Antizapret created to redirect only blocked domains to VPN tunnel. Its called split tunneling. This repo is based on idea from original AntiZapret LXD image
https://t.me/antizapret_support
- List of blocked domains downloaded from open registry.
- List parsed and rules for dns resolver (adguardhome) created.
- Adguardhome resend requests for blocked domains to python script dnsmap.py.
- Python script: a) resolve real address for domain b) create fake address from 10.244.0.0/15 subnet c) create iptables rule to forward all packets from fake ip to real ip.
- Fake IP is sent in DNS response to client
- All vpn tunnels configured with split tunneling. Only traffic to 10.244.0.0/15 subnet is routed through VPN.
- openvpn-dco - a kernel extension for improving performance of OpenVPN
- Multiple VPN transports: Wireguard, OpenVPN, IPsec/XAuth ("Cisco IPsec")
- Adguard as main DNS resolver
- filebrowser as web viewer & editor for
*-custom.txtfiles - Unified dashboard
- Optional built-in reverse proxy based on caddy
- Install Docker Engine:
curl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh
- Clone repository and start container:
git clone https://github.com/Murakumo-JP/AntiZapretVPN.git antizapret cd antizapret - Create docker-compose.override.yml with services you need. Minimal example with only wireguard:
services:
antizapret:
environment:
- ADGUARDHOME_PASSWORD=somestrongpassword
wireguard:
environment:
- WIREGUARD_PASSWORD=somestrongpassword
extends:
file: services/wireguard/docker-compose.yml
service: wireguard
depends_on:
- antizapretFind full example in docker-compose.override.sample.yml
- Start services:
docker compose pull
docker compose build
docker compose up -d
docker system prune -fBy default panels have following http ports exposed to internet:
- dashboard: no exposed port
- adguard: 3000
- filebrowser: 2000
- openvpn: 8080
- wireguard: 51821
- wireguard-amnezia: 51831
If you do not wish to expose ports to internet override them in docker-compose.override.yml.
In this example adguard and wireguard admin panels are removed from internet, and wireguard udp server is exposed:
services:
antizapret:
environment:
- ADGUARDHOME_USERNAME=admin
- ADGUARDHOME_PASSWORD=password
ports: !reset []
wireguard:
extends:
file: services/wireguard/docker-compose.yml
service: wireguard
environment:
- WIREGUARD_PASSWORD=password
ports: !override
- 51820:51820/udpTo enable https server and create self-signed certificates - add proxy container to docker-compose.override.yml
When proxy container is started, access services with https at following ports at your host ip:
- dashboard: 443
- adguard: 1443
- filebrowser: 2443
- openvpn: 3443
- wireguard: 4443
- wireguard-amnezia: 5443
proxy container is optional.
When you connected to VPN, you can access containers without exposing ports to internet:
- http://core.antizapret:3000
- http://dashboard.antizapret:80
- http://wireguard-amnezia.antizapret:51821
- http://wireguard.antizapret:51821
- http://openvpn-ui.antizapret:8080
- http://filebrowser.antizapret:80
git pull
docker compose pull
docker compose build
docker compose down --remove-orphans && docker compose up -d --remove-orphansRemove all settings, vpn configs and return initial state of service:
docker compose down
rm -rf config/*
docker compose up -d- ProstoVPN — the original project
- AntiZapret VPN Container — source code of the LXD-based container
- AntiZapret PAC Generator — proxy auto-configuration generator to bypass censorship of Russian Federation
- Amnezia WireGuard VPN — used for Amnezia Wireguard integration
- WireGuard VPN — used for Wireguard integration
- OpenVPN - used for OpenVPN integration
- IPsec VPN — used for IPsec integration
- AdGuardHome - DNS resolver
- filebrowser - web file browser & editor
- lighttpd - web server for unified dashboard
- caddy - reverse proxy
- No Thought Is a Crime — a forum about technical, political and economical aspects of internet censorship in different countries