#15339 closed task (no change required)
Haiku IP addresses are blocked in Russia
Reported by: | diver | Owned by: | haiku-web |
---|---|---|---|
Priority: | critical | Milestone: | |
Component: | Website | Version: | R1/Development |
Keywords: | Cc: | ||
Blocked By: | Blocking: | ||
Platform: | All |
Description
Ever since the move from online.net to DigitalOcean Haiku websites and package repos are unavailable from Russia.
This is because 104.248.198.131/32 network was blocked in Russia on 13.04.2018.
Change History (19)
comment:2 by , 5 years ago
As I understand it, using VPNs, Tor, and other "workarounds" is extremely common in Russia. However, with Haiku not supporting any of these solutions users running Haiku will have difficulty obtaining updates.
I'm tempted to target a solution around "providing repository mirrors" for Russia as the solution. It's not great... but it is also pretty abysmal that Russia employs these methods of censorship.
comment:3 by , 5 years ago
It seems that DigitalOcean is not completely blocked. Some people recreated servers at DO (sometimes 4 times or more) to get new ip which is not blocked. Can we try that?
comment:6 by , 5 years ago
It seems that DigitalOcean is not completely blocked. Some people recreated servers at DO (sometimes 4 times or more) to get new ip which is not blocked. Can we try that?
I really don't want to "redo everything" every time Russia decides to block a new IP range, that's not really sustainable.
Cloudflare is *way* too much for our pockets. There are some cheaper WAF protections out there... then again they can't be based on AWS,GCP, or DigitalOcean :-|
We could improve our support of VPN's within Haiku :-)
comment:7 by , 5 years ago
Replying to waddlesplash:
-10 to Cloudflare. Is our IPv6 blocked too?
I don't think so. Possibly useful: https://isitblockedinrussia.com
follow-ups: 9 10 comment:8 by , 5 years ago
I've flipped on IPv6. Let me know if this helps the situation any.
follow-up: 11 comment:9 by , 5 years ago
Replying to kallisti5:
I've flipped on IPv6. Let me know if this helps the situation any.
I now can't push a change.
comment:10 by , 5 years ago
Replying to kallisti5:
I've flipped on IPv6. Let me know if this helps the situation any.
Didn't make a difference for me.
comment:11 by , 5 years ago
comment:12 by , 5 years ago
That hints to git not using getaddrinfo with the appropriate flags to make sure it doesn't try to use an IPv6 address on an IPv4 only system.
comment:13 by , 5 years ago
Milestone: | R1/beta2 → Unscheduled |
---|
comment:14 by , 5 years ago
Seeing that Russian Haiku Telegram group (https://t.me/HaikuOS_RU_chat) is ~300 members and Haiku english group (https://t.me/haiku_os) is ~200 members as of 02.2020 it would't be nice to ignore this issue completely. We need to come up with some easy to use workaround.
Right now the workaround is to add haiku DNS records through 3dEyes's DigitalOcean (oh, irony!) proxy droplet.
comment:15 by , 5 years ago
Can you document here the proxy setup and IP address? We could try to make it a more official part of the infra, maybe serving as an alternate DNS entry or by having a "ru.haiku-os.org" pointing to it or something?
Also, did we seriously look into getting the IP unlocked by russian government? Probably not easy, but is it not at least worth a try?
comment:16 by , 5 years ago
This one is more of a "I honestly don't know what to do" issue. This one came out of left field to me.
- The Russian government is blocking massive portions of the internet with little oversight. (AWS, GCP, DigitalOcean, etc)
- The process to get ip's unbanned has a documented success rate of 0%
I think the real solution is to greatly improve the VPN support in Haiku. If we had solid OpenVPN / Wireguard support, the workarounds would be easy and more sustainable than us "moving all of our infrastructure around" whenever the Russian government decides to suddenly block a new block of IP addresses.
Welcome to the results of a massive decline of Net Neutrality.
comment:17 by , 5 years ago
I created a PR to add VPN Support to the GSOC 2020 idea page. https://github.com/haiku/website/pull/354
comment:18 by , 5 years ago
Resolution: | → no change required |
---|---|
Status: | new → closed |
RKN unblocked 2 million ip addresses and Haiku network among them.
comment:19 by , 5 years ago
Milestone: | Unscheduled |
---|
Remove milestone for tickets with status = closed and resolution != fixed
We spoke about this one on telegram (ironically)... turns out Russia censors *all* of DigitalOcean's known IP addresses, AWS and who knows how many other IP ranges as an attempt to censor... telegram.
https://www.theguardian.com/world/2018/apr/17/russia-blocks-millions-of-ip-addresses-in-battle-against-telegram-app
I really don't have an easy solution to this one. There's no process to request an IP be "removed from the blacklist"
Some options: