Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Please help How I do block ISP send me TCPflag rst connection reset

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    17 Posts 5 Posters 5.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmb
      last edited by

      If you're truly tunneling all your traffic out via a VPN to a country that doesn't employ such filtering, it's impossible for your country to accomplish any kind of content filtering or inspection on your traffic.

      1 Reply Last reply Reply Quote 0
      • Y
        yon
        last edited by

        @cmb:

        If you're truly tunneling all your traffic out via a VPN to a country that doesn't employ such filtering, it's impossible for your country to accomplish any kind of content filtering or inspection on your traffic.

        I discuss with other people really some ways VPN failure.

        If you are interested in free peering for clearnet and dn42,contact me !

        1 Reply Last reply Reply Quote 0
        • R
          raclure
          last edited by

          As mentioned in a previous post, the best way around this is by using VPN. The VPN server has to be located in another country. Be sure to redirect all the traffic through the VPN (like the DNS etc.).

          But they could detect that you're using VPN and they could reset/cut the connexion.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            As long as they are allowing out any traffic there will be ways to tunnel through. Clearly that is getting more difficult though.

            Steve

            1 Reply Last reply Reply Quote 0
            • Y
              yon
              last edited by

              this is visit xijie.wordpress.com, use Wireshark tool get this:

              20121116004234.jpg
              20121116004234.jpg_thumb

              If you are interested in free peering for clearnet and dn42,contact me !

              1 Reply Last reply Reply Quote 0
              • Y
                yon
                last edited by

                ..

                20121116004208.jpg
                20121116004208.jpg_thumb

                If you are interested in free peering for clearnet and dn42,contact me !

                1 Reply Last reply Reply Quote 0
                • Y
                  yon
                  last edited by

                  ..

                  20121116004132.jpg
                  20121116004132.jpg_thumb

                  If you are interested in free peering for clearnet and dn42,contact me !

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    Yes, they're RSTing your connection. But again, that's not what blocks it, that's just the great firewall being nice and letting the client know they've killed their connection. The RST gets through PF because it's a legit part of an established connection. Short of hacking the kernel source and breaking normal functionality required for a properly functioning network, you can't do anything about it. Besides, blocking it would accomplish nothing but leave your client hanging, not realizing the connection is dead. The connection won't magically start working because you're ignoring the RST.

                    1 Reply Last reply Reply Quote 0
                    • Y
                      yon
                      last edited by

                      I want to find a solution. the great firewall not block ip for some sites, it is should find block keyword domain address. like wordpress.com.

                      Because I have use DNS64/NAT64 system point Virtual IPv6 address or use other country proxy server,and use  PPTP VPN still be reset connect. just use ip address still open destination web server.

                      So I think maybe has an Method hide destination domain address.

                      If you are interested in free peering for clearnet and dn42,contact me !

                      1 Reply Last reply Reply Quote 0
                      • Y
                        yon
                        last edited by

                        find some news about this.  I hope PF Increased encryption capabilities within the network.

                        https://www.schneier.com/blog/archives/2012/12/china_now_block.html

                        If you are interested in free peering for clearnet and dn42,contact me !

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.