So, for privacy and security reasons, I use a VPN. This is normally Mullvad (with DAITA and quantum resistance enabled), but I have ProtonVPN, Windscribe, and Orbot handy in case something doesn't work.
However, lately I've noticed my connections being blocked. This is across three different ISPs: Sky, Virgin, and Wifinity. I have tried all three VPNs and Orbot, and I have tried several protocols (WireGuard, OpenVPN, IKEv2, Stealth, and of course SOCKS5) to no avail.
The logical solution would be to use a bridge in Orbot, but the button seems to have been removed. Also, by using Orbot, I will not be protected by my DNS.
I am currently using iOS, but my other machines run Linux and I will be getting a GrapheneOS phone in the near future.
AFAIK the IPs used by VPN providers are getting flagged and blocked by certain sites in an attempt to force you off of the VPN so they can suck up your data. I'm sure there are other reasons too.
VPN failing to connect. Stealth mode didn't work, as described above. I'm in the UK.
Another user provided a working solution:
@hellfire103 I bet it's the DAITA on your Mullvad, choose MultiHop instead with Wireguard, quantum resist. and obfuscation . Then use a Linux set from boot SOCKS5 as you desire. I hope it helps.
However, alternative solutions would be appreciated.
Other than DAITA, Quantum resistance may also be a problem. From experience, the key exchange needs near-perfect connection, otherwise it keeps failing.
This is further made into a problem by Android's private DNS handling. If it times out for long enough (seems like 10 seconds), then even after Mullvad finally connects, the DNS won't work.
Blocked as in sites reject traffic, or blocked as in can't connect to the VPN?
The former is on the far end and not uncommon. A lot of sites reject connections from known VPN endpoints because the same tunnels that provide privacy to you also provide privacy to attackers quit often. You just need to decide if the site is important enough to use without a cover.
If it's the latter, that would be a near end issue and would likely be your ISP or someone nearby that is looking to control your traffic.
Fortunately, another user provided a working solution:
@hellfire103 I bet it's the DAITA on your Mullvad, choose MultiHop instead with Wireguard, quantum resist. and obfuscation . Then use a Linux set from boot SOCKS5 as you desire. I hope it helps.
However, alternative solutions would be appreciated.
I am looking into obfuscation methods used in China now, like v2ray/VLESS/XRay. Maybe this would be the direction you'd want to go. I'd start with a good comparison article.
Orbot supports bridges, but not all of them. What's worse, the one type they lack is webtunnel, which would've likely helped (although, there's this fork). The option configure 'em was moved into the connection dialog.
Omg same. In my case I use random open servers with xray. Usually servers located in France and Germany are blocked, but servers with Chinese info on them still work (not located in china, just description and title contains Chinese).