work.
Show threadpluhmenJan 9, 2023
@raniz @qbi @nd @psy That means shifting the port, but not the protocol. I heard of encapsulating VPN traffic in HTTP payload. Do you have/has someone any experience on this?
Show threadSador_Numspaq 🚴‍♀️Jan 10, 2023

@pluhmen @raniz @qbi @nd
@psy

Could this help?
https://taz.de/Reaktion-auf-Unterdrueckung-im-Iran/!5883510/

Reaktion auf Unterdrückung im Iran: Server gegen die Internet-Zensur

Das Regime im Iran schränkt den Internetzugang ein. Messengerdienste wie Signal bitten um Hilfe aus der Zivilgesellschaft. Die taz folgt dem Aufruf.

Show threadpluhmenJan 10, 2023
@Sador_Numspaq Not really as we are looking for unrestricted internet access on network layer not only for one protocol. But thanks anyway!
Show threadRanizJan 13, 2023

@pluhmen @qbi @nd @psy

OpenVPN can be tunneled through an HTTP proxy if that helps.

https://openvpn.net/community-resources/connecting-to-an-openvpn-server-via-an-http-proxy/

Connecting To An OpenVPN Server Via An HTTP Proxy. | OpenVPN

OpenVPN supports connections through an HTTP proxy, with the following authentication modes.

OpenVPN
Show threadKilian StolzJan 9, 2023
@pluhmen @qbi @nd @psy Create an SSH Tunnel to a host somewhere on the internet - could even be an instance at AWS or so. Terminate the SSH Tunnel at e.g. localhost port 3128. Use localhost:3128 as proxy in the browser settings. If the connection gets blocked one day, find another linux server somewhere.
Show threadpluhmenJan 9, 2023

@dasnachttier @qbi @nd @psy

Thanks for your answer, but that won't do, I guess.

In the first place they need a clandestine connection to the internet. On this hop we could establish forwading routes to our networks then.

Show threadKilian StolzJan 9, 2023
@pluhmen @qbi @nd @psy Hm… are there no official internet connections available? If so, there is literally nothing you can do. If there is a connection available you have to hide your traffic really really well. I don’t think the government can easily brake SSH. But of course you have to take care of e.g. DNS request. And it will be risky in general.What’s the use case?
Show threadCarsten Nielsen 🇺🇦 💚 🇪🇺 🇬🇱Jan 9, 2023
@pluhmen
You could run a ssh tunnel on any port you want and add a socks proxy on top.
@qbi @nd @psy
Show threadchristian mockJan 9, 2023
@pluhmen what services do they need? Like, it may be easier for a developer that can just "git push" over a slow connection than for someone that needs an interactive session...
Show threadpluhmenJan 9, 2023
@cm Basically it's a about free and unrestricted internet access. In parts it's about reaching our infrastructure, but that could be done on the first hop they connect to...