hello,
TLDR: just enable DoH
Today, my friend and I were talking about SNI and deep packet analysis shit done by the government. I insisted that since they do this kind of shit they can block access to certain sites like TPB and other freedom websites. he suggested that I just enable DoH in firefox and see the magic happen. I didn’t believe him until I enabled DoH and magic. I can access every censored website.
so just saying that sometimes the bypass is much simpler than we think!
also I am thinking that even if the DNS request is encrypted cant they see the TLS client hello message and block it? or is it impossible?
Another poster said there’s lots of ways to get past doh/dot and they’re right. The goal is to run your ech packet safely to your dns server. To that end, make your vpn server connection first then ask for ech from your trusted doh/dot server.
If you’re dealing with dpi you gotta fuck up your packets a bunch to get them through. It makes things slow.
A good way to avoid dpi is to just not deal with it. Often dpi systems are at border crossing points so if you connect to your trusted vpn endpoint inside the borders of the place you’re trying to obfuscate from you can make it out to a dot or doh.