mirror of
https://github.com/igareck/vpn-configs-for-russia.git
synced 2026-05-19 20:56:09 +00:00
619 lines
38 KiB
Markdown
619 lines
38 KiB
Markdown
<div align="center">
|
||
|
||
|
||
|
||
</div>
|
||
|
||
# <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExNTljeGk4d3lzZnU3Mm1peDBienFpbmEyb3JmaDB5N21tMW9oczIwdyZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/8p1WPEOeDWFCksfe18/giphy.gif" width="45"> Free VPN configurations that work in Russia
|
||
|
||
[](https://github.com/igareck/vpn-configs-for-russia/stargazers)
|
||
<img src="https://komarev.com/ghpvc/?username=igareck&label=Visitors&color=0e75b6&style=flat" alt="Visitor Count" />
|
||
[](https://github.com/igareck/vpn-configs-for-russia/issues)
|
||
[![last commit][1]][1]
|
||
|
||
[](mailto:igareck@proton.me)
|
||
|
||
[1]: https://custom-icon-badges.demolab.com/github/last-commit/igareck/vpn-configs-for-russia?logo=history&logoColor=white&color=0e75b6&style=flat
|
||
|
||
**🌐 Язык: [Русский](README.md) | 🌐 Language: [English](README-EN-US.md) | 🌐 语言: [中文](README-ZH-CN.md) | 🌐 زبان: [فارسی](README-FA-IR.md)**
|
||
|
||
<img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExa2RkeXZzdDl1Y3g4dW1xcjFxc2xsMHVsZ2RiY243OHJodjd0cHQ1NSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/qXp82ZL3eZbbTUrLyy/giphy.gif" width="20"> A collection of public and free, auto-updating and auto-checked VPN configurations tested to work within the Russian Federation (`VLESS` / `VMess` / `Shadowsocks` / `Hysteria2` / `Tuic` / `Trojan` and others).
|
||
|
||
For bypassing Roskomnadzor (RKN) blocks.
|
||
|
||
The collection is filtered by category into black and white CIDR and SNI lists.
|
||
|
||
Each configuration is a TXT subscription that can be imported into any client you need (`v2rayN`, `Streisand`, `NekoBox`, `Throne` and others).
|
||
|
||
Once every 1–2 hours, before publishing, configs pass automated health checks on a server in Russia; slow and non-working ones are filtered out.
|
||
|
||
Real tests are performed for reachability, latency, and speed — not just a regular auto-collection and deduplication. From November 13 to December 28 I did everything manually; on December 28 I finished a script that automated and sped up the checking process while keeping the same high-quality “manual” result.
|
||
|
||
Classic VPNs (OpenVPN, WireGuard, etc.) haven’t worked for a long time — and it doesn’t matter whether your subscription is paid or not.
|
||
|
||
That’s why it’s important to use configurations verified to work specifically in Russia, so you can stay online.
|
||
|
||
It’s also important to update public configs frequently, because they tend to appear quickly — and stop working just as quickly. That’s why I added auto-updating with auto-checking/auto-tests, so every user in Russia can always get the freshest list of high-quality VPN configurations without extra junk.
|
||
|
||
## 🔴 ATTENTION FOR USERS OUTSIDE RUSSIA!
|
||
|
||
❗❗❗ IF YOU ARE NOT IN RUSSIA (CHINA, IRAN, OR ANY OTHER COUNTRY), USE ONLY CONFIGURATIONS FROM THE "BLACK LIST" ("BLACK_SS+All_RUS.txt", "BLACK_VLESS_RUS.txt" and "BLACK_VLESS_RUS_mobile.txt").
|
||
|
||
The "WHITE LIST" (WHITE) will NOT help you, because the "WHITE LIST" is configured ONLY to bypass specific and the strongest restrictions INSIDE Russia! For other countries, the "WHITE LIST" will be a practically non-working, slow, and useless option!
|
||
|
||
The "BLACK LIST" (BLACK LIST) is an "international VPN option" and contains the fastest public configurations available on the internet!
|
||
|
||
THANK YOU FOR YOUR ATTENTION!
|
||
|
||
## <img src="https://raw.githubusercontent.com/igareck/GoldCaviar/refs/heads/main/Files/Download-VPN-configs-banner-EN-US.svg" width="600">
|
||
|
||
*Enable auto-update in your VPN client!*
|
||
|
||
<details>
|
||
|
||
<summary><h3>🧾 BLACK LIST ⚫</h3></summary>
|
||
|
||
---
|
||
|
||
### **VLESS for phone (max 100 configs in the subscription):**
|
||
|
||
### [BLACK_VLESS_RUS_mobile.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/BLACK_VLESS_RUS_mobile.txt)
|
||
|
||
*Compressed, lightweight mobile VLESS subscription for the Black List. Contains the 100 fastest configs from the full VLESS subscription.*
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
### **VLESS full (all configs):**
|
||
|
||
### [BLACK_VLESS_RUS.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/BLACK_VLESS_RUS.txt)
|
||
|
||
*Full VLESS subscription for the Black List.*
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
### **SHADOWSOCKS+ALL:**
|
||
|
||
### [BLACK_SS+All_RUS.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/BLACK_SS+All_RUS.txt)
|
||
|
||
*ShadowSocks, Hysteria2, Vmess, Trojan subscription for the Black List.*
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
|
||
</details>
|
||
|
||
*[Click the arrow]*
|
||
|
||
---
|
||
|
||
<details>
|
||
|
||
<summary><h3>🧾 WHITE LIST ⚪</h3></summary>
|
||
|
||
---
|
||
|
||
### CIDR subscription for phone (max 100 configs in the subscription) ⚪:
|
||
|
||
### [Vless-Reality-White-Lists-Rus-Mobile.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/Vless-Reality-White-Lists-Rus-Mobile.txt)
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
*Compressed, lightweight mobile CIDR subscription for the White List. Contains the 100 fastest configs from the full CIDR subscription. Bypasses CIDR IP blocks. VLESS protocol.*
|
||
|
||
|
||
### CIDR subscription full (all configs) ⚪:
|
||
|
||
### [WHITE-CIDR-RU-all.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/WHITE-CIDR-RU-all.txt)
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
*Full CIDR subscription for the White List. Contains all known “white” subnets from different hosters. Bypasses CIDR IP blocks. VLESS protocol.*
|
||
|
||
|
||
### CIDR subscription only for hosters: VK, YANDEX, CDNVIDEO, Beeline ⚪:
|
||
|
||
### [WHITE-CIDR-RU-checked.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/WHITE-CIDR-RU-checked.txt)
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
*Filtered version of the full CIDR subscription by specific hosters. Smaller than the full version. This subscription contains only proven “white” subnets from Russian hosters: VK, YANDEX, CDNVIDEO and Beeline. Bypasses CIDR IP blocks. VLESS protocol.*
|
||
|
||
|
||
### SNI subscription ⚪:
|
||
|
||
### [WHITE-SNI-RU-all.txt](https://raw.githubusercontent.com/igareck/vpn-configs-for-russia/refs/heads/main/WHITE-SNI-RU-all.txt)
|
||
|
||
<details>
|
||
<summary> QR code </summary>
|
||
|
||
|
||
|
||
</details>
|
||
|
||
*Bypasses only SNI-based blocks using a fake SNI domain name. Does not bypass CIDR blocks. VLESS protocol.*
|
||
|
||
</details>
|
||
|
||
*[Click the arrow]*
|
||
|
||
---
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3bjF5NnEyM21vMjJhd2UxdWphYnQxZGh6bjc1bjBzMG44eDB0Ym03eCZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/dyX9ixfxMpOUGawfdK/giphy.gif" width="50"> What’s the difference between Black and White lists, and which subscription to choose
|
||
|
||
**Black lists** mean **“everything that isn’t forbidden is allowed.”** *That’s how the internet works in 90% of cases.*
|
||
|
||
**White lists** mean **“everything is forbidden unless explicitly allowed.”** This is when you can’t open anything except Yandex, VK and other RKN-approved sites — even Google.com and Gmail won’t open.
|
||
|
||
*The internet under white lists is the most restricted. You’ll only be able to access what the regulator approves using their “white” lists. For example, if only Yandex and Ozon are approved, you’ll only be able to open Yandex and Ozon and nothing else. These restrictions are now being massively tested and used in practice by mobile carriers.*
|
||
|
||
`⬇ ACTION ORDER ⬇`
|
||
|
||
`First, let’s check whether the internet works at all: open Yandex.ru, Gosuslugi, VK, Rutube.ru, Sberbank, Mail.ru, Ozon. If none of these opens, your internet is not working in principle (no connection at all) and no configs will help! In that case, check the connection on your device!"`
|
||
|
||
`If it suddenly “doesn’t load no matter what”, resetting the network connection often helps: turn on “Airplane mode” for 10–15 seconds, then turn it off, try the connection again — profit!`
|
||
|
||
### **1)** **First choose Black or White:** <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3Y3Q4NW94NXo0ZXQwajl1cDRzdHg3ZXFzbWc4aGtzeDA0cGRtNTl2ZSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/35LH6GkOzEXuw/giphy.gif" width="80">
|
||
|
||
a) In the standard situation, when the internet works as usual (Google opens), but you want to watch blocked YouTube or play blocked Roblox — use the “Black list” configurations.
|
||
|
||
**“Black list” configurations are basically a normal VPN, just with a modern protocol!** The Black list is also the fastest, because it works under normal conditions.
|
||
|
||
b) **When nothing works** except Yandex.ru, Gosuslugi, VK, Rutube, Sberbank, Mail.ru or Ozon — it means the internet is heavily restricted; in this case **use the “White list” configs.**
|
||
|
||
### **2)** **With normal Black lists ⚫:** **VLESS** or **SHADOWSOCKS+ALL**
|
||
|
||
With normal Black lists ⚫ choose the most resilient protocol **VLESS**, or alternatively **SHADOWSOCKS+ALL**, but this isn’t mandatory. PC or smartphone — doesn’t matter, it works everywhere.
|
||
|
||
*Note: Hysteria2 works great for me on PC via cable, but on my phone via Wi‑Fi it refuses to work (and doesn’t ping on the first try either; you need to repeat). I haven’t figured out why. VLESS and Shadowsocks work on any devices without issues.*
|
||
|
||
*Sometimes even VLESS on PC works perfectly via cable, but via Wi‑Fi it pings inconsistently.*
|
||
|
||
### **3)** **With White lists ⚪: CIDR subscription or SNI subscription**
|
||
|
||
**a)** **“CIDR SUBSCRIPTION FULL” or “CIDR SUBSCRIPTION ONLY WITH HOSTERS: VK, YANDEX, CDNVIDEO”:**
|
||
|
||
The harshest CIDR “white IP” blocking is currently mostly on mobile operators (Megafon, Beeline, MTS, T2, Yota, etc.), so I put `CIDR configurations that punch through white IP lists for mobile internet into the TXT subscription “CIDR SUBSCRIPTION”` and marked them as `[*CIDR]` in the notes for each config.
|
||
|
||
These configs will of course also work under normal conditions (alongside Black lists), but you shouldn’t do that! Why? Simply to avoid overloading them, so that people who truly need them (and live with restricted internet for months) can use them. Use CIDR configs only when you really need them!
|
||
|
||
If a config suddenly doesn’t work, it may come back to life after a while (reason: servers are overloaded (because they’re free and public), or they may be temporarily disabled). Don’t delete it right away!
|
||
|
||
**b)** **SNI subscription:**
|
||
|
||
Configurations that bypass the easiest blocks via “white SNI lists” (just by domain name) are in the TXT subscription **SNI SUBSCRIPTION**. They are marked as `[SNI-RU]` in the notes for each config; all SNI values are also labeled for convenience.
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3Yml0MndhcDZ6dzFuYjY3aG0yNWowN2Rqbnp1aTV2cXNvb3FvMnluMiZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/MxryCOQuSYVVD0SPyp/giphy.gif" width="40"> How do I use these configurations on my device?
|
||
|
||
1) The most convenient way to add VPN configurations on your device is via a *“subscription”* or *“subscription group”* in v2rayN, Throne, v2rayNG, NekoBox, Streisand or Karing.
|
||
|
||
2) Copy the URL of the Github txt file. After copying the link, in the app you need to press “Add from clipboard”, or use the usual “Add” button -> “Configure manually” -> type “Subscription” -> paste the link to the txt file and set a subscription name.
|
||
|
||
3) Scan the subscription QR code from the next section. QR is even easier: press “Add” -> “Scan QR code” and the app will create a subscription automatically; you’ll only need to rename it on your phone and press “Update” if the config list didn’t load immediately.
|
||
|
||
QR codes are located under the subscription link — click the arrow labeled “QR code”.
|
||
|
||
4) How to check which configs/servers are alive and working right now?
|
||
|
||
Click the whole subscription (its name at the top) or an individual config; usually you need to press and hold to bring up a menu. Choose, *attention!*, *“Test real latency”* or *“Latency”*! Not “TCP Ping” or “ICMP Ping” — those won’t show real VPN server availability. The ones that respond with green numbers are the ones to use. Pick the smallest numbers: the smaller the number, the lower the latency and the faster the server will respond.
|
||
|
||
5) It is strongly recommended to enable subscription auto-update at least 2 times a day (every 12 hours), and even more often during long holidays. Configurations are updated every hour, because they stop working over time. If you enable updates, you’ll always have the freshest version of the subscription with working configs and no extra “junk”.
|
||
|
||
7) Configs (especially from White lists) may not turn green immediately in the “real latency” check; very often you need to ping 2–3–4 times to see newly available servers.
|
||
|
||
8) Install a few different clients on your phone — sometimes different clients will see different available servers. This is due to differences in client settings during config checks.
|
||
|
||
You can also add everything manually one-by-one by copying the contents of each txt file into v2rayN and others, but subscriptions are convenient because they update automatically on your device after updates on Github — without needing to delete and copy again — simplifying the process.
|
||
|
||
## 🧩 Apps for configs on PC and phone:
|
||
|
||
### <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3amtqMmQxOGh0aG0waGk5OGhhNG5odmdob2k1bWc4ejNyZ3E3N2Y2bCZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/xUS4Fp5i6iIn2Y1EYT/giphy.gif" width="25"> Windows/Linux/MacOS
|
||
|
||
Install the official v2rayN or Throne (successor of Nekoray) client, run it in “Administrator” mode, add a config/subscription, update it, you’ll get a list, run “real latency” checks, then sort by ping, pick a green one with the smallest number by pressing Enter, and finally enable “VPN mode / TUN mode”.
|
||
|
||
**1)** **v2rayN:**
|
||
|
||
*I recommend v2rayN because it works stably and has been proven to handle thousands of configs of different protocols at once (my personal max is 150,000). It’s the most universal client. It works using Xray, Sing-Box, Mihomo together.*
|
||
|
||
https://github.com/2dust/v2rayN/releases
|
||
|
||
`v2rayN-windows-64.zip` for Windows
|
||
|
||
`v2rayN-linux-64.deb` for Linux (Ubuntu)
|
||
|
||
`v2rayN-macos-64.dmg` for MacOS
|
||
|
||
**2)** **Throne (successor of Nekoray, which is no longer updated since 2024)**:
|
||
|
||
*Recommended as an alternative working client after v2rayN.*
|
||
|
||
https://github.com/throneproj/Throne/releases
|
||
|
||
`Throne-1.0.8-windows64-installer.exe` for Windows
|
||
|
||
`Throne-1.0.8-debian-x64.deb` for Linux (Ubuntu)
|
||
|
||
`Throne-1.0.8-macos-arm64.zip` for MacOS
|
||
|
||
**3)** **Karing:**
|
||
|
||
https://github.com/KaringX/karing/releases
|
||
|
||
`karing_1.2.10.1300_windows_x64.exe` for Windows
|
||
|
||
`karing_1.2.10.1300_linux_amd64.deb` for Linux (Ubuntu)
|
||
|
||
`karing_1.2.10.1300_macos_universal.dmg` for MacOS
|
||
|
||
**4)** **Singbox-launcher:**
|
||
|
||
*A new client worth trying for testing VPN configurations; works together with Sing-Box. Give it a try — the developer is friendly and responsive.*
|
||
|
||
https://github.com/Leadaxe/singbox-launcher/releases
|
||
|
||
`singbox-launcher-v0.7.1-win64.zip` for Windows
|
||
|
||
`singbox-launcher-v0.7.1-macos.zip` for MacOS
|
||
|
||
### <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3aGcxcG8yMGNzOTNmZDE1Z3hob3V3ajU4dmhkdnhsY2doMXFrNXowMyZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/oFSDc1Oq12Ie5NJnmA/giphy.gif" width="20"> iOS — use Streisand, Shadowrocket, Karing, V2Box or v2RayTun from the App Store.
|
||
|
||
I recommend Streisand: it declares no data collection in the App Store, and all features (including DNS switching) work correctly unlike many similar clients; loading and working with configs is stable.
|
||
|
||
Happ is not recommended by users due to unstable performance/ping.
|
||
|
||
**1)** `Streisand` https://apps.apple.com/us/app/streisand/id6450534064
|
||
|
||
*Best free iOS client with no data collection*
|
||
|
||
**2)** `Shadowrocket` https://apps.apple.com/us/app/shadowrocket/id932747118
|
||
|
||
*Doesn’t drop connections even after long idle time, no data collection, but paid*
|
||
|
||
**3)** `Karing` https://apps.apple.com/us/app/karing/id6472431552
|
||
|
||
*Opinions about Karing are mixed: some like it, others have connection issues*
|
||
|
||
**4)** `V2Box` https://apps.apple.com/us/app/v2box-v2ray-client/id6446814690
|
||
|
||
**5)** `v2RayTun` https://apps.apple.com/us/app/v2raytun/id6476628951
|
||
|
||
### <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExODUzYWRwNzNpa3doMDd1bXo4NTlzanJsaTcya3dlNXA4d3c5cnVzNCZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/UQJlZ2OcaCA2RLfGiZ/giphy.gif" width="20"> Android — use v2rayNG and NekoBox from GitHub, or v2Box and v2RayTun from Google Play.
|
||
|
||
I recommend v2rayNG, because it’s an Android analogue of my favorite PC client v2rayN from the same developer “2dust”.
|
||
|
||
Also try NekoBox — users praise it.
|
||
|
||
Happ is not recommended by users due to unstable performance/ping.
|
||
|
||
**1)** `NekoBox` https://github.com/MatsuriDayo/NekoBoxForAndroid/releases
|
||
|
||
**2)** `v2rayNG` https://github.com/2dust/v2rayNG/releases
|
||
|
||
**3)** `v2Box` https://play.google.com/store/apps/details?id=dev.hexasoftware.v2box
|
||
|
||
**4)** `v2RayTun` https://play.google.com/store/apps/details?id=com.v2raytun.android&hl=en&pli=1
|
||
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3ZDhxeG02NHlucTdqZGhtejBnb2V5dGpwaDBmcHhobWlsOHQxdWpoYSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/8L0hXHQkY4o7eyQHJB/giphy.gif" width="30"> Useful information
|
||
|
||
⚡ Why do I test configurations at all? At the very beginning, out of 40,000+ free public configurations I tried, only about 700 passed the health check — that’s under 2%. In the end, I published about 200 of the highest-quality ones with good responsiveness and decent speed — that’s about half a percent. Not everyone has time to deal with builds of tens of thousands of configs where only a couple hundred actually work.
|
||
|
||
⚡ There are tons of protocols out there, but **the most effective** one (against Roskomnadzor DPI and blocks) is **Vless+Reality**, because it can disguise traffic as a request to a harmless HTTPS website, making VPN use essentially invisible to your ISP. Other protocols rank lower, because they are easier to unmask.
|
||
|
||
⚡ The most stable transports: XHTTP, GRPC and WS.
|
||
|
||
⚡ Some configurations may stop working over time for reasons beyond my control, so the lists will be updated periodically.
|
||
|
||
⚡ If a configuration suddenly stopped working — don’t rush to delete it. Switch to the next one in the list; it may come back to life later. But no guarantees — this is normal for free public servers.
|
||
|
||
⚡ If your provider blocks VPN connections, try replacing the regular DNS on your router/PC/phone with encrypted DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT). Even if it doesn’t help, using DoH is still good for your privacy.
|
||
|
||
⚡ When using White lists, some foreign DNS-DoH servers (Google, for example) may sometimes be unavailable. I would first check Cloudflare, OpenDNS, Google, Quad9, AdGuard, Dnsforge; and if none works, choose Yandex DoH. If no DoH works at all, disable it and use your provider’s automatic DNS.
|
||
|
||
<details>
|
||
|
||
<summary> 🧾 What is DNS-over-HTTPS (DoH) and how to enable it? </summary>
|
||
|
||
|
||
> *ON A ROUTER: remove and disable the default ISP DNS and enable DNS-over-HTTPS (DoH). First you may need to download a DoH client in the router’s firmware/update settings. You can also use DNS-over-TLS (DoT), but it’s not recommended in Russia due to frequent blocks. DNS-over-HTTPS (DoH) should work 100% stably.*
|
||
|
||
> *ON A PHONE there are several options:*
|
||
>
|
||
> - install the “Cloudflare 1.1.1.1 + WARP: Safer Internet” app for Android (Google Play Store) / “1.1.1.1: Faster Internet App” for iOS (App Store);
|
||
>
|
||
> - on iOS there are no built-in network DoH settings; DoH configurations are downloaded as a separate file from the official websites of Quad9, AdGuard, Dnsforge, etc. (see below “List of public DoH servers”);
|
||
>
|
||
> - for Android: go to Settings ➡️ Network & internet (or Wi‑Fi & internet) ➡️ “Advanced” ➡️ “Private DNS” ➡️ select “Private DNS provider hostname” and enter one of the addresses from the list of public DoH servers below (see below “List of public DoH servers”);*
|
||
|
||
> *ON A PC: set a DoH server in the DNS settings of your network adapter.*
|
||
|
||
> *IN A VPN APP: set a DoH server in the app’s DNS settings, or choose from the presets. A correctly working DNS was found in Streisand on iOS.*
|
||
|
||
DNS-over-HTTPS (DoH) is the same DNS, just encrypted and private — DNS over HTTPS. It encrypts DNS queries from local observers (your ISP), improving privacy, but the DNS resolver (Cloudflare/Google, etc.) still sees your queries (you route them through it). The ISP only sees the connection to the IP address of the DoH/DoT resolver (and traffic volume/time) + the final destination IP of the target server — i.e., the final IP of the site without the target domain name (and without ECH — the domain may still leak via SNI). By the destination IP (and without ECH — by SNI) a site can often be identified.
|
||
|
||
Possibly (but not 100%) DoH can help bypass some connection restrictions, if any exist. DoH may help bypass simple DNS blocks, but not IP/SNI blocks or deep filtering.
|
||
|
||
The standard was published by the IETF as RFC 8484 (2018), with ICANN assisting adoption. Google first implemented/tested it back in 2016. The goal is improved user privacy and security.
|
||
|
||
</details>
|
||
|
||
> *Click the arrow to learn more*
|
||
|
||
<details>
|
||
|
||
<summary> 🧾 List of public DoH servers (+ download DoH DNS configuration files): </summary>
|
||
|
||
`https://common.dot.dns.yandex.net/dns-query` - *Yandex DNS Basic. Note! Recommended only if other DNS don’t work when using White lists; in normal mode use the DNS servers below;*
|
||
|
||
`https://safe.dot.dns.yandex.net/dns-query` - *Yandex DNS Safe mode. Note! Recommended only if other DNS don’t work when using White lists; in normal mode use the DNS servers below;*
|
||
|
||
`https://dns.adguard-dns.com/dns-query` - *AdGuard DNS. DNS from the well-known free ad/tracker blocker headquartered in Cyprus;*
|
||
|
||
`https://adguard-dns.io/ru/public-dns.html` - *download the AdGuard DNS configuration file for iOS (+read instructions for other platforms, in Russian);*
|
||
|
||
`https://dns.quad9.net/dns-query` - *Quad9 DNS basic. Malware Blocking, DNSSEC Validation. No-logs policy, HQ in Switzerland;*
|
||
|
||
`https://dns11.quad9.net/dns-query` - *Quad9 DNS extended. Secured w/ECS: Malware blocking, DNSSEC Validation, ECS enabled. No-logs policy, HQ in Switzerland;*
|
||
|
||
`https://docs.quad9.net/Setup_Guides/iOS/iOS_14_and_later_(Encrypted)/` - *download Quad9 DNS configuration for iOS (+read instructions for other platforms; English only);*
|
||
|
||
`https://dnsforge.de/dns-query` - *excellent DNS from the German free ad/tracker blocker DNSFORGE dnsforge.de. No-logs policy, servers in Germany; all information and instructions are in German;*
|
||
|
||
`https://dnsforge.de/dnsforge-doh.mobileconfig` - *download the DNSFORGE.DE DNS configuration file for iOS;*
|
||
|
||
`https://dns.cloudflare.com/dns-query` - *Cloudflare DNS basic;*
|
||
|
||
`https://security.cloudflare-dns.com/dns-query` - *Cloudflare DNS for blocking malware;*
|
||
|
||
`https://dns.google/dns-query` - *Google Public DNS (may be unavailable for some when using White lists);*
|
||
|
||
`https://doh.opendns.com/dns-query` - *Cisco Umbrella (OpenDNS).*
|
||
|
||
</details>
|
||
|
||
> *Click the arrow to view the list*
|
||
|
||
|
||
## 👁️🗨️ What can your ISP see, and who can see what when you’re online?
|
||
|
||
<details>
|
||
|
||
<summary> Click the arrow to learn </summary>
|
||
|
||
**In general.**
|
||
|
||
**When you are on the internet, there are 5 parties that can evaluate your actions:**
|
||
|
||
**1.** `You`
|
||
|
||
**2.** `Your ISP`
|
||
|
||
**3.** `The website/search engine you visit`
|
||
|
||
**4.** `Your browser (if it’s from Yandex, Google, or any public company)`
|
||
|
||
**5.** `DNS resolver`
|
||
|
||
**Some people think “the provider sees everything.”**
|
||
|
||
**But that’s a misconception. Your ISP sees very little if you behave correctly online.**
|
||
|
||
Let’s describe standard internet operation on HTTPS sites without VPN. Don’t confuse this with plain HTTP, which is unencrypted. It’s almost 2026 and there are hardly any HTTP sites left.
|
||
|
||
**Let’s break everything down.**
|
||
|
||
### 1. ISP.
|
||
|
||
An ISP normally sees 3 things: the final IP of the website you connect to + the domain name + encrypted HTTPS packets coming to the user’s browser. What happens on the website itself is known only to 2 parties — the user and the site. Thanks to HTTPS encryption. What you search for in Google is known only to you and Google.
|
||
|
||
**Example: YouTube**
|
||
|
||
You open YouTube, watch a useful tutorial, open a video and watch it. What does the ISP see? YouTube’s IP + the domain name “YouTube” + encrypted HTTPS packets going to the user’s PC. That’s it. The ISP can’t see which videos you watch or what you search for — it happens on the site and is protected by HTTPS. Look to the left of the website name for “https:” — that encryption is what gives millions of people digital safety by protecting against surveillance.
|
||
|
||
**Example: Google Search**
|
||
|
||
You go to Google.com to look at cat memes, you search for *“кот мем неси черешню”*, and you get images of a cat in an apron. What does the ISP see? Scary? It sees nothing meaningful. It sees Google’s IP + the domain name “Google” + encrypted HTTPS packets to your PC. What exactly you look at — the photos and queries — the ISP cannot see. The HTTPS packet contains the photos, but it’s encrypted, so the ISP only sees that you are “doing something on Google”, which is useless information; decrypting it is infeasible.
|
||
|
||
**What if you use encrypted DNS-over-HTTPS (DoH) instead of regular DNS (for example 1.1.1.1)?**
|
||
|
||
Now the ISP cannot directly see even the domain name you requested. With DoH the ISP doesn’t see DNS queries in plaintext; it only sees that you established a connection to the IP address of the DoH/DoT resolver (and traffic volume/time) + the final IP of the site. It does not learn the final domain, but it can often guess the target site by IP, SNI, and traffic patterns; for popular sites it’s easier, for lesser-known sites it’s harder — but it’s not fully eliminated. If DoH hid the final IP, it would replace VPNs — but without VPN you can’t hide the final destination IP. And ISPs block sites (e.g., YouTube) exactly by the destination IP. So in the end you still use a VPN to access blocked sites.
|
||
|
||
**DNS in short:**
|
||
|
||
Regular DNS like 1.1.1.1 (plain text) shows: site IP + domain/SNI name + encrypted HTTPS packets.
|
||
|
||
DoH shows: destination site IP (+analysis) + encrypted HTTPS packets.
|
||
|
||
### 2. Website/search engine.
|
||
|
||
**A website sees what you do on its side and is subject to the laws of the country where it is headquartered.**
|
||
|
||
All modern websites and the data they exchange with you are protected by HTTPS (not plain HTTP). Therefore your actions on a site are visible only to you and the site itself, not to the ISP. The ISP only sees encrypted HTTPS traffic.
|
||
|
||
**For search engines I recommend two. You can search with them without worrying about censorship:**
|
||
|
||
> *1. Google search (the most popular + the largest index in the world). HQ: Mountain View, California, USA.*
|
||
|
||
> *2. Duckduckgo search (popular + great results where you can choose the region + the company claims privacy for your queries). HQ: Paoli, Pennsylvania, USA.*
|
||
|
||
Unfortunately I can’t recommend Yandex Search. HQ is in Moscow. All your queries can be logged and analyzed given the current context. Use it thoughtfully only for Russia-specific information. For everything else, Google and Duckduckgo are enough.
|
||
|
||
### 3. Browser.
|
||
|
||
Many people don’t realize it, but the browser can also see your actions.
|
||
|
||
**Which browsers are widespread and popular in Russia?**
|
||
|
||
> a) Yandex Browser. Strongly not recommended! If it’s installed — delete it and replace it with anything else. It logs traffic.
|
||
|
||
> b) Google Chrome. Not private either; it logs traffic. But in Russia it’s safer than Yandex + its own ecosystem from Google.
|
||
|
||
> c) Mozilla Firefox. By privacy policy it’s the best among popular mainstream browsers.
|
||
|
||
These mainstream browsers have creators, and the creators are public companies that collect data about users and can see your request history — i.e., your traffic (whatever they say) — and they are subject to the jurisdictions/laws where their HQ is. If you don’t want the browser to be a “man-in-the-middle”, choose a privacy-focused open-source browser made by independent developers with public code that can be audited (for example on GitHub).
|
||
|
||
**Browsers I recommend for everyday use and surfing:**
|
||
|
||
Bottom to top: from the most popular to the most private.
|
||
|
||
**a)** `Mozilla Firefox` — if you want a popular option without hassle. Also install uBlock origin (ublockorigin.com) to block trackers and ads. Firefox engine from the public company Mozilla. By privacy policy it’s the best among mainstream browsers.
|
||
|
||
https://www.firefox.com/en-US/?utm_campaign=SET_DEFAULT_BROWSER
|
||
|
||
https://github.com/mozilla-firefox/firefox
|
||
|
||
**b)** `Ungoogled Chromium` — an open-source Chromium-based browser with Google telemetry removed, by independent developers. Widely audited. Good for everyday tasks, but you’ll need to download updates manually from GitHub. Also install uBlock origin (ublockorigin.com). For everyday tasks and privacy, Ungoogled Chromium is the golden mean. It behaves exactly like Google Chrome, but without the Google ecosystem.
|
||
|
||
https://github.com/ungoogled-software/ungoogled-chromium-windows for Windows.
|
||
|
||
https://github.com/ungoogled-software/ungoogled-chromium-debian for Linux (Ubuntu).
|
||
|
||
**c)** `Librewolf (customized Firefox)` — open-source Firefox-based browser with Mozilla Firefox telemetry removed, by independent developers. A “privacy Firefox out of the box”: download and run. Widely audited. Convenient. Supports auto-updates (check the box during installation). Comes with uBlock origin built-in. Librewolf is great, but sometimes due to semi-aggressive settings some streaming sites may break or not open (rare, but happens).
|
||
|
||
https://librewolf.net/
|
||
|
||
https://codeberg.org/librewolf
|
||
|
||
**d)** `Cromite` — open-source Chromium-based browser with telemetry removed, by independent developers. Widely audited. Suitable for everyday browsing, but note: very aggressive blocking of trackers and telemetry. Built-in AdBlock. Some sites may break. In Cromite it happened to me more often than with the browsers above. Logging into Google was painful. But Cromite gave me the best “browser fingerprint” privacy test: even my PC hardware wasn’t detected — everything was “clean” out of the box.
|
||
|
||
https://github.com/uazo/cromite
|
||
|
||
These browsers won’t attract attention from the ISP because the ISP only sees the engines they use: Chromium (Google Chrome, Ungoogled Chromium, Cromite) or Firefox (Mozilla Firefox, Librewolf). Only you can see which specific browser you use.
|
||
|
||
### 4. DNS resolver.
|
||
|
||
With regular DNS (1.1.1.1) before opening a site we contact a DNS resolver, and it sees where we are going. Any DNS resolver operator can see all DNS queries and answers (which domains you resolve). From these records it’s possible to learn what you intend to connect to.
|
||
|
||
What happens if you use encrypted DNS-over-HTTPS (DoH) instead of regular DNS 1.1.1.1 (plain text)?
|
||
|
||
Now the ISP can’t see the domain/site name you connected to. The ISP sees only that you established a connection to the IP address of the DoH/DoT resolver (and traffic volume/time).
|
||
|
||
But the DNS resolver still sees the domain name + IP, because you pass DNS queries through it; even encrypted, it receives and decrypts them.
|
||
|
||
### Conclusion.
|
||
|
||
**To feel free and confident online, these help:**
|
||
|
||
`DNS-OVER-HTTPS (DoH)`
|
||
|
||
➕
|
||
|
||
`The right search engine: Google or Duckduckgo` (not Yandex)
|
||
|
||
➕
|
||
|
||
`Safe/independent browsers: Mozilla Firefox at minimum; Librewolf, Ungoogled Chromium, Cromite at maximum` (never Yandex Browser)
|
||
|
||
---
|
||
|
||
|
||
**The information will be expanded and clarified over time.**
|
||
|
||
</details>
|
||
|
||
##
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExZXJoeTEzZ3FtcGNrdmo2ZnFocDUwOTVvYmdjNWRnaWMwNHozMWN1YiZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/ZcdZ7ldgeIhfesqA6E/giphy.gif" width="25"> Share subscriptions!
|
||
|
||
## Use the internet freely and responsibly!
|
||
|
||
## 🔖 License
|
||
|
||
GPL-3.0 License. You can read it in the [`LICENSE`](LICENSE) file.
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExM2wwMmJ3bDZvMWV2b2JraXZ4ZWk2Y2I5ODYyZ2M2aG5mMHc5ZW81ZyZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/ME8P6ce7Mn3gnRbird/giphy.gif" width="30"> Support the author
|
||
|
||
**The project is non-commercial and based on the author’s personal enthusiasm.**
|
||
|
||
**If you want to support it — you can do so via a cryptocurrency transfer.**
|
||
|
||
**Funds will go toward continuing and developing this work.**
|
||
|
||
**Thanks in advance to everyone who cares!**
|
||
|
||
<details>
|
||
<summary><h3> 💳 Wallet addresses 💳 <h3></summary>
|
||
|
||
Choose any cryptocurrency you prefer and copy its address. Send only to the wallet that matches the coin; otherwise funds will be lost.
|
||
|
||
| № | Coin | Address |
|
||
|--|--|--|
|
||
| 1 | `Bitcoin (BTC)` | `18vVz4UzFdxCGnCnAzJtXv6ECsh32ff9VT` |
|
||
| 2 | `Ethereum-based_coins(ETH): Ethereum (ETH), USDC (ETH), USDT (Ethereum ERC-20), Shiba Inu (SHIB)` | `0xfc668016a823f3EE53d2F3009547666A2BdaBd32` |
|
||
| 3 | `Tron-based_coins_(TRX): Tron (TRX), USDC (TRX), USDT (TRX)` | `TLnzF6NYgyqBHJMM2qByMXEHLBWNhBWcJ1` |
|
||
| 4 | `Toncoin-based_coins_(TON): Toncoin (TON), Notcoin (NOT), Hamster Combat (HMSTR), USDT (USDT-TON)` | `EQAGbSuckE93yiACSENJGo8WuRq474Wba1J4yCF1Q59xsL0k` |
|
||
| 5 | `Litecoin (LTC)` | `LcHbh84V5PgWk1gTzjGWeef6NQT4MwE9RK` |
|
||
| 6 | `Ripple (XRP)` | `rNaKXrfLGsAVvA8JMr9dApMgCNzFmPbvTR` |
|
||
| 7 | `Monero (XMR)` | `47uvnonFqbyHMRrZadCAAvL2q9ed476PKdGtbLxXeUj1fs7gtPZ6mx3BeRBd2JM6Wmc16tN7K3ZcDMfds3cE8NaMCgAbD5Q` |
|
||
| 8 | `ZCash (ZEC)` | `t1cjEDjtLxatccB6o1pUPxb3pMByCz1L5Ct` |
|
||
| 9 | `Dogecoin (DOGE)` | `DRNBruzYDv5vWEz1ndGDjywqugVhd2Zmbm` |
|
||
| 10 | `Solana (SOL)` | `Hxm9MjxfD1LNKaWuiFFLzBDTR5CnJSty7gRnkTfubiWj` |
|
||
| 11 | `Stellar (XLM)` | `GDRN4K4VDDGNFIWJ3BAN7KL7576764RN44TBHTXYJIXMLK7RNP4UTSJ6` |
|
||
| 12 | `Cardano (ADA)` | `addr1qxpw4m02auvmrfee3suz98tvj82cm4mpfllvyda8fz004j40dpemdcuzntj5ykxwv2x6azyp982stfxegm9zvl9kf74s309qhu` |
|
||
| 13 | `NEAR Coin (NEAR)` | `d9cba0ec6233589267f43b91d8c156efb7fcd0a0177d7e8a34f7b791a61e7e35` |
|
||
|
||
|
||
</details>
|
||
|
||
> *Click the arrow to expand the list*
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3ZmJ4anB6YjR3aWJpaTRvYzUzejY1dmwzN2c2M3c2NnV0MXUwM3RrcyZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/acN91ftm1tJX23OOBx/giphy.gif" width="60"> Contact email: igareck@proton.me
|
||
|
||
## 👀 Visitor count
|
||
<img src="https://komarev.com/ghpvc/?username=igareck&label=Visitors&color=0e75b6&style=flat" alt="Visitor Count" /> <img src="https://visitor-badge.laobi.icu/badge?page_id=igareck.visitor-badge&left_color=black&right_color=green&left_text=Cyber+Hits" alt="Cyber Hits"/>
|
||
</div>
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExa2RkeXZzdDl1Y3g4dW1xcjFxc2xsMHVsZ2RiY243OHJodjd0cHQ1NSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/qXp82ZL3eZbbTUrLyy/giphy.gif" width="30"> <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExa2RkeXZzdDl1Y3g4dW1xcjFxc2xsMHVsZ2RiY243OHJodjd0cHQ1NSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/qXp82ZL3eZbbTUrLyy/giphy.gif" width="30"> <img src="https://media.giphy.com/media/v1.Y2lkPTc5MGI3NjExa2RkeXZzdDl1Y3g4dW1xcjFxc2xsMHVsZ2RiY243OHJodjd0cHQ1NSZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/qXp82ZL3eZbbTUrLyy/giphy.gif" width="30">
|
||
<a href="https://www.star-history.com/#igareck/vpn-configs-for-russia&type=date&legend=top-left"><picture><source media="(prefers-color-scheme: dark)" srcset="https://api.star-history.com/svg?repos=igareck/vpn-configs-for-russia&type=date&theme=dark&legend=top-left" /><source media="(prefers-color-scheme: light)" srcset="https://api.star-history.com/svg?repos=igareck/vpn-configs-for-russia&type=date&legend=top-left" /><img alt="Star History Chart" src="https://api.star-history.com/svg?repos=igareck/vpn-configs-for-russia&type=date&legend=top-left" /></picture></a>
|
||
|
||
## <img src="https://media.giphy.com/media/v1.Y2lkPWVjZjA1ZTQ3Z25rOXRoeW1xODR1dWh2b3UycTd6YnB0Y2hlMTZtaDluZW1uNnl4ZyZlcD12MV9zdGlja2Vyc19zZWFyY2gmY3Q9cw/CeYEKonyFQyzWhxmvd/giphy.gif" width="40"> DISCLAIMER
|
||
|
||
> *The author is not the owner/developer/provider of the listed VPN configurations. This is an independent informational overview and test results.*
|
||
>
|
||
> *This post is not an advertisement for VPN. All material is provided for informational purposes only, and only for citizens of countries where this information is legal — at minimum for scientific purposes. If you are not allowed to read this — close this page immediately!*
|
||
>
|
||
> *The author has no intentions, does not encourage, promote, or justify the use of VPN or any other programs under any circumstances.*
|
||
>
|
||
> *Responsibility for any use of these VPN configurations lies with the user.*
|
||
>
|
||
> *Disclaimer: the author is not responsible for actions of third parties and does not encourage illegal use of VPN.*
|
||
>
|
||
> *The author is not responsible for the accuracy, completeness, or reliability of the published data. Any coincidences are random. All information is provided “as is” and may not reflect reality.*
|
||
>
|
||
> *Use in accordance with local laws.*
|
||
>
|
||
> *Use VPN only for legal purposes: in particular — for your online safety and secure remote access; and under no circumstances use this technology to bypass blocks.*
|
||
>
|
||
> *The project is non-commercial and free; all “payment” information presented here was found by chance somewhere online, copied “as is” as a possible example, and does not belong to the author.*
|
||
>
|
||
> *Tip: close this page, delete all VPNs from your computer, install MAX and Yandex on all devices so it “works” even in the parking lot, and use only internet resources that your ISP allows — you get it.*
|