Can't Access FreeBSD Packages Due to Filtering

[hbsd]

Hi, due to very heavy filtering in Iran, I cannot install/update/upgrade FreeBSD packages.
I found several FreeBSD mirrors with servers located in Iran, but even after configuring them, I still get no results. This is my conf:

/etc/pkg/FreeBSD.conf:

FreeBSD: {
  url: "pkg+https://mirror.0-1.cloud/freebsd/${ABI}/quarterly",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
FreeBSD-kmods: {
  url: "pkg+https://mirror.0-1.cloud/freebsd//${ABI}/kmods_quarterly_${VERSION_MINOR}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}

I even ran the command sudo pkg update -, but I got the message "0.0 k/s - stalled."
I tried using these two mirrors, but they didn't work:

mirror.mobinhost.com | powered by MobinHost

MobinHost public mirror archive

mirror.mobinhost.com

mirror.0-1.ir | powered by Sefroyek Pardaz

Sefroyek Pardaz public mirror archive

mirror.0-1.cloud

Someone told me that FreeBSD does this for security reasons and that using other mirrors is not possible.
Please let me know if you have any ideas about this issue. Is there a way to bypass this problem?
Access to a VPN is not available, and I can only solve the problem through a server located within the country. For programming languages and frameworks, I was able to find solutions, but there are no sanction-circumvention tools for this issue, and they do not support this operating system and its repositories.

Thanks

 

[SirDice]

Those aren't package mirrors.

 

[hbsd]

Those aren't package mirrors.

Thank you. Do you have any solution or suggestion for this problem? If you were in my situation, what would you do, considering that VPN services are also having serious issues...

 

[AlfredoLlaquet]

In those websites (they are not package mirrors, as previously established) there seems to be part of the FreeBSD base system in different formats, but I doubt that you can find the ports/packages there (they are probably too big). Anyway you can try to investigate further those websites and see what you can get from them by downloading this and that locally and then see what you can do from there. If you can contact those websites, maybe they can help you understand how can you use what they store.

Edit: You should somehow check if you can trust them. They are not official.

Another thing you can do is nothing. Make do with what you've got. FreeBSD is renowned for being a very robust system, so you probably can work with your current system for months or years without updating it.

 

[nxjoseph]

Maybe anti-DPI proxy solutions such as net/spoofdpi could help?

To put proxy in /usr/local/etc/pkg.conf:

           pkg_env: {
               http_proxy: "http://127.0.0.1:8080",
           }

 

[hbsd]

In those websites (they are not package mirrors, as previously established) there seems to be part of the FreeBSD base system in different formats, but I doubt that you can find the ports/packages there (they are probably too big). Anyway you can try to investigate further those websites and see what you can get from them by downloading this and that locally and then see what you can do from there. If you can contact those websites, maybe they can help you understand how can you use what they store.

Edit: You should somehow check if you can trust them. They are not official.

Another thing you can do is nothing. Make do with what you've got. FreeBSD is renowned for being a very robust system, so you probably can work with your current system for months or years without updating it.

Honestly, I don't trust any of the mirrors at all, but I'm really forced to use them. Even to install other tools like Laravel, I had to use a mirror, which is completely unsafe I've submitted a request ticket for FreeBSD packages to the support team of one of those sites. Thanks.

 

[hbsd]

Maybe anti-DPI proxy solutions such as net/spoofdpi could help?

To put proxy in /usr/local/etc/pkg.conf:

           pkg_env: {
               http_proxy: "http://127.0.0.1:8080",
           }

Thanks, I'll manually download the package with vpn on my phone and install it on the system to see what the result is...

 

[nxjoseph]

Thanks, I'll manually download the package with vpn on my phone and install it on the system to see what the result is...

Good luck, Maybe you could also try building it from ports tree if possible.

 

[AlfredoLlaquet]

Downloading a single package without its dependencies is going to be hard to install locally, but it can be a start. You download that package, try to install it locally, see what dependencies are missing, and then get the packages of those dependencies.

I'm talking very theoretically here. I have no experience in doing this and I wouldn't know how to do it right now without first reading the right section of the pkg man page and some others, I guess.

Edit: I'd also recommend that you to study that spoofpi util that nxjoseph pointed out. It seems like something very practical for your circumstances.

 

[hbsd]

Good luck, Maybe you could also try building it from ports tree if possible.

Unfortunately, the package is not available for download on this page (404 error):

https://freebsd.pkgs.org/14/freebsd-amd64/spoofdpi-1.1.3_1~9117419a62.pkg.html

Even the prerequisites for this package are not available too!
This was the only site which I could download.
Although I doubt such tools work, since almost all VPNs are down and only a few limited ones like npv tunnel and ha tunnel are working.

 

[nxjoseph]

Unfortunately, the package is not available for download on this page (404 error):

https://freebsd.pkgs.org/14/freebsd-amd64/spoofdpi-1.1.3_1~9117419a62.pkg.html

Even the prerequisites for this package are not available too!
This was the only site which I could download.
Although I doubt such tools work, since almost all VPNs are down and only a few limited ones like npv tunnel and ha tunnel are working.

I think that DPI tool is worth a try.

What version of FreeBSD are you running? I'll try to find a way.

 

[nxjoseph]

I uploaded spoofdpi.pkg to my google drive, this is for FreeBSD 14.3. I hope you can download from here: https://drive.google.com/file/d/17gdIbk9s64igg4xzaTP8QDbr-cqN5WVw/view?usp=drive_link

Try # pkg add <pkgfile>

# pkg info spoofdpi
spoofdpi-1.2.1_1
Name           : spoofdpi
Version        : 1.2.1_1
Installed on   : Tue Feb  3 16:06:15 2026 +03
Origin         : net/spoofdpi
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : APACHE20
Maintainer     : nxjoseph@protonmail.com
WWW            : https://spoofdpi.xvzc.dev/
Comment        : Simple and fast anti-censorship tool
Shared Libs required:
        libc.so.7
        libpcap.so.8
        libthr.so.3
Annotations    :
        FreeBSD_version: 1403000
        build_timestamp: 2026-02-03T13:02:16+0000
        built_by       : poudriere-git-3.4.4
        port_checkout_unclean: no
        port_git_hash  : 013f2d30b0
        ports_top_checkout_unclean: no
        ports_top_git_hash: 5acb5596b0
Flat size      : 11.0MiB
Description    :
SpoofDPI is a simple and fast anti-censorship tool written in Go that
bypasses Deep Packet Inspection (DPI) by splitting HTTPS requests into
chunks and sending the first byte separately.

 

[hbsd]

I uploaded spoofdpi.pkg to my google drive, this is for FreeBSD 14.3. I hope you can download from here: https://drive.google.com/file/d/17gdIbk9s64igg4xzaTP8QDbr-cqN5WVw/view?usp=drive_link

Try # pkg add <pkgfile>

# pkg info spoofdpi
spoofdpi-1.2.1_1
Name           : spoofdpi
Version        : 1.2.1_1
Installed on   : Tue Feb  3 16:06:15 2026 +03
Origin         : net/spoofdpi
Architecture   : FreeBSD:14:amd64
Prefix         : /usr/local
Categories     : net
Licenses       : APACHE20
Maintainer     : nxjoseph@protonmail.com
WWW            : https://spoofdpi.xvzc.dev/
Comment        : Simple and fast anti-censorship tool
Shared Libs required:
        libc.so.7
        libpcap.so.8
        libthr.so.3
Annotations    :
        FreeBSD_version: 1403000
        build_timestamp: 2026-02-03T13:02:16+0000
        built_by       : poudriere-git-3.4.4
        port_checkout_unclean: no
        port_git_hash  : 013f2d30b0
        ports_top_checkout_unclean: no
        ports_top_git_hash: 5acb5596b0
Flat size      : 11.0MiB
Description    :
SpoofDPI is a simple and fast anti-censorship tool written in Go that
bypasses Deep Packet Inspection (DPI) by splitting HTTPS requests into
chunks and sending the first byte separately.

I really don't know how to thank you. Thank you so much...
I downloaded it and I'm now installing and configuring it.

 

[Beastie]

Unfortunately, the package is not available for download on this page (404 error):

https://freebsd.pkgs.org/14/freebsd-amd64/spoofdpi-1.1.3_1~9117419a62.pkg.html

That's because this website (which is not affiliated with the FreeBSD project) has an outdated version.
It's currently 1.2.1_1, not 1.1.3_1: https://pkg.freebsd.org/FreeBSD:14:amd64/latest/All/spoofdpi-1.2.1_1.pkg

If you have access to FreshPorts, you can see which versions have recently been built for each ABI/architecture.

 

[sarahquartz]

"Hi, due to very heavy filtering in Iran, I cannot install/update/upgrade FreeBSD packages."

Same problem here in Russia, it got stuck at a certain percent of download, and was "stalled". At least my wireguard server still works, so installing wireguard-tools locally helped to mitigate this.

Posting this just to report that this happens in several regions now, in case anyone else stumbles upon this so it's easier for them to find this useful thread.