Markit

Well-Known Member
Sep 3, 2007
9,317
1,110
113
Karangasem, Bali
Using my VPN seems to get around this, which begs the question:
Why should I have to use a VPN to access legit websites when it wasn't a problem when I signed up?

I would suggest that Indo is using some sort of buffering system on all internet "grabs" to give their sclerotic computer systems time to vet all pages for "censored" material.

Hence the "time-out" and the work round with the use of a VPN solving the problem.
 

JohnnyCool

Well-Known Member
Jan 10, 2009
1,414
88
48
Sanur
Maybe you're right, Markit.
Telkom is definitely doing something that's impacting on my internet (even when it comes to weather sites).

I got an email from Telkom last night stating that "my problem" was now "fixed".
Guess what? It wasn't.
 

defrag

New Member
May 13, 2015
19
0
1
I haven't visited this forum for more than a year, so I'm sorry for bumping the topic but I think my post can be helpful for someone.
Before all, I'd like to say sorry for my English. Even I'm a bule but English isn't my native language.

I'm an IT technician guy who live in Indonesia for 3.5 years and trying to find a job here but have realized nobody needs an IT specialist from overseas. Hiring managers only :)

Telkom is definitely doing something that's impacting on my internet (even when it comes to weather sites).
You are right, they do. At least 2 things:
1. Intercepting all DNS requests (port 53 both UDP and TCP protocols) and redirecting to their own DNS servers. So that's why changing DNS settings won't help.
2. Using transparent proxying of HTTP traffic and adding their ads code to the end of HTML. These proxy servers are often overloaded or something else weird happen with them so sometimes we all are getting blank pages, missing pictures or just waiting for the server response so long. Before (like 2 years ago) this was often the reason of corruption of some resources like JavaScript, CSS code which could make some websites non-functional. The ad code addition itself also may cause of webpage code corruption so web browser unable to parse the webpage correctly.

Additionally, both of these things do the content filtering which block some "bad" websites such as reddit.com.

What we can do?
1. DNS. As I mentioned above, change DNS settings doesn't help. We need some DNS service that can operate on port different than 53. Unfortunately, Google doesn't provide such specific service for their public DNS service. But OpenDNS does. The problem is current OSes have no way to change the port for DNS queries.
But if u have a router running DD-WRT or similar firmware u can use OpenDNS servers by redirecting 53 port to another before Telkom will do the same, i.e. we are doing intercepting and redirecting of all DNS requests before Telkom. In our case we will redirect our requests to port 443, which is used for HTTPS traffic normally.
To do so, we must run the following commands on our router:
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 208.67.222.222:443
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 208.67.222.222:443
We can put these commands to startup script section in order to make the setting effective after reboot.

I'm using a Mikrotik router and we can achieve the same there using the following code:
add action=dst-nat chain=dstnat comment=opendns disabled=no dst-port=53 protocol=tcp to-addresses=208.67.222.222 to-ports=443
add action=dst-nat chain=dstnat comment=opendns disabled=no dst-port=53 protocol=udp to-addresses=208.67.222.222 to-ports=443

We can check our results using the following link: https://dnsleaktest.com/results.html
If we see servers related to Telkom, we did something wrong and still using their DNS. If we did things right, we must see that we're using OpenDNS servers.

We can also bypass this on device locally using DNSCrypt software. Here's the link: https://dnscrypt.org/
I hope u will be able to set it up by urself after reading the info on the website or additional googling.
This will apply only for the device where u gonna install this software while the solution above will affect on all devices connected to the router.

2. HTTP proxying. I thought the problem was gone as I stop to notice these nasty things about a year ago and was able to use all "bad" websites by manipulating with DNS using the settings above. Ads were gone, no more corrupted pages etc. But by the end of November, they started to do so again.
As other ppl here said before, all we can do with this is use VPN services.
The problem doesn't persist if we are using HTTPS websites (we see sign of 'lock' in the address bar and the URL starts with https:// ). It's because in this case the traffic between ur device and the web server is encrypted and Telkom isn't able so put their nose inside our traffic to see what we are trying to access and put there their ads. So, sometimes it can help just by changing the address from http:// to https:// . But not all websites support https protocol, so sometimes we can get unpredictable results by doing this. Some websites will redirect u back to http version or some resources on the webpage still can be linked to http address.
Firefox users can try to use addon HTTPS Everywhere which is trying to enforce every website to use https version if available.

Good news for Opera browser users. In actual versions of the browser they have added free VPN functional (actually this is proxy but they call it vpn). This affects only for Opera. But it allows u to bypass all the **** made by Telkom easy and for free. To switch on this function, u have to go Opera Settings, on the left click 'Privacy and security' and tick the checkbox 'Enable VPN'. After this, u will see the VPN icon on the left side of the address bar. Simply click on it and turn it on.
I'd recommend choosing Singapore as it usually gives the best response speeds. But in some cases u can find useful to choose another locations such as USA or Germany.

I think this is all I can tell u about the problem. If I will remember something that I have missed, will add it later.

Hope it will be useful for u guys! Good luck!
 
Last edited:

defrag

New Member
May 13, 2015
19
0
1
For the DNS link to work you give you need to remove "your" bit.

Change https://dnsleaktest.com/results.html

to

https://dnsleaktest.com

And to achieve the same as the above just use a proxy.
Thank you for the fix. The link was working for me showing the results straight away. But have tried it in another browser and got an error.
Unfortunately, I'm unable to edit the original post.

About use a proxy, sometimes it's hard to find a good proxy that won't slow down your inet. Sometimes ISP can block proxy ports. I've tried different options and these in my post were the most optimal for me.
 
Last edited:

Markit

Well-Known Member
Sep 3, 2007
9,317
1,110
113
Karangasem, Bali
I've been using the free SetupVPN now for about 6 or 7 months with no probs. And it's still free! Don't ask how they do that as there's no advertisement either...?
 

defrag

New Member
May 13, 2015
19
0
1
I've been using the free SetupVPN now for about 6 or 7 months with no probs. And it's still free! Don't ask how they do that as there's no advertisement either...?

selling your browsing history to companies who are interesting with such kind of data. like what websites are popular in a particular locations. probably they don't collect any private data

not bad choice if u aren't paranoid and don't do anything private-sensitive through this proxy (yes, this isn't a VPN).

For example, you can't download torrents using this 'VPN' or regular proxy in case if your ISP blocks such kind of internet usage as it doesn't apply on the system-wide level but works only in a particular web browser
 

ronb

Well-Known Member
Aug 14, 2007
2,241
56
48
Ubud, Bali
.......................
You are right, they do. At least 2 things:
1. Intercepting all DNS requests (port 53 both UDP and TCP protocols) and redirecting to their own DNS servers. So that's why changing DNS settings won't help.
2. Using transparent proxying of HTTP traffic and adding their ads code to the end of HTML. These proxy servers are often overloaded or something else weird happen with them so sometimes we all are getting blank pages, missing pictures or just waiting for the server response so long. Before (like 2 years ago) this was often the reason of corruption of some resources like JavaScript, CSS code which could make some websites non-functional. The ad code addition itself also may cause of webpage code corruption so web browser unable to parse the webpage correctly.

Additionally, both of these things do the content filtering which block some "bad" websites such as reddit.com.

............................................

Thanks defrag, an excellent account of what Telkom does. What you describe as 1) is often referred to as DNS hijacking. This is the first time I have seen anyone suggest using a different port for DNS - it is a clever solution but so far I have not done that.

VPNs do work, and many of us use them, but they reduce the download speeds by varying amounts. I agree that Singapore is a good destination for a VPN tunnel as download speeds are not reduced by too much.

So, oonce again, thanks for your contribution. :)
 

defrag

New Member
May 13, 2015
19
0
1
Thanks defrag, an excellent account of what Telkom does. What you describe as 1) is often referred to as DNS hijacking.
Yes, you are right. It is. I just tried to use simpler language and sometimes I'm experiencing hard times to choose right words :) such as instead of write 'adding their ads code to the end of HTML' probably better would be to say 'injecting their ads to the websites that we trying to open'.

VPNs do work, and many of us use them, but they reduce the download speeds by varying amounts. I agree that Singapore is a good destination for a VPN tunnel as download speeds are not reduced by too much.
If choose a good and fast VPN it will reduce the speed not more than about 10%. I have my own VPN server in one of datacenters in Singapore and I have tested the speed to SGIX (an Internet exchange point in SG) on my connection and got the following results: without VPN: 2.32 Mbps (the same speed to the nearest Telkom server), with VPN: 2.16 Mbps, i.e. around 7% slower. On 10 Mbps plan it almost not noticeable.
And Singapore is the best place as all local ISP are going 'outside' thru SG.

BTW, Telkom also often has issues at least here in Surabaya such as high pings to any host outside the city (+150 ms and higher). It slows down the speed significantly. As well as packet losses starting at one of host in the city.
But the traffic wasn't proxied for more than 1 year before this end of November, however it seems in other cities it still was effective due to posts in Internet. So, for me was only enough to bypass their DNS to be able to browse without restrictions, slow downs and ads injections.
So, oonce again, thanks for your contribution. :)
You are welcome! I will be happy if my post will help somebody. Since we all are far from our countries and good internet, maybe at least this will help us to feel little bit better about our internet experience :)