Install Zapret
Install Zapret to bypass DPI barriers.
1. Update Hosts content
If you have changed the hostname before, it may not have been updated in /etc/hosts. Correct this to avoid problems during installation.
# Specify the current hostname in /etc/hosts
sudo sh -c "echo \"127.0.0.1 $(hostname)\" >> /etc/hosts"2. Install required tools
Required tools for installation.
# FreeBSD, DragonFlyBSD, TrueNAS, MidnightBSD, GhostBSD (pkg)
sudo pkg install -y curl bind-tools unzip unbound
# NetBSD (pkgsrc)
sudo pkgin install curl unzip bind unbound
# OpenBSD (pkgsrc)
sudo pkg_add curl unzip bind unbound
# Others bsd's can install from their package managers, source or cargo (rust implement, not recommended).3. Change DNS rules
Zapret only bypasses dpi, its not going to add dns for yourself. Get cool and add a dns over tls with unbound :3 Be sure pf rules flushed and firewall state is open. Im gonna use cloudflare's dns for myself... so u can use any dns what is suitable for yourself (eg yandex dns if youre in russia)
# Before ipfw fucks your internet, you need configure your firewall state to open before enabling
sudo sysrc firewall_type="open"
sudo sysrc firewall_enable="YES"
# Backup your old unbound config and replace it with this (or if you advanced merge it)
sudo cp /usr/local/etc/unbound/unbound.conf /usr/local/etc/unbound/unbound.conf.bak
sudo tee /usr/local/etc/unbound/unbound.conf > /dev/null <<'EOF'
server:
interface: 127.0.0.1
do-ip4: yes
do-ip6: no
do-udp: yes
do-tcp: yes
qname-minimisation: no
forward-zone:
name: "."
forward-tls-upstream: yes
forward-addr: 1.1.1.1@853
forward-addr: 1.0.0.1@853
EOF
# Enable and start unbound
sudo service enable unbound
sudo service start unbound
# add 127.0.0.1 on your resolv.conf and lock
sudo mv /etc/resolv.conf /etc/resolv.conf.bak
echo "nameserver 127.0.0.1" | sudo tee /etc/resolv.conf
sudo chflags schg /etc/resolv.conf4. Download Zapret
Download the compiled zip file as release on GitHub.
# Go to /usr/local and become root
cd /usr/local
# Download the compiled zip file from GitHub
git clone https://github.com/bol-van/zapret.git5. Prepare for installation
build and prepare to perform installation.
# so you need build binaries
cd /usr/local/zapret
make
# and link the binaries
./install_bin.sh7. Do Blockcheck
Find the DPI methods implemented by the ISP.
# Run the test
/usr/local/zapret/blockcheck.shHere are the answers you need to give to the questions you may encounter during this time.
specify domain(s) to test. multiple domains are space separated.
domain(s) (default: rutracker.org) : 🟥 [ENTER A WEBSITE DOMAIN NAME BLOCKED IN YOUR COUNTRY HERE - EXAMPLE: discord.com] 🟥ip protocol version(s) - 4, 6 or 46 for both (default: 4) : 🟩 [LEAVE THIS QUESTION BLANK] 🟩check http (default : Y) (Y/N) ? 🟩 [LEAVE THIS QUESTION BLANK] 🟩check https tls 1.2 (default : Y) (Y/N) ? 🟩 [LEAVE THIS QUESTION BLANK] 🟩check https tls 1.3 (default : N) (Y/N) ? 🟩 [LEAVE THIS QUESTION BLANK] 🟩how many times to repeat each test (default: 1) : 🟩 [LEAVE THIS QUESTION BLANK] 🟩quick - scan as fast as possible to reveal any working strategy
standard - do investigation what works on your DPI
force - scan maximum despite of result
1 : quick
2 : standard
3 : force
your choice (default : standard) : 🟩 [LEAVE THIS QUESTION BLANK] 🟩Wait for the test to finish. This may take a few minutes.
After the process is finished, the test results will appear.
Copy the latest setting from these results. Example:
ipv4 discord.com curl_test_https_tls12 : dvtws --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=-5 --dpi-desync-split-pos=1
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
MAKE A NOTE FOR ITThis is an example settings for DVTWS. It may be different for each person. Make a note of it.
--dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=-5 --dpi-desync-split-pos=18. Install Zapret
We can start installing Zapret. Also there's dvtws implement for nfqws because bsd systems doesnt use network filter libs.
# add this ipfw rule for dvtws
sudo sh -c 'echo "ipfw add 100 divert 60000 ip from any to any" > /etc/ipfw.rules'
sudo sysrc firewall_script="/etc/ipfw.rules"
# first lets find out which init system the system is using
sudo ps -p 1 -o comm=
# if runit continue from here
# else jump to 8.28.1 Zapret service on Runit BSD Systems
mkdir -p /usr/local/etc/sv/nfqws
mkdir /usr/local/etc/sv/nfqws/log
cat > /usr/local/etc/sv/nfqws/run << 'EOF'
#!/bin/sh
exec /usr/local/zapret/binaries/my/dvtws \
--port=60000 \
--dpi-desync=fakeddisorder \
--dpi-desync-ttl=1 \
--dpi-desync-autottl=-5 \
--dpi-desync-split-pos=1
EOF
chmod +x /usr/local/etc/sv/nfqws/run
cat > /usr/local/etc/sv/nfqws/log/run << 'EOF'
#!/bin/sh
exec svlogd -tt /var/log/nfqws
EOF
chmod +x /usr/local/etc/sv/nfqws/log/run
ln -s /usr/local/etc/sv/nfqws /usr/local/etc/runit/runsvdir/default/8.2 Zapret service on rc.d BSD Systems
cat > /usr/local/etc/rc.d/nfqws << 'EOF'
#!/bin/sh
# PROVIDE: nfqws
# REQUIRE: NETWORKING
# KEYWORD: shutdown
. /etc/rc.subr
name="nfqws"
rcvar="${name}_enable"
command="/usr/local/zapret/binaries/my/dvtws"
command_args="--port=60000 --dpi-desync=fakeddisorder --dpi-desync-ttl=1 --dpi-desync-autottl=-5 --dpi-desync-split-pos=1"
load_rc_config $name
run_rc_command "$1"
EOF
chmod +x /usr/local/etc/rc.d/nfqws
service nfqws enable
service nfqws startTIP: Uninstall Zapret
If you ever regain your freedom, you can undo all of these actions in the following way.
# Unlock resolve.conf and replace it with backup one
sudo chflags noschg /etc/resolv.conf
sudo mv /etc/resolv.conf.bak /etc/resolv.conf
# Uninstall Zapret
sudo rm -rf /usr/local/zapret
# Disable services
# For rc.d
sudo sysrc nfqws_enable="NO"
sudo service nfqws stop
# For runit
sudo rm /usr/local/etc/runit/runsvdir/default/nfqws
sudo sv stop nfqwsTIP: Remove DNS settings
If you want to remove the DNS settings, you can do the following.
# disable unbound
sudo sysrc unbound_enable="NO"
sudo service unbount stop
# disable firewall
sudo sysrc firewall_enable="NO"Last updated