Siavash Sameni siavash.sameni at
Mon Jan 2 18:42:07 CET 2012

Hey everyone ,
I'm using tinc from iran , and i've been using tinc with tcponly for a few
years now , to bypass the filtering , and have access to the free internet
, but recently , our government started to apply some sort of exotic
filtering scheme , they've completely blocked outgoing and incoming ssh
requests , and ssl encrypted packets , and the only thing allowed is https
!! , which gives you full speed (like 200K/s ) for trusted websites lets
say gmail , and around 3-7 KB/s , for non trusted websites , let's say CIA
website .
the only vpn that somehow works at the moment is IP-IP tunnel , which
doesn't have no encryption , and thus , for instance ssh , inside of the ip
ip tunnel doesn't work .
at the moment tinc , still works , but as soon as there is some traffic on
the tunnel (more than 1KB/s ) it starts to behave weird, and for instance ,
ssh over it will have hiccups .
my idea is right now this , maybe there is a way to mark packets as
something known (read it http or ftp) for the layer 7 packet analyzer on
the way , so it'd give full bandwidth , and doesn't drop the connection .
because in the past we had sort of the same situation , they've limited the
connection speed of SSH , but if we used an LSH client (which had a
different signature) the problem was not existence no more , the
performance was great .
or maybe if i can change the cipher , or the encryption algorithm , it'd be
perfect .
for my line of work , not being able to use ssh , mean that , i cannot
possibly work ,
at the moment , i have three ways to do ssh ,
1. shell in a box .
2. tinc with the performance of few hundred bytes a second
3. vpnc in an ipip tunnel !!! with variable performance .
anyhelp would be appreciated .
sorry for that it's not really related to tinc itself , but if tinc could
be used , i'd appreciate it the most :)
thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the tinc mailing list