Unblock Websites Restricted By ISPs In Some Countries With GreenTunnel

GreenTunnel is a free and open source anti-censorship tool that bypasses deep packet inspection (DPI) used by many Internet Service Providers to block certain websites. The application can be used with a graphical user interface or from the command line, and is available for Microsoft Windows, macOS and Linux.

GreenTunnel CLI on the left and GUI on the right

So how does this unblock websites? GreenTunnel runs as a localhost HTTP proxy server that does the following.

For HTTP, GreenTunnel sends requests in 2 parts, for example GET / HTTP/1.0 \n Host: www.you as the first part, and tube.com \n ... as the second part. This way the Internet Service Provider (ISP) doesn't match the blocked word "youtube" in the packets, and as a result the data is not throttled or blocked.

In the case of HTTPS, the application splits the first CLIENT_HELLO packet into small chunks so the ISP can't parse the packet and find the SNI (Server Name Indication, an extension of TLS that indicates the actual destination hostname a client is attempting to access over HTTPS) field.

As for DNS (Domain Name System), GreenTunnel makes use of DNS over HTTPS and DNS over TLS to get the real IP address and prevent DNS hijacks.

It's worth noting that this won't work everywhere. The developer mentioned in a Reddit comment that this works for most ISPs in Iran, and that they also got positive feedback from people in Turkey and Russia. Some users on HN also commented that it works with KT ISP in South Korea, and with You Broadband in India.

GreenTunnel does not work to unblock websites in China. Also, it doesn't unblock websites that restrict access in certain countries, e.g. it doesn't unblock Netflix, Pandora, Hulu, etc. if they are not available for your country.

It's also very important to mention that GreenTunnel doesn't encrypt traffic like VPNs do, and it doesn't hide your IP address, so the Internet Service Provider can still see all your traffic! Don't use this if it can get you in trouble!

I would also like to add that I live in a country where ISPs don't block websites, so I couldn't try this software myself.

Download GreenTunnel

On the GitHub releases page you'll find GreenTunnel GUI binaries for macOS, Microsoft Windows and Debian-based Linux distributions (Ubuntu, Linux Mint, Pop!_OS, Zorin OS, and so on). There's also an AUR package for Arch Linux Manjaro users.

For installing the GreenTunnel command line interface, see the installation instructions on its GitHub https://github.com/SadeghHayeri/GreenTunnel#command-line-interface-cli (can be installed via NPM, Snap and Docker).

How to use GreenTunnel to unblock websites restricted by ISPs

GreenTunnel is available as a command line or GUI tool. The GUI is easier to use but it lacks some settings, for example it doesn't have an option to change the DNS server, there's no way to change the IP and port, etc.

To use the GUI, all you have to do is run it, then restart your web browser. The application automatically sets your system proxy to (so make sure you don't have something else running on port 8000). The system proxy is automatically disabled when you close GreenTunnel.

Chromium-based web browsers automatically use the system proxy (at least on Linux), so there's no need to change anything else if you Google Chrome, Chromium, etc. For Firefox, go to its Network Settings and set it to Use system proxy settings.

To use the GreenTunnel command line interface, run (this is an example, you can change the parameters):

gt --ip --port 8000 --dns-server https://mozilla.cloudflare-dns.com/dns-query

These are the available command line options:

$ gt --help
Usage: green-tunnel [options]
Usage: gt [options]

  --help, -h      Show help                                            [boolean]
  --version, -V   Show version number                                  [boolean]
  --ip            ip address to bind proxy server[string] [default: ""]
  --port          port address to bind proxy server     [number] [default: 8000]
  --dns-type      [string] [choices: "https", "tls"] [default: "https"]
  --dns-server    [string] [default: "https://cloudflare-dns.com/dns-query"]
  --silent, -s    run in silent mode                  [boolean] [default: false]
  --verbose, -v   debug mode                              [string] [default: ""]
  --system-proxy  automatic set system-proxy           [boolean] [default: true]

Just like the GUI, the command line utility sets the system HTTP proxy (to the --ip and --port you specify as arguments). Set Firefox to Use system proxy settings, which is available in the the Firefox Network Settings (there's no need to do this for Chromium-based web browsers), restart the web browser and you're done.