So, for privacy and security reasons, I use a VPN. This is normally Mullvad (with DAITA and quantum resistance enabled), but I have ProtonVPN, Windscribe, and Orbot handy in case something doesn’t work.

However, lately I’ve noticed my connections being blocked. This is across three different ISPs: Sky, Virgin, and Wifinity. I have tried all three VPNs and Orbot, and I have tried several protocols (WireGuard, OpenVPN, IKEv2, Stealth, and of course SOCKS5) to no avail.

The logical solution would be to use a bridge in Orbot, but the button seems to have been removed. Also, by using Orbot, I will not be protected by my DNS.

I am currently using iOS, but my other machines run Linux and I will be getting a GrapheneOS phone in the near future.

Can anyone help?

  • cmgvd3lw@discuss.tchncs.de
    link
    fedilink
    arrow-up
    2
    ·
    23 hours ago

    If you are failing to connect to VPN, try changing the MTU to a lower setting like 1376 or something. Then connect using wireguard protocol.

  • AstralPath@lemmy.ca
    link
    fedilink
    arrow-up
    35
    ·
    2 days ago

    AFAIK the IPs used by VPN providers are getting flagged and blocked by certain sites in an attempt to force you off of the VPN so they can suck up your data. I’m sure there are other reasons too.

  • ERROR: Earth.exe has crashed@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    11
    ·
    2 days ago

    Blocked?

    As in VPN failing to connect?

    Or the website you are attempting to visit giving you an error?

    Btw, Proton VPN’s latest version of the app has “Stealth” mode to attempt to bypass censorship, have you tried that?

    The lastest version of Orbot has a line below “Start VPN” that says “Choose how to connect” tap that and choose a bridge.

    Also, what country are you in, if you don’t mind me asking? (I don’t recognize the names of those ISPs)

    • Hellfire103@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 days ago

      VPN failing to connect. Stealth mode didn’t work, as described above. I’m in the UK.

      Another user provided a working solution:

      @hellfire103 I bet it’s the DAITA on your Mullvad, choose MultiHop instead with Wireguard, quantum resist. and obfuscation . Then use a Linux set from boot SOCKS5 as you desire. I hope it helps.

      However, alternative solutions would be appreciated.

  • u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org
    link
    fedilink
    English
    arrow-up
    8
    ·
    2 days ago

    Other than DAITA, Quantum resistance may also be a problem. From experience, the key exchange needs near-perfect connection, otherwise it keeps failing.
    This is further made into a problem by Android’s private DNS handling. If it times out for long enough (seems like 10 seconds), then even after Mullvad finally connects, the DNS won’t work.

  • fl42v@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    2 days ago

    Orbot supports bridges, but not all of them. What’s worse, the one type they lack is webtunnel, which would’ve likely helped (although, there’s this fork). The option configure 'em was moved into the connection dialog.

  • EngineerGaming@feddit.nl
    link
    fedilink
    arrow-up
    4
    ·
    2 days ago

    I am looking into obfuscation methods used in China now, like v2ray/VLESS/XRay. Maybe this would be the direction you’d want to go. I’d start with a good comparison article.

  • ma1w4re@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    2 days ago

    Omg same. In my case I use random open servers with xray. Usually servers located in France and Germany are blocked, but servers with Chinese info on them still work (not located in china, just description and title contains Chinese).

  • Monkey With A Shell@lemmy.socdojo.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    2 days ago

    Blocked as in sites reject traffic, or blocked as in can’t connect to the VPN?

    The former is on the far end and not uncommon. A lot of sites reject connections from known VPN endpoints because the same tunnels that provide privacy to you also provide privacy to attackers quit often. You just need to decide if the site is important enough to use without a cover.

    If it’s the latter, that would be a near end issue and would likely be your ISP or someone nearby that is looking to control your traffic.

    • Hellfire103@lemmy.caOP
      link
      fedilink
      English
      arrow-up
      4
      ·
      2 days ago

      It’s the latter. Damn Virgin!

      Fortunately, another user provided a working solution:

      @hellfire103 I bet it’s the DAITA on your Mullvad, choose MultiHop instead with Wireguard, quantum resist. and obfuscation . Then use a Linux set from boot SOCKS5 as you desire. I hope it helps.

      However, alternative solutions would be appreciated.