Bypassing locks of Roskomnadzor using ipv6 and 3proxy

Strangely enough, but the ILV still does not block sites that have an ipv6 address. Including Telegram, Rutracker and other resources.
That is, to remove restrictions, you need to somehow get into the ipv6 network. And "little blood"!
Bypassing locks of Roskomnadzor using ipv6 and 3proxy
It is not uncommon for fixed telephony operators to provide an IPv6 service (for example, DomPro). Simply connect the service and on the network interface of the router you accept the /64 prefix for your network.
Even if there is no such service, but you have a white ip, then you can use the technologies 6to4 to anycast address ???.1 or connect the tunnel from But in the first case, the packages are shamelessly lost (tested on different providers) , and in the second case when surfing sites determine that I'm from another country. Not comfortable. And the response time is great
subscribers of MTS there is also this service. It is free and is connected in your account.
And what if your provider does not issue ipv6 and you sit at nat?
Moreover, do not trust the dubious paid /free socks5 proxy! Also, you do not know what happens to these proxies with your traffic
There is an exit! Raise your ipv4-to-ipv6 proxy. You can even in Russia!
Plus from this solution is that you will have your own single proxy for home and for mobile Telegraph. Moreover, you have the opportunity to find the most close to your provider, which gives ipv? almost without losing speed.
That's exactly what I did. I found the cheapest vds hosting, checked its speed before me and deployed 3proxy

We deploy our proxy with ipv6.

I have been using for many years. for placing projects. For 8 years I never failed. But for home proxy, the price tag is still high.
The cheapest was the tariff for tariff s-kvm mini for 65 rubles per month + 1 ruble for ipv6. If there is cheaper - tell me. After all, the amphibian needs to be saved!
By habit, I chose a template with CentOS7 .
After ordering and paying you to the mail will drop access to the server. We connect to the ssh client (for example, Putty )
Immediately check the availability of ipv6 addresses
ping6 -c1
If the node answered, then continue.

Install 3proxy


yum install -y git gcc
git clone
cd 3proxy
make -f Makefile.Linux
make -f Makefile.Linux install
cp scripts /rc.d / /etc/init.d/3proxy
sed -i 's: /usr /local /etc /3proxy /bin /3proxy: /usr /local /bin /3proxy: g' /etc/init.d/3proxy
chmod + x /etc/init.d/3proxy
mkdir /var /log /3proxy /
systemctl enable 3proxy

We write the config file /usr/local/etc/3proxy/3proxy.cfg
/usr/local/etc/3proxy/3proxy.cfg [/b]
#! /usr /local /bin /3proxy

nserver ???.8

nscache 65536



# For debugging, enable logs by uncommenting the lines below.
# After you return # to not foul the disk.
#log /var /log /3proxy /log D
#archiver gz /bin /gzip% F
#rotate 30

# Here we write your exit addresses (issued by the host)
external ???.35
external 2001: db8: 55 :: 9
# and for the input
internal ???.35

# We register users for authorization in the login format: Encryption: password
# in our case login1 = tg encryption_on = CL password_text = tgtest1
# same as the user testuser
users tg: CL: tgtest1 testuser: CL: TesT

# Configure a connection to the http proxy only for tg, testuser
# -64 = if the domain has an ipv6 address, then go for it.
# If there is only ipv? then we use it. Made this profile for the browser.
# -p41000 - the port number on which to listen
auth strong
allow tg, testuser * * * *
deny *
proxy -64-p41000

# Configure socks5. Made only for Telegram
# -6 - Use only ipv6. If it does not exist, then ipr4 will not be used by
auth strong
allow tg * * * *
deny *
socks -6 -p42555


More details about the 3proxy capabilities can be found at the official website in Russian

You can optionally configure several blocks for different tasks. For example, running several socks with Ipv4 or ipv6 on different ports.


Run the proxy
    systemctl start 3proxy    


Do not forget to open the ports specified in the config
in the firewall.  


Basic protection of the server


Of course, that your server is not hacked, then it is necessary to provide at least minimal measures. For example, configure the firewall, install fail2ban, create a user with root privileges, and root itself to disable logging in to ssh, etc.
About the protection measures a lot of published material.

What I did for myself. It is not the final version of [/b]
I do not like firewalld and therefore I disable it and put my favorite iptables-services. Also put fail2ban

    yum install -y epel-release
yum install -y iptables-services fail2ban
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
service iptables save
systemctl start iptables


We open in the firewall our port, specified in the config 3proxy
    iptables -I INPUT -p tcp -m multiport --dports 4100?42555 -m comment --comment "proxy" -j ACCEPT
service iptables save


The fail2ban /etc/fail2ban/jail.conf configuration rule is

# Find this block and insert ip addresses. This is a white list, which you can not ban
ignoreip = ???.1/???.100.0/???.???.???/31


Immediately after writing JAILS, insert the following


enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var /log /secure
maxretry = 3

All. Run
systemctl enable fail2ban
systemctl start fail2ban
Do not forget to disable SELinux.


I have long used 3proxy for various tasks, including for proxy ipv4 to ipv6 (for example, SEO). But this ability of the proxy has now become very relevant.
We need to use this loophole until the monkeys from ILV learn and filter IPv6. And how to learn - we will find a new way :-)
+ 0 -

Add comment