new & important firewall in iran

[hyper]

the new way of blocking vpn(s) in iran is running
all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2 minutes was disconnected :(
and i think no way to using them

just https proxy works but with low speed on port 443 !

[freeiran]

hyper wrote:
> the new way of blocking vpn(s) in iran is running
> all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> minutes was disconnected :(
> and i think no way to using them
>
> just https proxy works but with low speed on port 443 !

hi

my dera friend

you are right, and yhis problem started from 24 hours ago.

i think they stop traffic and knowledege about packet at layer7 and i said it before to soft ether but they said no firewall can find us

http://www.vpnusers.com/viewtopic.php?f=7&t=1282

the reason that htpps works is much of users uses proxifier at https and it has LDAP authentication at ccproxy software.

and on softether we have one authentication and get IP from srver and when our connection stop the route doesnt work

we need to your help softether technical team

thanks

[freeiran]

hyper wrote:
> the new way of blocking vpn(s) in iran is running
> all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2 minutes was disconnected
> :(
> and i think no way to using them
>
> just https proxy works but with low speed on port 443 !
hyper wrote:
> the new way of blocking vpn(s) in iran is running
> all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2 minutes was disconnected
> :(
> and i think no way to using them
>
> just https proxy works but with low speed on port 443 !
hyper wrote:
> the new way of blocking vpn(s) in iran is running
> all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2 minutes was disconnected
> :(
> and i think no way to using them
>
> just https proxy works but with low speed on port 443 !
freeiran wrote:
> hyper wrote:
> > the new way of blocking vpn(s) in iran is running
> > all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> > minutes was disconnected :(
> > and i think no way to using them
> >
> > just https proxy works but with low speed on port 443 !
>
> hi
>
> my dera friend
>
> you are right, and yhis problem started from 24 hours ago.
>
> i think they stop traffic and knowledege about packet at layer7 and i said it before
> to soft ether but they said no firewall can find us
>
> http://www.vpnusers.com/viewtopic.php?f=7&t=1282
>
> the reason that htpps works is much of users uses proxifier at https and it has LDAP
> authentication at ccproxy software.
>
> and on softether we have one authentication and get IP from srver and when our
> connection stop the route doesnt work
>
> we need to your help softether technical team
>
> thanks


i analysed and think more

i think they have a limitaion of sun of kb of packets for files and applications that ARENT usual such as zip or html or exe and .... .

and they have dropping packet for unusal format.

can softether send packets from server to client in a format with application format such az zip file?

thanks

[freeiran]

freeiran wrote:
> hyper wrote:
> > the new way of blocking vpn(s) in iran is running
> > all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> minutes was disconnected
> > :(
> > and i think no way to using them
> >
> > just https proxy works but with low speed on port 443 !
> hyper wrote:
> > the new way of blocking vpn(s) in iran is running
> > all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> minutes was disconnected
> > :(
> > and i think no way to using them
> >
> > just https proxy works but with low speed on port 443 !
> hyper wrote:
> > the new way of blocking vpn(s) in iran is running
> > all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> minutes was disconnected
> > :(
> > and i think no way to using them
> >
> > just https proxy works but with low speed on port 443 !
> freeiran wrote:
> > hyper wrote:
> > > the new way of blocking vpn(s) in iran is running
> > > all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> > > minutes was disconnected :(
> > > and i think no way to using them
> > >
> > > just https proxy works but with low speed on port 443 !
> >
> > hi
> >
> > my dera friend
> >
> > you are right, and yhis problem started from 24 hours ago.
> >
> > i think they stop traffic and knowledege about packet at layer7 and i said it
> before
> > to soft ether but they said no firewall can find us
> >
> > http://www.vpnusers.com/viewtopic.php?f=7&t=1282
> >
> > the reason that htpps works is much of users uses proxifier at https and it has
> LDAP
> > authentication at ccproxy software.
> >
> > and on softether we have one authentication and get IP from srver and when our
> > connection stop the route doesnt work
> >
> > we need to your help softether technical team
> >
> > thanks
>
>
> i analysed and think more
>
> i think they have a limitaion of sun of kb of packets for files and applications that
> ARENT usual such as zip or html or exe and .... .
>
> and they have dropping packet for unusal format.
>
> can softether send packets from server to client in a format with application format
> such az zip file?
>
> thanks

there is one way that solve this problem permanently

please give us an option on softethet that can specify a time to disconnect and reconnect the vpn connction. ( for example ever 60 seconds, )

does it possible?

it is realy urgent

thanks

[iman]

This option is available but I've tested it , NOT work unfortunately!!!!
You can test it also and please let us to know if it work in your server.
It is available in Properties, Advanced settings, Lifetime ..... Sec.
You can set the time of expiring every sessions.
But I'm nearly sure this kind of firewall check also destination IP. So the above option not work.

[freeiran]

iman wrote:
> This option is available but I've tested it , NOT work unfortunately!!!!
> You can test it also and please let us to know if it work in your server.
> It is available in Properties, Advanced settings, Lifetime ..... Sec.
> You can set the time of expiring every sessions.
> But I'm nearly sure this kind of firewall check also destination IP. So the
> above option not work.

i saw that, we need an a service that phisycaly disconnet connection on that period and then reconnect

[freeiran]

freeiran wrote:
> iman wrote:
> > This option is available but I've tested it , NOT work unfortunately!!!!
> > You can test it also and please let us to know if it work in your server.
> > It is available in Properties, Advanced settings, Lifetime ..... Sec.
> > You can set the time of expiring every sessions.
> > But I'm nearly sure this kind of firewall check also destination IP. So the
> > above option not work.
>
> i saw that, we need an a service that phisycaly disconnet connection on that period
> and then reconnect

also my friend wrote such as this batch file for putty.exe that kill that and then start and connection will be renew but softether isnt exe file and should disconnect and reconnect

[iman]

> also my friend wrote such as this batch file for putty.exe that kill that and then
> start and connection will be renew but softether isnt exe file and should disconnect
> and reconnect

I have exactly this problem with connection by putty. Can you help me by saying to me the index of your batch file which disconnect and reconnect again putty session after a specific period?

[freeiran]

iman wrote:
> > also my friend wrote such as this batch file for putty.exe that kill that and
> then
> > start and connection will be renew but softether isnt exe file and should
> disconnect
> > and reconnect
>
> I have exactly this problem with connection by putty. Can you help me by saying to me
> the index of your batch file which disconnect and reconnect again putty session after
> a specific period?

[freeiran]

freeiran wrote:
> iman wrote:
> > > also my friend wrote such as this batch file for putty.exe that kill that
> and
> > then
> > > start and connection will be renew but softether isnt exe file and should
> > disconnect
> > > and reconnect
> >
> > I have exactly this problem with connection by putty. Can you help me by saying
> to me
> > the index of your batch file which disconnect and reconnect again putty session
> after
> > a specific period?

hi

i sent you file the forum doesnt let send .rar so i changed to .txt , please after download change to .rar

thanks

[iman]

Thank you so much but honestly I couldn't edit config.bat in proper way and so it doesn't work. Only for confirmation by you , I should only edit config.bat?? and what's the profile in this file exactly.? can you explain that please?

[itachi]

I have the same problem from Iran! you know what's funny!? after successful connection to one of softEhter VPN if I type fb.com URL in browser, the firewall send me back peyvandha page which indicates that the firewall could identify my destination even though through the VPN.

[itachi]

After successful connection establishment with one of vpngate servers if I type inside the browser facebook.com and press enter, my destination identifies by Iran's firewall then blockage warning shows up in my browser. but with Https version of Facebook there is no problem! I tested this issue many times. how Iran could identify my destination through the VPN!? is SoftEther's packet identifiable when I going to open Facebook website?

[LyWashberg]

itachi wrote:
> How Iran could identify my destination through the VPN!? is
> SoftEther's packet identifiable when I going to open Facebook website?

itachi,
Once are connected to SoftEther, all your traffic hidden from the Iranian government. The only way they could send you a warning like that is if you are using an Iranian DNS to lookup facebooks's IP.

You can verify you DNS is not leaking by going to:
http://www.dnsleaktest.com/

I suggest you use Google DNS:
8.8.8.8
8.8.4.4

or OpenDNS:
208.67.222.222
208.67.220.220

as your DNS servers

[itachi]

LyWashberg wrote:
> itachi wrote:
> > How Iran could identify my destination through the VPN!? is
> > SoftEther's packet identifiable when I going to open Facebook website?
>
> itachi,
> Once are connected to SoftEther, all your traffic hidden from the Iranian government.
> The only way they could send you a warning like that is if you are using an Iranian
> DNS to lookup facebooks's IP.
>
> You can verify you DNS is not leaking by going to:
> http://www.dnsleaktest.com/
>
> I suggest you use Google DNS:
> 8.8.8.8
> 8.8.4.4
>
> or OpenDNS:
> 208.67.222.222
> 208.67.220.220
>
> as your DNS servers
Thank you LyWashberg,
the problem is gone before I change the DNS!

[mori]

hyper wrote:
> the new way of blocking vpn(s) in iran is running
> all of vpn protocols (l2tp - pptp - kerio & softether &...) every 2
> minutes was disconnected :(
> and i think no way to using them
>
> just https proxy works but with low speed on port 443 !

Hi Hyper,

I see that you've suggested 'https proxy' is working with low speed. Can I ask you a question in this regard?
Is 'https proxy' only usable for surfing (IE, Chrome ...) or it can be used for applications (email clients, skype ...) as well?

Thanks,
Mori

[itachi]

mori wrote:
> hyper wrote:

> > just https proxy works but with low speed on port 443 !

> Hi Hyper,

> > Is 'https proxy' only usable for surfing (IE, Chrome ...) or it can be used for
> applications (email clients, skype ...) as well?
>

Hi, web based https proxy could not be used for skype. you should use tunnel software. please use this one: toonel.net which still works.
but as an alternative you can use team viewer for voice or video chat. that toy has very good quality plus you can directly connect.

[mori]

itachi wrote:

> Hi, web based https proxy could not be used for skype. you should use tunnel
> software. please use this one: toonel.net which still works.
> but as an alternative you can use team viewer for voice or video chat. that toy has
> very good quality plus you can directly connect.

Hi Itachi !

Many many thanks for the input. Really appreciate it.

Cheers,
Mori