Comment by ignoramous
3 years ago
> OP claims it's SNI based and not DNS based, so switching DNS providers likely won’t do anything.
All the apps listed do get past most rudimentary SNI-based blocks, incl GoodbyeDPI which is pretty sophisticated. One still needs DoH because (unencrypted) DNS is the weakest link.
Then that's not SNI-based blocking.
Simple SNI-based blocking implementation may not consider complex data like fragmented packet, so some solutions work.