I have been emailing with a user of my bridge who is located in Turkmenistan. They contacted me to say that their ISP has blocked my bridge(s) and to request I rotate either the domain name, IP address, or both.
Has anyone else found a solution seems to work in this scenario? I’m happy to request a new public IP from my VPS provider but I’d like to avoid purchasing new domain names every few months. Maybe the best option is to buy a cheap domain and setup a “private” bridge that isn’t distributed except manually? This bridge is using Webtunnel which the user says is usually harder for their ISP to detect. Should I switch to Lyrebird?
Dan via tor-relays <tor-relays@lists.torproject.org>:
Has anyone else found a solution seems to work in this scenario? I'm
happy to request a new public IP from my VPS provider but I'd like to
avoid purchasing new domain names every few months.
Unfortunately for Turkmenistan there is not really any generic
solution because the default policy is to block everything and then
allow some traffic to pass through.
It is also possible that the blocking is not specifically targeting the
address of that VPS, but rather the whole network of the provider was
blocked. This can happen because Turkmentelecom detected that too much
traffic was generated with that network and that they suspect it may be
used to establish secure communication. In that case, asking for a
different IP address will not solve the problem. There are periods
during which the censorship is softened which could explain why your
bridge has worked until now.
I would suggest that you try to determine how the censorship has been
done first but you may encounter difficulties with finding someone
competent enough to do this in the country. I could have a look at it
if you send me the details.
···
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Marco Moock via tor-relays <tor-relays@lists.torproject.org>:
Do they allow general CDNs like Cloudflare or Azure?
No, they are entirely filtered but a few specific addresses.
···
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org
Marco Moock via tor-relays <tor-relays@lists.torproject.org>:
Ok, but how do the people can then reach the bridges?
Are they whitelisted unintended or are they running on addresses that
were used by former sites that werde allowed?
Both options are possible. Sometimes some networks are found to be
completely reachable and the reason for why this happens is unknown.
The censors in Turkmenistan are also known for charging big sums to
provide unfiltered access or whitelist certain things, occasionally the
whitelisting is globally applied on all accesses.
···
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org