Bahasa / Languages:

Indonesia English

BEBASID LOGO BEBASID LOGO

"Refuse to be blocked, Agree to blocking.

Because Kominfo blocking, let's unblock!"

DISCLAIMER:
Kominfudge is not responsible for any damages caused to your device, do with your own risk.


Community Server:
Discord
Join BEBASID Discord Join BEBASID Telegram Group
Join WhatsApp
Join BEBASID WhatsApp Group


Donate Us:
BebasID Trakteer Donation BebasID Saweria Donation
BebasID Trakteer Donation BebasID Saweria Donation

--- ### Navigation - [Top Choices](#top-choices) - [Choosing less-strict ISP](#choosing-less-strict-isp) - [Effort level to unblock with DPI](#effort-level-to-unblock-with-dpi) - [Choosing the right DNS](#choosing-the-right-dns) - [DNS Applications](#dns-applications) - [How to change DNS](#how-to-change-dns) - [Applications to eliminate DPI](#applications-to-eliminate-dpi) - [Trick to bypass DPI without application](#trick-to-bypass-dpi-without-application) - [Trick to bypass DPI using router](#trick-to-bypass-dpi-using-router) - [List of hosts file](#list-of-hosts-file) - [How to unblock using hosts file](#how-to-unblock-using-hosts-file) - [Choosing secure VPN](#choosing-secure-vpn) - [VPN for Advanced Users](#vpn-for-advanced-users) - [Tor Applications](#tor-applications) --- This project would not exist without your [contributions](/kredit.en.md). *Oh, if you want to contribute, take a look [at this first](/CONTRIBUTING.en.md).* ## Top Choices[🔝](#navigation) DNS: [1.1.1.1](https://1.1.1.1) Most intuitive DNS resolver and easy to use. DPI: [PowerTunnel](https://github.com/krlvm/PowerTunnel) Intuitive and Open Source. Filehost: [bebasid](https://bebasid.com) Host file with a lot of content. VPN: [ProtonVPN](https://protonvpn.com) Free and secure. ## Choosing less-STRICT ISP[🔝](#navigation) ISP is your Internet provider, this list will helps you understand more about how Indonesian ISPs [blocking](/sssssssssssssssssssssssssssssssssss.md). ### IP Transit To determine what Transit IP that your ISP is using, you can check on https://bgp.tools or https://bgp.he.net
ISP that using these upstreams will not be able to change DNS in usual way due to port 53 redirection to each Transit IP provider DNS resolvers following the National DNS that unveiled during IDNOG 2022.
| ASN | Name | Blocking using DNS | Note | Example of affected ISP | | :---: | :---: | :---: | :---: | :---: | | - | - | - | - | - | If your ISP does not comply with National DNS regulation but uses Transit IP as shown above, you will experience the same blocking and must use encrypted DNS.
Or you can use DNS that is not routed towards those Transit IPs if available.
This IP transit redirects several popular DNS resolvers so you must use less popular DNS resolvers. | ASN | Name | Blocking using DNS | Blocked DNS | Note | Example of affected ISP | | :---: | :---: | :---: | :---: | :---: | :---: | | [AS4800](https://bgp.tools/as/4800) | PT Aplikanusa Lintasarta| [Yes](https://github.com/bebasid/KominFudge/assets/115700386/91cf9077-fb59-4116-81fa-97ff4feda561) | All DNS that routed towards Lintasarta Transit IP AS4800 | [Proof of Redirection](https://github.com/bebasid/KominFudge/assets/115700386/91cf9077-fb59-4116-81fa-97ff4feda561) | Trisula, Netciti | | [AS55685](https://bgp.tools/as/55685) | PT Jala Lintas Media | [Yes](https://cdn.bebasid.com/KominFudge/jlm-dnsn.png) | Cloudflare 1.1.1.1, Google, OpenDNS | [Proof of Redirection](https://cdn.bebasid.com/KominFudge/jlm-dnsn-bukti.png) | PT Hyperindo Media Perkasa | | [AS23947](https://bgp.tools/as/23947) | PT Mora Telematika Indonesia | [Yes](https://github.com/bebasid/KominFudge/assets/115700386/d435da85-2582-46a5-8ade-61eb143554af) | Quad9 | Redirecting Quad9 at Transit IP level as can be seen at [traceroute result.](https://github.com/bebasid/KominFudge/assets/115700386/cd5fce78-20fd-4e0b-ba79-cc50adab4ad3) | PT Queen Network Indonesia | If your ISP does not comply with National DNS regulation but uses Transit IP as shown above, you will experience the same blocking and must use encrypted DNS.
Or you can use DNS that is not routed towards those Transit IPs if available.
For ISPs that using these upstream providers, you must use WARP/VPN, GoodbyeDPI, or GreenTunnel/PowerTunnel. | ASN | Name | Blocking using DPI | Note | Example of affected ISP | | :---: | :---: | :---: | :---: | :---: | | [AS7713](https://bgp.tools/as/7713) | PT Telkom Indonesia | [Yes](https://img001.prntscr.com/file/img001/tszSvllaRfe6S6K5TRLrmg.png) | State-owned, so auto-comply | Several Universities and local ISP that use upstream AS7713 | | [AS4787](https://bgp.tools/as/4787) | PT Cyberindo Aditama (CBN) | [Yes](https://img001.prntscr.com/file/img001/dP4otLNfSjSFWPU1neVaRg.png) | | | | [AS9341](https://bgp.tools/as/9341) / [AS38757](https://bgp.tools/as/38757) | PT. Indonesia Comnet Plus (ICONNET) | [Yes](https://img001.prntscr.com/file/img001/gP7q6CGxRnaDd-Qb54ZLbA.png) | | | | [AS45735](https://bgp.tools/as/45735) | PT. UNINET MEDIA SAKTI | [Yes](https://cdn.bebasid.com/KominFudge/uninet.png) | [Traceroute Proof](https://cdn.bebasid.com/KominFudge/uninet-traceroute.png) | | | [AS55655](https://bgp.tools/as/55655) | PT Saranainsan Mudaselaras (SIMS/MVNET) | [Yes](https://github.com/bebasid/KominFudge/assets/115700386/ec33b986-84d3-4506-8d1d-83170cf5cba1) | | | | [AS55685](https://bgp.tools/as/55685) | PT Jala Lintas Media | [Yes](https://github.com/bebasid/KominFudge/assets/115700386/fae16197-0d9b-47e7-8d53-22ae800f35a8) | | PC24, Hyperindo Media Perkasa | If your ISP does not use DPI but using those upstreams, you can use an anti DPI tool to bypass
Internet Exchange using DPI middlebox: | Name | Using DPI | Example of affected CDN | Note | | :---: | :---: | :---: | :---: | | - | - | - | - | - | ### VPS Provider (Virtual Private Server) / Cloud Provider VPS providers that implementing DPI within their connection so it is not friendly for tunnelling if you want freedom of internet access.
| ASN | Official Website | Provider | Blocking Using DPI | Sending TCP RST to Server | | :---: | :---: | :---: | :---: | :---: | | - | - | - | - | - | NOTE: VPS providers listed above are providers that proven to use DPI in their network which compromised privacy so it is not recommended if you want to use VPN to open Reddit, Vimeo, etc.
### Fiber ISP **Residential ISP** | Name | Blocking using DNS | Blocking using DPI | Sending TCP RST to server | Note | | :---: | :---: | :---: | :---: | :---: | | Indihome | Yes (International, Local) & IPv6 DNS Injection (Out) | Yes | Yes | Telkom's residential offering. Indihome DPI also sending TCP RST to server | | CBN | Yes (Google, OpenDNS, Cloudflare, Quad9) (Including TCP for those servers) | Yes | No | | Biznet Home | Yes (International, Local) | Yes | Yes | Biznet DPI also sending TCP RST to server | | MyRepublic | Yes (International, Local) | Yes | No | MyRepublic DPI only blocking 18+ sites | | FirstMedia | Yes (International, Local) | Yes | No | | Megavision | Yes (International, Local) | No | ? | Other name: StarNET | | MNC | Yes | Yes/No (Depends on routing) | ? | Affected by DPI from iForte upstream | | Iconnet PLN | Yes | Yes | Yes | Iconnet DPI also sending TCP RST to server. Two-way DPI blocking. Several DNS such as Google, Cisco, Cloudflare are redirected to ICON DNS and others are blocked | | PT Netciti Persada | Yes | No | ? | Blocking DoH, just wow... | | Oxygen | Yes (International) | Yes | No | Other name: Moratelindo
Blocking Google DoH andn DoT
Blocking alt-port DNS 5353 | | Citranet | Yes | Yes/No (Depends on routing) | ? | DPI from Citranet upstream. If routed towards Indosat and some of their upstreams, it will be affected | | Padi Net | Yes (International, Local) | No | ? | | Fiberstream | Yes (International, Local) | No | ? | Residential ISP of G-MEDIA | | Balifiber | Yes | No | ? | | PT Media Cepat Indonesia | Yes (International, Local) | No | ? | | Melsa | Yes (International, Local) | No | ? | Google DNS should be safe | | Circle One | Yes | No | ? | | | WINET (PT Wahyu Aditama Network) | Yes (International, Local) | Depends on routing | ? | Affected by DPI from BIX | | MyNet | Yes | Depends on routing | ? | Affected by DPI from BIX | | Bnetfit | Yes | Yes | No | Owned by PT Jala Lintas Media | | Marvatel | Yes | No | No | | | NusaNet | Yes (Google. Quad9, OpenDNS, Cloudflare) | Yes/No (Depends on routing) | | Affected by DPI from Indosat upstream | | XL Home | Yes (International) | Yes | Probably No (?) | XL Home blocking overseas DNS, local DNS should be safe | | PT Wifiku Indonesia | Yes | Yes (Affected by PT Saranainsan Mudaselaras) | - | [Affected by DPI from SIMS](https://explorer.ooni.org/m/20240216083434.045341_ID_webconnectivity_bb1e9b43c363469e) | | VIBERLINK | Yes | No | | | | Tri Data Raya Internet | Yes | No | | | **Corporate ISP** | Name | Blocking using DNS | Blocking using DPI | Sending TCP RST to server | Note | | :---: | :---: | :---: | :---: | :---: | | Astinet | Yes (DNS Injection for International DNS via Transparent Proxy) | Yes | ? | Telkom's corporate offering. Overseas DNS is redirected first to Telkom proxy within TELIN so ACL whitelist for overseas DNS will not work because during query, the query will be read as IP address of Telkom proxy not own IP address. This is very disruptive for corporate users that have overseas server or using custom filtering server such as NextDNS, ControlD, OpenDNS, etc | | Linknet | Yes | No | No | FirstMedia's corporate offering | | Lintasarta | Yes (International, Local) | No | No | Implementing National DNS | | Biznet Metronet | Yes (International) | Yes | Yes | aka Biznet Dedicated | | PT Metrasat | Yes | Yes | ? | | PT Pasifik Satelit Nusantara | Yes | No | ? | | PT Artha Telekomindo | Yes | No | ? | | PT Hawk Teknologi Solusi | Yes | No | ? | | PT Jaringanku Sarana Nusantara | Yes (Out, Local) | No | ? | Other name: JSN | | PT. Infotama Lintas Global | Yes (Out, Local) | No | ? | | PT Remala Abadi | Yes | No | No | Other name: Tachyon | | PT iForte Global internet | Yes | Yes | No | | | PT Cipta Informatika Cemeriang | Yes | No | ? | | PT Lexa Net | Yes | No | ? | Other name: PT Lexa Global Akses | | PT Media Sarana Data | Yes (Out, Local) | No | ? | Other name: G-MEDIA | | PT Artorius Telemetri Sentosa | Yes | No | ? | | D-NET | Yes (Google, OpenDNS, Cloudflare, Quad9) (Including TCP for those servers) | No | ? | Other name: PT Core Mediatech
Only redirecting Google, Cloudflare, and Quad9 DNS | | PT Sumber Koneksi Indotelematika | Yes | No | ? | | ProNET | Yes | Yes/No (Depends on routing) | Yes | Other name: PT Trisari Data Indonesia
Several Public DNS resolvers like Cloudflare, Alibaba DNS, and several Indonesian DNS resolvers are blocked. | | PT Media Jaringan Telekomunikasi | Yes | No | ? | | PT Sekawan Global Komunika | Yes | No | ? | | PT INFORMASI NUSANTARA TEKNOLOGI | Yes | No | ? | | Orion Cyber Internet | Yes | No | ? | Popular DNS resolvers like Cloudflare, Google, Quad9, Level3, etc are redirected to ISP server | | PT AGTI | Yes (Out, Local) | No | ? | Other name: PT. Arjuna Global Teknologi Indonesia | | PT Parsaoran Global Datatrans | Yes | No | - | Other name: HSP NET | | PT Fiber Networks Indonesia | Yes (Out, Local) | No | ? | Other name: FIBERNET | | PT Power Telecom Indonesia | Yes | Yes | ? | DPI does not blocking Vimeo | | PT Solnet Indonesia | Yes | No | ? | | | PT Data Utama Dinamika | Yes | Yes | Yes | Affected by Lintasarta | | PT BIT TEKNOLOGI NUSANTARA | Yes | Yes | ? | [Affected by iForte](https://media.discordapp.net/attachments/709386084894900236/1112694319992807454/image.png) | | PT Hyperindo Media Perkasa | Yes | Yes | ? | [Affected by PT Jala Lintas Media](https://prnt.sc/CIOWaL3q56Eh) | | PT Hipernet Indodata | Yes (Cloudflare, Google, Quad9, OpenDNS, Level3, along with the TCP 53) | No | | | | PT PC24 Telekomunikasi Indonesia | Yes | Yes | [Yes, Telkom DPI is strong](https://github.com/bebasid/KominFudge/assets/115700386/7582353b-7254-4c23-ba5a-267ac77a73d3) | [Probably affected by Telkom and JLM. Blocking traceroute](https://github.com/bebasid/KominFudge/assets/115700386/34096f0c-4a94-45fd-93cf-f22ddfb4ec6d) | | ### Mobile ISP | Name | Blocking using DNS | Blocking using DPI | Sending TCP RST to server | Note | | :---: | :---: | :---: | :---: | :---: | | Telkomsel / By.U / KartuHalo | Yes (International, Local, TCP) | Yes | Yes | Telkomsel DPI also sending TCP RST to server | | XL / Axis / Live On | Yes (International, Local, TCP) | Yes | Yes | XL DPI also sending TCP RST to server | | 3 | Yes (Google, OpenDNS) | Yes | Yes | Three hijacks Google and OpenDNS servers and redirect them to its resolver | | Indosat | Yes (Google, OpenDNS) | Yes | No, but throttling connection to blocked sites if Host/SNI header is detected | Starting on 4-5 October 2023, Indosat hijacks Google and OpenDNS servers and redirect them to its resolver | Smartfren | Yes (International, Local, TCP) | Yes | No | Blocking Google DoH/DoT | ### Effort level to unblock with DPI How much effort needed to unblock with DPI per-ISP | Name | Effort | Bypass MikroTik & IPTables | | :---: | :---: | :---: | | Telkomsel / By.U / Kartu Halo | High | Not Possible | | Indihome | High | Not Possible | | XL / Axis / Live On | High | Not Possible | | Iconnet | High | Not Possible | | Indosat | Medium | Not Possible (IM3) & Possible (Hi-Fi, Transit IP) | | FirstMedia | Medium | Not Possible (HTTP) & Possible (HTTPS) | | PT iForte Global internet | Medium | Possible | | CBN | Medium | Possible | | Smartfren | Medium | Possible | | 3 | Low | Possible | | PT UNINET MEDIA SAKTI | Low | Possible | | PT SaranaInsan Mudaselaras (SIMS) | Low | Possible | **THIS DATA IS NOT COMPLETE, IF YOU WANT TO ADD MORE, PLEASE GIVE FURTHER INFORMATION** Take this with a grain of salt, all ISPs will change their blocking method without notice. ## Choosing the right DNS[🔝](#navigation) DNS, a simple way for kominfo to block, but DNS can be [changed!](#how-to-change-dns). This is a list of DNS resolvers that can be used instead of blocking resolvers of *Kominfo*. | Name | Note | IPv4 | IPv4 2 | Alternative Port | IPv6 | IPv6 2 | DoH | DoT | | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | :---: | | BebasDNS | Bebasid's own DNS resolver, blocking ad, malware, and also there is family variant | `103.87.68.194` | ~~`35.219.67.150`~~ | `53` & `1753` | `2a06:9f44:f3e0:beba:51d::53` | ~~`2600:1901:8170:268::`~~ | `https://dns.bebasid.com/dns-query` | `tls://dns.bebasid.com` | | Cloudflare DNS | - | `1.1.1.1` | `1.0.0.1` | - | `2606:4700:4700::1111` | `2606:4700:4700::1001` | `cloudflare-dns.com/dns-query` | `1dot1dot1dot1.cloudflare-dns.com` | | Cloudflare Secure DNS | Blocking malware | `1.1.1.2` | `1.0.0.2` | - | `2606:4700:4700::1112` | `2606:4700:4700::1002` | `security.cloudflare-dns.com/dns-query` | `security.cloudflare-dns.com` | | Cloudflare Family DNS | Blocking malware & adult sites | `1.1.1.3` | `1.0.0.3` | - | `2606:4700:4700::1113` | `2606:4700:4700::1003` | `family.cloudflare-dns.com/dns-query` | `family.cloudflare-dns.com` | | Google DNS | - | `8.8.8.8` | `8.8.4.4` | - | `2001:4860:4860::8888` | `2001:4860:4860::8844` | `dns.google/dns-query` | `dns.google` | | OpenDNS | - | `208.67.222.222` | `208.67.220.220` | `5353, 443` | ` 2620:119:35::35` | `2620:119:53::53` | `doh.opendns.com/dns-query` | - | | OpenDNS Familyshield | Blocking adult sites | `208.67.222.123` | `208.67.220.123` | `5353, 443` | - | - | `doh.familyshield.opendns.com/dns-query` | - | | Quad9 Secured | Blocking malware | `9.9.9.9` | `149.112.112.112` | `9953` | `2620:fe::fe` | `2620:fe::9` | `dns.quad9.net/dns-query` | `tls://dns.quad9.net` | | Quad9 Secured with ECS | Blocking malware, supporting ECS | `9.9.9.11` | `149.112.112.11` | `9953` | `2620:fe::11` | `2620:fe::fe::11` | `dns11.quad9.net/dns-query` | `tls://dns11.quad9.net` | | Quad9 Unsecured | Alternative DNS resolvers from Quad9 that does not block malware | `9.9.9.10` | `149.112.112.10` | `9953` | `2620:fe::10` | `2620:fe::fe:10` | `dns10.quad9.net/dns-query` | `tls://dns10.quad9.net` | | Quad9 Unsecured ECS | Alternative DNS resolvers from Quad9 that does not block malware, supporting ECS | `9.9.9.12` | `149.112.112.12` | `9953` | `2620:fe::12` | `2620:fe::fe:12` | `dns12.quad9.net/dns-query` | `tls://dns12.quad9.net` | | [AhaDNS](https://blitz-setup.ahadns.com) | - | ? | ? | ? | ? | ? | `blitz.ahadns.com` | ? | | BlahDNS | - | `45.91.92.121` | X | - | `2a0e:dc0:6:23::2` | X | `doh-ch.blahdns.com/dns-query` | `dot-ch.blahdns.com` | | [RethinkDNS](https://rethinkdns.com/configure) | - | ? | ? | - | ? | ? | `basic.rethinkdns.com` | `max.rethinkdns.com` | | NextDNS | - | `45.90.28.233` | `45.90.30.233` | `5353` | `2a07:a8c0::` | `2a07:a8c0::` | `dns.nextdns.io` | `dns.nextdns.io` | | LibreDNS | - | `116.202.176.26` | X | - | X | X | `doh.libredns.gr/dns-query` | `dot.libredns.gr` | | [ControlD](https://controld.com/free-dns) | - | `76.76.2.2` | `76.76.10.2` | - | `2606:1a40::2` | `2606:1a40:1::2` | `freedns.controld.com/p1` | `p1.freedns.controld.com`| | AdGuard DNS | Blocking ad and malware | `94.140.14.14` | `94.140.15.15` | `5353` | `2a10:50c0::ad1:ff` | `2a10:50c0::ad2:ff` | `https://dns.adguard-dns.com/dns-query` | `dns.adguard-dns.com` | | DNS.SB | - | `185.222.222.222` | `45.11.45.11` | `53` | `2a09::` | `2a11::` | `https://45.11.45.11/dns-query` | `tls://dot.sb:853` | | [DNSWarden](https://dnswarden.com/customfilter.html) | - | ? | ? | ? | ? | ? | ? | ? | More comprehensive list can be seen at [Adguard KB](https://adguard-dns.io/kb/general/dns-providers/) and [Curl wiki](https://github.com/curl/curl/wiki/DNS-over-HTTPS). You can create your own DNS over HTTPS with [Cloudflare Workers](https://github.com/tina-hello/doh-cf-workers) or [with PHP](https://github.com/NotMikeDEV/DoH). ## DNS Applications[🔝](#navigation) *These DNS applications can help you in configuring DNS resolvers on your system.* > ⚠ **ATTENTION** ⚠ > If your ISP is also blocking using DPI also use [applications to eliminate DPI](#applications-to-eliminate-dpi). 1. [Nebulo](https://nebulo.app) [Android] Application to easily change DNS on Android. 2. [DNSCloak](https://apps.apple.com/app/id1452162351) [iOS] Application to change DNS and configure dnscrypt on iOS. 3. [DNSCrypt](https://dnscrypt.info) [Windows,macOS,Linux] Selfhost DNS that can do forwarding to DNSCrypt & DNS over HTTPS servers. 4. [SimpleDNSCrypt](https://simplednscrypt.org) [Windows] An easy to use graphical DNSCrypt client. 5. [DNS Profile Creator](https://dns.notjakob.com/tool.html) [Browser] Easily create Apple mobileconfig. 6. [YogaDNS](https://yogadns.com) [Windows] DNS changer for Windows. 7. [RethinkDNS](https://rethinkdns.com) [Android] Application to change DNS and ad blocker. 8. [Intra](https://getintra.org) [Android] Application to change DNS on Android. 9. [AdGuard Home](https://github.com/AdguardTeam/AdGuardHome) [Windows, macOS, Linux] Selfhost DNS with integrated adblock, encrypted upstream and downstream. 10. [Stubby](https://github.com/getdnsapi/stubby) [Windows, macOS, Linux] Selfhost DNS that can do forwarding to DNS over TLS server. 11. [InviZible](https://github.com/Gedsh/InviZible) [Android] An Android application for DNS and Tor. ## How to change DNS[🔝](#navigation) Now, you have got the List, so how to use it? ### Android 1.Settings>Other Wireless Connections>Private DNS . 2.Type the [DNS hostname](#choosing-the-right-dns) and tap Save. ### iOS 1.Settings>Wi-Fi>*wifi* 2.Tap (i) icon. 3.Change the IP Address into Static and type the [DNS hostname](#choosing-the-right-dns) on the DNS column. ### Windows #### Windows 7 to Windows 10: 1. Control Panel>Network and Internet>Network and Sharing Center>Connections>Properties. 2. Click Internet Protocol Version 4 (TCP/IPv4) twice. 3. Change from "Obtain DNS server address automatically" to "Use the following DNS server addresses". 4. Type the [DNS hostname](#choosing-the-right-dns) on the DNS column and click OK. #### Windows 11: 1. Open Settings on Windows 11, Go to Network & Internet and click Properties. 2. On the DNS server assignment section, click Edit button. 3. Change from Automatic to Manual. 4. On Preferred DNS, type 1.1.1.1/8.8.8.8/9.9.9.9 and on Alternate type 1.0.0.1/8.8.4.4/149.112.112.112. 5. On Preferred and Alternate DNS Encryption, choose Encrypted only (DNS-over-HTTPS) option. 6. Click Save. ### macOS 1. System Preferences>Network>Wi-Fi>Advanced>DNS. 2. Click “+” button and type the [DNS hostname](#choosing-the-right-dns) on the DNS column, 3. Then click OK and Apply. ### Linux 1. Open Terminal 2. Type the command `nano /etc/resolv.conf` to edit `/etc/resolv.conf`. 3. Change the file content into something like this (replace `` into one of the DNS hostname [listed here](#choosing-the-right-dns)). ``` nameserver nameserver ``` Note: Some components that installed on Linux distribution (like NetworkManager) may change the content of `/etc/resolv.conf` without notice, to prevent this you can type `chattr +i /etc/resolv.conf` after editing the file. If you want to change the content of `/etc/resolv.conf` again, you can type `chattr -i /etc/resolv.conf`. ### Browser #### Chromium-based browser 1.Settings>Privacy and Security. 2.Type the [DNS hostname](#choosing-the-right-dns) on the DNS column. #### Firefox-based browser 1.Settings>Network Settings. 2.Type the [DNS hostname](#choosing-the-right-dns) on the DNS column. #### How to determine if the DNS is properly configured? Go to [DNSLeakTest](https://dnsleaktest.com) or [BrowserLeaks](https://browserleaks.com/dns) for testing. If the ISP DNS being shown instead of one you have already set, you can download [DNSCrypt](https://dnscrypt.info) or [SimpleDNSCrypt](https://simplednscrypt.org). ## Applications to eliminate DPI[🔝](#navigation) Now, many [ISPs](#choosing-less-strict-isp) are using Deep Packet Inspection as blocking method. You can eliminate the DPI with these applications: > ⚠ **ATTENTION** ⚠ > Do not forget to change [DNS](#dns-applications) first or using [Hosts file](#list-of-hosts-file) if your [ISP](#choosing-less-strict-isp) is also using DNS for blocking. > ℹī¸ **Info** > We also providing config for application and ISP in [this folder](/dpi-circumvention-config). 1. [GoodbyeDPI](https://github.com/ValdikSS/GoodbyeDPI) [Windows] CLI application to eliminate DPI. 2. [GreenTunnel](https://github.com/SadeghHayeri/GreenTunnel) [Windows,macOS,Linux] GUI application to eliminate DPI. 3. [PowerTunnel](https://github.com/krlvm/PowerTunnel) [Windows,macOS,Linux,[Android](https://github.com/krlvm/PowerTunnel-Android)] GUI application to eliminate DPI (2). 4. [SNI-Mask](https://github.com/macronut/SNI-Mask) [Windows] Proxy to eliminate DPI. 5. [Accesser](https://github.com/URenko/Accesser) [Windows,macOS,Linux] Application to solve TCP RST, used primarily in Mainland China. 6. [GhosTCP](https://github.com/macronut/ghostcp) [Windows] Securing TCP connection. 7. [sniffjoke](https://github.com/vecna/sniffjoke) [Linux] Securing wiretap/sniff/IDS. 8. [SpoofDPI](https://github.com/xvzc/SpoofDPI) [macOS,Linux] Spoofing your DPI. 9. [Zapret](https://github.com/bol-van/zapret/blob/master/docs/readme.eng.md) [Linux, FreeBSD] DPI Circumvention Tool. 10. [DPITunnel](https://github.com/zhenyolka/DPITunnel-cli) [Linux,[Android](https://github.com/zhenyolka/DPITunnel-android)] CLI application for Linux. 11. [Geneva](https://github.com/kkevsterrr/geneva) [Linux] AI-powered DPI Circumvention Tool. ### Trick to bypass DPI without application[🔝](#navigation) #### On Linux *Drop **TCP RST** and **lamanlabuh** with IPTables, run these commands*: ``` sudo iptables -I INPUT -p tcp --tcp-flags ALL RST,ACK -j DROP sudo iptables -A INPUT -p tcp -m string --string "Location: http://lamanlabuh.aduankonten.id/" --algo bm -j DROP ``` *For **firewall-cmd**, run this command*: ``` sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p tcp --tcp-flags ALL RST,ACK -j DROP ``` *Use the firewall-cmd one for Linux distribution that using firewalld, like Fedora and OpenSUSE in terminal. Note that those commands will not work if ISP is also sending TCP RST to server (List of ISP can be seen in Sending TCP RST to server column on above table).* ### Trick to bypass DPI using router[🔝](#navigation) #### OpenWRT Follow this tutorial https://github.com/bebasid/bebasit/blob/master/docs/openwrt-tutorial.en.md ### MikroTik Follow this tutorial https://github.com/bebasid/bebasit/blob/master/docs/mikrotik-tutorial.en.md ## List of hosts file[🔝](#navigation) For some users, they will prefer this way If you prefer to use hosts file, here the list: | List | Alternative | | :---: | :---: | | [bebasid](https://raw.githubusercontent.com/bebasid/bebasid/master/releases/hosts) | | [mul14](https://gist.githubusercontent.com/mul14/eb05e88fcec5bb195cbb/raw/611c0693c460fc5bd7037c6d9d43fa6c0ce4fd7c/hosts) | | [tumblr](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=2556197#gistcomment-2556197) | | [Netflix](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=3235083#gistcomment-3235083) | [2](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=3324456#gistcomment-3324456) | | [nhentai](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=3324461#gistcomment-3324461) | | [Binance](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=3727848#gistcomment-3727848) | | [Reddit](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=3878656#gistcomment-3878656) | | [Steam](https://gist.github.com/mul14/eb05e88fcec5bb195cbb?permalink_comment_id=4250815#gistcomment-4250815) | [2](https://pastebin.com/auhuXvAD) | ## How to unblock using hosts file[🔝](#navigation) So, you have the file... now what? ### On Windows 1. Copy the text inside the hosts file that you have chosen before. 2. Open File Explorer and go to `C:\Windows\System32\drivers\etc`. 3. Paste text to "hosts" file. ### On Android #### ROOT: 1. Copy the text inside the hosts file that you have chosen before. 2. Open File Explorer and go to `/system/etc`. 3. Paste text to "hosts" file. #### NON-ROOT: 1. Copy the text inside the hosts file that you have chosen before. 2. Create the file and paste the text inside that file. 3. Install [Virtual Hosts](https://github.com/x-falcon/Virtual-Hosts) or [Host Go](https://play.google.com/store/apps/details?id=dns.hosts.server.change). 4. Tap "Select Host File"/"Import HOSTS file" and choose the file that you have created before. ## Choosing secure VPN[🔝](#navigation) Ah VPN, the easiest way to bypass the block if any of above methods do not work, *But* do not download insecure and untrustworthy VPN! Take a look at this list of secure VPN that you can use instead of untrustworthy VPN: | Name | Positive | Negative | Server | | :---: | :---: | :---: | :---: | | [Mullvad](https://mullvad.net/) | A secure paid VPN | Paid | 867 | | [ProtonVPN](https://protonvpn.com) | A "secure" "free" VPN | Lack of Split-tunneling on free plan and [this](https://arstechnica.com/information-technology/2021/09/privacy-focused-protonmail-provided-a-users-ip-address-to-authorities) | 100 | | [Windscribe](https://windscribe.com) | Split-tunneling and many features | 15GB per month and [this](https://arstechnica.com/gadgets/2021/07/vpn-servers-seized-by-ukrainian-authorities-werent-encrypted) | 15 | | [ExpressVPN](https://expressvpn.com) | Fast | Not that secure and paid | 148 | | [Psiphon](https://psiphon.ca) | Open Source | ? | ? | | [OVPN](https://ovpn.com) | **Secure** | Paid | 102 | ### VPN for Advanced Users[🔝](#navigation) VPN in this section needs configuration, if you just want a Out of the box VPN, please ignore this. | Name | Description | | :---: | :---: | | [OpenVPN](https://openvpn.net) | VPN system that implements techniques to create secure point-to-point or site-to-site connections | | [Wireguard](https://wireguard.com) | Similar to OpenVPN | | [Softether](https://softether.org) | Similar to OpenVPN(?) | ## Tor Applications[🔝](#navigation) And, this is the most extreme part, using Tor. 1. [Tor Browser](https://www.torproject.org) [Windows,macOS,Linux,Android] Official browser of Tor Project. 2. [Orbot](https://guardianproject.info/apps/org.torproject.android) [Android] Proxy with Tor. 3. [Onion Browser](https://onionbrowser.com) [iOS] Tor browser for iOS. 4. [InviZible](https://github.com/Gedsh/InviZible) [Android] Android application for DNS and Tor. ---

Share this project!

:coffee: Buy us coffee!
BebasID Trakteer Donation BebasID Saweria Donation
BebasID Trakteer Donation BebasID Saweria Donation

KominFudge from bebasid is licensed under CC-BY-SA-4.0.