what is the most stable and fastest tunnel for a VPN? [closed]

Question

i live in Iran and is all u guys know our goverment is limiting the access to the internet and they are really getting serious about this.

so what the situation is right now : first of all we cant access most outside public ip addresses like and all of the popular platforms are filtered like instagram , whatsapp , youtube , twitter , telegram , and platforms other than social media's that so many people's work depend on it for instance i have to use gitlab for my work but its filtered and i cant use it without a vpn.

now this is just the begining a VPN alone does not solve our problem. for example if i went and bought a VPS on hetzner (which is located on germany) and run a VPN server on it i can only use that vpn for a couple of days and after few days its ip will be filtered because our internet providers have a masive program on detecting and filtering these vpn servers.

after discovering this i tried a diffrent approach: i would get a VPS which is located in my country (Iran) and this VPS will be accessable at all time because. and what i would do is that i would run a 6to4 tunnel from my iran VPS to my DE VPS and forward all traffic that comes to my iran vps to outside and eventually connect to a vpn server that is running on the iran VPS.

now this approach is fine but it would'nt work after a couple of week's when my DE VPS gets detected and filtered.

at this point i want to try even harder. i tried to use a reverse tunnel. i tried SSH reverse tunneling put since ssh doesnt support UDP (which my vpn runs on) i had to change my vpn protocol to TCP , but even though this worked it didnt give me a stable speed and more often it would just disconnect but itself (the vpn)

i tried using reverse UDP Tunnels i found on github (like FRP & udp-reverse-tunnel & UDP-Speeder) and they would give me a fine speed for a few months but now these reverse tunnels are failing me and dont give a lot of speed and connectivity. and i think this is becuase my iran VPS is having some limitation that i dont understand what it is , because sometimes when i change my iran VPS it works fine , sometimes when i get back at my old iran vps it works fine , sometimes they work fine at a spicific time of the day and then they would fail me again.

the VPN i use is OpenVPN on UDP. this was all of my experience with iran internet limitation and if you guys have any suggestions or anything that can help me i would really appreciate it. and no im not asking for "hosts/servers and product or resource recommendations" , im simply asking if there was a better method for me to have a better connectivity with a VPN.

oh and i forgot to mention that in iran our internet is behind NAT obviously. :)

thank you.

Answer 1

To answer your headline question (but this does not help you) - Wireguard is probably the most stable and fastest tunnel for a VPN. It is designed to be small and lightweight, and is the most performant VPN in most circumstances.

The problem you seem to be having is not so much the most stable and fastest VPN, but the VPN that is most likely to get through censorship. There is no single correct answer to this problem as it depends on the censor technology You likely can't avoid a game of wack-a-mole.

It would seem likely that more sophisticated /flexible protocols (like OpenVPN) will work better as you are not just trying to hide your location, you are trying to get round a country-level firewall.

You may have better luck using a VPN that uses TCP port 443 - this is likely to look like web traffic. While TCP is slower then UDP, it is arguably less likely to be censored and is likely performant enough.

If you are desperate, you might also look at a a VPN over DNS solution. These do use UDP, but are grossly inefficient. They are, however, relatively tricky to block.

Another question - do you actually need a VPN? If you are trying to securely web browse and you are able to use SSH to connect to another country, set your web browser to use SOCKS and use SSH to create the SOCKS tunnel. This is a proxy rather then VPN solution, so not all your traffic will go through it.

I believe that guys like Surfshark, NordVPN and ExpressVPN spend a lot of time trying to play the game of wack-a-mole for you to allow connectivity from countries that try and restrict your freedoms on the Internet.