This method may or may not work depending on what DPI technologies your ISP uses.
Tested on Arch Linux.
Make sure you have nftables and yandex-browser-beta installed. Download files from this gist, then run:
# These commands need to be run as root (or with sudo).
groupadd dpi-bypass
usermod -aG dpi-bypass "$USER"
nft -f dpi-bypass.rules
# Run these as your regular user.
sed -i "s|\$HOME|$HOME|" yandex-browser-dpi-bypass.desktop
cp yandex-browser-dpi-bypass.desktop ~/.local/share/applications/
Once everything works fine, choose any method to automatically load nft rules on startup (e. g. put them into /etc/nftables.conf
and enable the nftables
service). You may also want to change icon in yandex-browser-dpi-bypass.desktop
to anything you like.
This will launch a separate instance of yandex-browser under the special group dpi-bypass
. The nftables firewall will then fragment every request made by this program. Hopefully, DPI will be fooled. To use it with any other program, just run it with sudo -g dpi-bypass <program>
.
Note: this doesn't circumvent DNS poisonong and IP blockings.
https://habr.com/ru/post/335436/
https://github.com/bol-van/zapret