HI,
Where I am currently are blocking VPN, the Brume2 is Europe with my wireguard server, is there anyway I can connect to it using my Beryl travel router and obfuscate my connection to it ? I am able to connect to it but no website load as government here is blocking VPNs.
Anyone can help with it ? or have any solution to bypass this ban?
This does not make sense. If you can connect to your VPN, all websites should load using the VPN as well. So I would assume the WireGuard connection itself does not work. Can you ping your WireGuard server using the VPN tunnel?
That's why I am surprised too. I even tried nordvpn and proton directly on my travel.router and it connect but no website works. So government must have some tool that block the trafic but not connection to vpn. I don't have much knowledge of networking I am just guessing.
How do I ping it ?
No not possible, there must be something else going on here.
For vpn often dns must go over wan to resolve domain names for when a endpoint was a domain, so if connection works here and vpn shows connected there might be something that could have been broken.
Afaik gl firmware often tries to avoid dns leaks so it tries to route things through the tunnel this will work fine under most circumstances but on some not, this happens often when you try to reach a local dns on your network, or adguardhome, then the dns likely gets blocked by the killswitch.
Though if it is the case maybe someone can help with this since i don't know if anything has been changed to the dns settings, last time when i checked, i had alot of other issues such as vpn policies supposed to route over wan using the vpn dns, that blocked my iptv box😅
I just tried Surfshark app my phone. It get connected successfully but I don't get any vpn IP. I am not even using gl.inet here and still no website or app with internet works. This is 3rd commercial vpn I tried on 3 different devices. Directly or using Beryl . But result is same.
All this was working fine till yesterday when government started cracking down and banning VPNs
So they definitely have some technology that block internet even though you seem to be connected to the VPN server. I don't know what else it could be.
They unblocked VPNS temporarily and everything is now working. They are still testing I think so some time it starts working. I really need a solution to it as I don't know when they will block it again.
Please anyone can help with obfuscation ? how to do it ? which plugins to install and how to set it up ? If there is already a guide, can anyone share the link please ?
Thanks a lot
I have issues understanding why it fails.
Wireguard is udp, if udp fails the tunnel breaks and the vpn won't show connected, assuming you use surfshark and wireguard.
When this happens did you try to ping the gateway ip of the tunnel?, lets say in the vpn dashboard it shows 10.64.0.46/32 try pinging to 10.64.0.1 to determine if the tunnel is really down ?
They cannot block connection inside the tunnel that makes zero sense.
However they can detect wireguard easily with DPI and then drop or reject packets it will break the connection and tunnel, but they cannot interfere like that, that you still have a tunnel active.
My suspicion still point to a dns issue.
Edit
Even though you might not be censored, you can try searching about v2raya, singbox, shadowsocks although it is hard to find good documentation, i tried experimenting a little with v2raya but the ui won't allow me to create a server only clients but i surely think it is possible via the raw json configuration, but the server is as important too, because you need to use it as passthrough to wireguard.
On my VPN dashboard under wireguard server I have : 10.0.0.1/24 so I pinged 10.0.0.1 and here is the result :
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: seq=0 ttl=64 time=0.170 ms
64 bytes from 10.0.0.1: seq=1 ttl=64 time=0.138 ms
64 bytes from 10.0.0.1: seq=2 ttl=64 time=0.142 ms
64 bytes from 10.0.0.1: seq=3 ttl=64 time=0.143 ms
--- 10.0.0.1 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.138/0.148/0.170 ms
Wireguard can run over TCP, port 443 would be ideal for this obfuscation
Please keep in mind that WireGuard does not have session control, so it does not know if the connection succeeded or not. So if it's blocked it could be that it shows green but is still blocked.
Dude are you in Pakistan? Having the same issue here.....
Wireguard was working, now it is being blocked for last few days. Also looking into Obscuration solutions for glinet routers.
Currently, there is no built-in method for that.
v2ray should work if you set it up by yourself.
Best way to avoid detection is by using the VPN apps of your provider, they can do some magic.
It is frustrating that there it is so easy to block VPN and GliNet routers dont have any advanced obfuscation methods.
Pakistan started to block VPN as of last weekend so by GliNets are useless as bricks.
Unifi's wifiman and and android paid VPN apps are working (with shadowsocks enabled etc).
Too bad there isnt a method on Glinet to do this. Very disappointed. I'll try rooted andoid to pass through paid vpn and/or Unifi wifiman app's VPN to the PC.
Yes I am and I am going to lose my job if I don't find solution quickly. I am so stressed and I am not able to find any solution to bypass this.
how do you run WG on TCP ? I don't see any option in settings
Only by some self experiments, and I highly doubt it will work.
HTTPS traffic is pretty common, and deep packet inspection can check if it's HTTPS or something else.
I advise taking leave time for this week. I am going to try rooting my phone since you can connect to VPN using any app and pass it though to hotspot. (non rooted androids will not pass vpn to any hotspot). THEN i'll connect glinet to that hotspot and VPN through it or just connect to the phone if it doesn't work.
what area are you in?
are you able to advise how people use VPN in Iran/China, if you can. Not too much good info online for glinet
Unfortunately not.
It's pretty difficult to fight against DPI. v2ray might be a solution, but I don't know how to configure it and it would require plain OpenWrt, I assume.
Best is using VPN provider apps directly on end device.
I cannot give advise either. There are many ways that works well, but I am not expert.
There are also other products doing this job, at least they are advised to do so. So they are banned in those countries. So what is the difference that we add these features then being banned in these countries from that you find a way to do by yourself. The later is more realistic.