Bypassing locks of Roskomnadzor using ipv6 and 3proxy
Strangely enough, but the ILV still does not block sites that have an ipv6 address. Including Telegram, Rutracker and other resources.
That is, to remove restrictions, you need to somehow get into the ipv6 network. And "little blood"!

It is not uncommon for fixed telephony operators to provide an IPv6 service (for example, DomPro). Simply connect the service and on the network interface of the router you accept the /64 prefix for your network.
Even if there is no such service, but you have a white ip, then you can use the technologies 6to4 to anycast address ???.1 or connect the tunnel from he.net. But in the first case, the packages are shamelessly lost (tested on different providers) , and in the second case when surfing sites determine that I'm from another country. Not comfortable. And the response time is great
subscribers of MTS there is also this service. It is free and is connected in your account.
And what if your provider does not issue ipv6 and you sit at nat?
Moreover, do not trust the dubious paid /free socks5 proxy! Also, you do not know what happens to these proxies with your traffic
There is an exit! Raise your ipv4-to-ipv6 proxy. You can even in Russia!
Plus from this solution is that you will have your own single proxy for home and for mobile Telegraph. Moreover, you have the opportunity to find the most close to your provider, which gives ipv? almost without losing speed.
That's exactly what I did. I found the cheapest vds hosting, checked its speed before me and deployed 3proxy
I have been using for many years. FirstVDS.ru for placing projects. For 8 years I never failed. But for home proxy, the price tag is still high.
The cheapest was the tariff for Free-www.ru tariff s-kvm mini for 65 rubles per month + 1 ruble for ipv6. If there is cheaper - tell me. After all, the amphibian needs to be saved!
By habit, I chose a template with CentOS7 .
After ordering and paying you to the mail will drop access to the server. We connect to the ssh client (for example, Putty )
Immediately check the availability of ipv6 addresses
If the node answered, then continue.
We write the config file /usr/local/etc/3proxy/3proxy.cfg
/usr/local/etc/3proxy/3proxy.cfg [/b]
More details about the 3proxy capabilities can be found at the official website in Russian
You can optionally configure several blocks for different tasks. For example, running several socks with Ipv4 or ipv6 on different ports.
Run the proxy
Do not forget to open the ports specified in the config
in the firewall.
Of course, that your server is not hacked, then it is necessary to provide at least minimal measures. For example, configure the firewall, install fail2ban, create a user with root privileges, and root itself to disable logging in to ssh, etc.
About the protection measures a lot of published material.
That is, to remove restrictions, you need to somehow get into the ipv6 network. And "little blood"!

It is not uncommon for fixed telephony operators to provide an IPv6 service (for example, DomPro). Simply connect the service and on the network interface of the router you accept the /64 prefix for your network.
Even if there is no such service, but you have a white ip, then you can use the technologies 6to4 to anycast address ???.1 or connect the tunnel from he.net. But in the first case, the packages are shamelessly lost (tested on different providers) , and in the second case when surfing sites determine that I'm from another country. Not comfortable. And the response time is great
subscribers of MTS there is also this service. It is free and is connected in your account.
And what if your provider does not issue ipv6 and you sit at nat?
Moreover, do not trust the dubious paid /free socks5 proxy! Also, you do not know what happens to these proxies with your traffic
There is an exit! Raise your ipv4-to-ipv6 proxy. You can even in Russia!
Plus from this solution is that you will have your own single proxy for home and for mobile Telegraph. Moreover, you have the opportunity to find the most close to your provider, which gives ipv? almost without losing speed.
That's exactly what I did. I found the cheapest vds hosting, checked its speed before me and deployed 3proxy
We deploy our proxy with ipv6.
I have been using for many years. FirstVDS.ru for placing projects. For 8 years I never failed. But for home proxy, the price tag is still high.
The cheapest was the tariff for Free-www.ru tariff s-kvm mini for 65 rubles per month + 1 ruble for ipv6. If there is cheaper - tell me. After all, the amphibian needs to be saved!
By habit, I chose a template with CentOS7 .
After ordering and paying you to the mail will drop access to the server. We connect to the ssh client (for example, Putty )
Immediately check the availability of ipv6 addresses
ping6 -c1 google.com
If the node answered, then continue.
Install 3proxy
yum install -y git gcc
git clone https://github.com/z3APA3A/3proxy/
cd 3proxy
make -f Makefile.Linux
make -f Makefile.Linux install
cp scripts /rc.d /proxy.sh /etc/init.d/3proxy
sed -i 's: /usr /local /etc /3proxy /bin /3proxy: /usr /local /bin /3proxy: g' /etc/init.d/3proxy
chmod + x /etc/init.d/3proxy
mkdir /var /log /3proxy /
systemctl enable 3proxy
We write the config file /usr/local/etc/3proxy/3proxy.cfg
/usr/local/etc/3proxy/3proxy.cfg [/b]
#! /usr /local /bin /3proxy
nserver[2001:4860:4860::8844]
nserver ???.8
nscache 65536
nscache???r3r3356.
"Timeouts."
daemon
# For debugging, enable logs by uncommenting the lines below.
# After you return # to not foul the disk.
#log /var /log /3proxy /log D
#archiver gz /bin /gzip% F
#rotate 30
# Here we write your exit addresses (issued by the host)
external ???.35
external 2001: db8: 55 :: 9
# and for the input
internal ???.35
# We register users for authorization in the login format: Encryption: password
# in our case login1 = tg encryption_on = CL password_text = tgtest1
# same as the user testuser
users tg: CL: tgtest1 testuser: CL: TesT
# Configure a connection to the http proxy only for tg, testuser
logins.
# -64 = if the domain has an ipv6 address, then go for it.
# If there is only ipv? then we use it. Made this profile for the browser.
# -p41000 - the port number on which to listen
auth strong
allow tg, testuser * * * *
deny *
proxy -64-p41000
# Configure socks5. Made only for Telegram
# -6 - Use only ipv6. If it does not exist, then ipr4 will not be used by
flush
auth strong
allow tg * * * *
deny *
socks -6 -p42555
More details about the 3proxy capabilities can be found at the official website in Russian
You can optionally configure several blocks for different tasks. For example, running several socks with Ipv4 or ipv6 on different ports.
Run the proxy
systemctl start 3proxy
Do not forget to open the ports specified in the config
in the firewall.
Basic protection of the server
Of course, that your server is not hacked, then it is necessary to provide at least minimal measures. For example, configure the firewall, install fail2ban, create a user with root privileges, and root itself to disable logging in to ssh, etc.
About the protection measures a lot of published material.
What I did for myself. It is not the final version of [/b]
I do not like firewalld and therefore I disable it and put my favorite iptables-services. Also put fail2ban
We open in the firewall our port, specified in the config 3proxy
The fail2ban /etc/fail2ban/jail.conf configuration rule is
Immediately after writing JAILS, insert the following
All. Run
systemctl enable fail2ban
systemctl start fail2ban
Do not forget to disable SELinux.
I have long used 3proxy for various tasks, including for proxy ipv4 to ipv6 (for example, SEO). But this ability of the proxy has now become very relevant.
We need to use this loophole until the monkeys from ILV learn and filter IPv6. And how to learn - we will find a new way :-)
yum install -y epel-release
yum install -y iptables-services fail2ban
systemctl stop firewalld
systemctl disable firewalld
systemctl enable iptables
service iptables save
systemctl start iptables
We open in the firewall our port, specified in the config 3proxy
iptables -I INPUT -p tcp -m multiport --dports 4100?42555 -m comment --comment "proxy" -j ACCEPT
service iptables save
The fail2ban /etc/fail2ban/jail.conf configuration rule is
# Find this block and insert ip addresses. This is a white list, which you can not ban
ignoreip = ???.1/???.100.0/???.???.???/31
Immediately after writing JAILS, insert the following
# JAILS
[ssh-iptables]
enabled = true
filter = sshd
action = iptables[name=SSH, port=ssh, protocol=tcp]
logpath = /var /log /secure
maxretry = 3
All. Run
systemctl enable fail2ban
systemctl start fail2ban
Do not forget to disable SELinux.
Conclusion
I have long used 3proxy for various tasks, including for proxy ipv4 to ipv6 (for example, SEO). But this ability of the proxy has now become very relevant.
We need to use this loophole until the monkeys from ILV learn and filter IPv6. And how to learn - we will find a new way :-)