Bypassing locks of Roskomnadzor using ipv6 and 3proxy

Strangely enough, but the ILV still does not block sites that have an ipv6 address. Including Telegram, Rutracker and other resources.
 
 
That is, to remove restrictions, you need to somehow get into the ipv6 network. And "little blood"!
 
Bypassing locks of Roskomnadzor using ipv6 and 3proxy
 
 
It is not uncommon for fixed telephony operators to provide an IPv6 service (for example, DomPro). Simply connect the service and on the network interface of the router you accept the /64 prefix for your network.
 
Even if there is no such service, but you have a white ip, then you can use the technologies 6to4 to anycast address ???.1 or connect the tunnel from he.net. But in the first case, the packages are shamelessly lost (tested on different providers) , and in the second case when surfing sites determine that I'm from another country. Not comfortable. And the response time is great
 
subscribers of MTS there is also this service. It is free and is connected in your account.
 
 
And what if your provider does not issue ipv6 and you sit at nat?
 
Moreover, do not trust the dubious paid /free socks5 proxy! Also, you do not know what happens to these proxies with your traffic
 
 
There is an exit! Raise your ipv4-to-ipv6 proxy. You can even in Russia!
 
 
Plus from this solution is that you will have your own single proxy for home and for mobile Telegraph. Moreover, you have the opportunity to find the most close to your provider, which gives ipv? almost without losing speed.
 
 
That's exactly what I did. I found the cheapest vds hosting, checked its speed before me and deployed 3proxy
 
 

We deploy our proxy with ipv6.


 
 
I have been using for many years. FirstVDS.ru for placing projects. For 8 years I never failed. But for home proxy, the price tag is still high.
 
The cheapest was the tariff for Free-www.ru tariff s-kvm mini for 65 rubles per month + 1 ruble for ipv6. If there is cheaper - tell me. After all, the amphibian needs to be saved!
 
 
By habit, I chose a template with CentOS7 .
 
 
After ordering and paying you to the mail will drop access to the server. We connect to the ssh client (for example, Putty )
 
 
Immediately check the availability of ipv6 addresses
 
ping6 -c1 google.com
 
If the node answered, then continue.
 
 

Install 3proxy


 
 

yum install -y git gcc
git clone https://github.com/z3APA3A/3proxy/
cd 3proxy
make -f Makefile.Linux
make -f Makefile.Linux install
cp scripts /rc.d /proxy.sh /etc/init.d/3proxy
sed -i 's: /usr /local /etc /3proxy /bin /3proxy: /usr /local /bin /3proxy: g' /etc/init.d/3proxy
chmod + x /etc/init.d/3proxy
mkdir /var /log /3proxy /
systemctl enable 3proxy

 
 
We write the config file /usr/local/etc/3proxy/3proxy.cfg
 
 
/usr/local/etc/3proxy/3proxy.cfg [/b]
#! /usr /local /bin /3proxy
 

 
nserver[2001:4860:4860::8844]
 
nserver ???.8
 

 
nscache 65536
 
nscache???r3r3356.  

 
"Timeouts."  

 
daemon
 

 
# For debugging, enable logs by uncommenting the lines below.
 
# After you return # to not foul the disk.
 
#log /var /log /3proxy /log D
 
#archiver gz /bin /gzip% F
 
#rotate 30
 

 
# Here we write your exit addresses (issued by the host)
 
external ???.35
 
external 2001: db8: 55 :: 9
 
# and for the input
 
internal ???.35
 

 
# We register users for authorization in the login format: Encryption: password
 
# in our case login1 = tg encryption_on = CL password_text = tgtest1
 
# same as the user testuser
 
users tg: CL: tgtest1 testuser: CL: TesT
 

 
# Configure a connection to the http proxy only for tg, testuser
logins.  
# -64 = if the domain has an ipv6 address, then go for it.
 
# If there is only ipv? then we use it. Made this profile for the browser.
 
# -p41000 - the port number on which to listen
 
auth strong
 
allow tg, testuser * * * *
 
deny *
 
proxy -64-p41000
 

 
# Configure socks5. Made only for Telegram
 
# -6 - Use only ipv6. If it does not exist, then ipr4 will not be used by
 
flush
 
auth strong
 
allow tg * * * *
 
deny *
 
socks -6 -p42555

 

 
More details about the 3proxy capabilities can be found at the official website in Russian
 

 
You can optionally configure several blocks for different tasks. For example, running several socks with Ipv4 or ipv6 on different ports.
 

 

 
Run the proxy
 
    systemctl start 3proxy    

 

 
Do not forget to open the ports specified in the config
in the firewall.  

 

Basic protection of the server


 

 
Of course, that your server is not hacked, then it is necessary to provide at least minimal measures. For example, configure the firewall, install fail2ban, create a user with root privileges, and root itself to disable logging in to ssh, etc.
 
About the protection measures a lot of published material.
 

 
What I did for myself. It is not the final version of [/b]
I do not like firewalld and therefore I disable it and put my favorite iptables-services. Also put fail2ban
 

 
    yum install -y epel-release
yum install -y iptables-services fail2ban
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
service iptables save
systemctl start iptables

 

 
We open in the firewall our port, specified in the config 3proxy
 
    iptables -I INPUT -p tcp -m multiport --dports 4100?42555 -m comment --comment "proxy" -j ACCEPT
service iptables save

 

 
The fail2ban /etc/fail2ban/jail.conf configuration rule is
 

 
# Find this block and insert ip addresses. This is a white list, which you can not ban
 
ignoreip = ???.1/???.100.0/???.???.???/31

 

 
Immediately after writing JAILS, insert the following
 

 
# JAILS
 
[ssh-iptables]
 

 
enabled = true
 
filter = sshd
 
action = iptables[name=SSH, port=ssh, protocol=tcp]
 
logpath = /var /log /secure
 
maxretry = 3

 
 
All. Run
 
systemctl enable fail2ban
 
systemctl start fail2ban
 
 
 
 
Do not forget to disable SELinux.
 
 

Conclusion


 
 
I have long used 3proxy for various tasks, including for proxy ipv4 to ipv6 (for example, SEO). But this ability of the proxy has now become very relevant.
 
 
We need to use this loophole until the monkeys from ILV learn and filter IPv6. And how to learn - we will find a new way :-)
+ 0 -

Add comment