Is it working in Russia? I'm Russian and basically every single person I know has and actively uses a VPN with no consequences. WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation. They only blocked a few largest providers, but that's seemingly it.
I'd be concerned there about the combination of "loggable" with "practically everyone breaks the law every day" (the latter is generally true in many countries, but not always in ways that are easy to record). You can get away with it but if you ever displease someone, then the consequences could show up suddenly then.
That's the regime that the vast majority of the world lives under now. You're almost certainly breaking the law in some way; we have a vast corpus of law that is usually unenforced until you draw the ire of some bureaucrat, politician, or law enforcement officer, and then they come down on you like a ton of bricks. The average citizen is usually counting on being boring, nondescript, and non-threatening enough that nobody bothers to call them on it.
Why else do you think actual policies change so much between presidential administrations (assuming a U.S. bias, but other countries have similar issues)? All the laws about cryptocurrency, DEI, greenhouse gas emissions, environmental regulations, etc. that the Biden administration cared about but the Trump administration is choosing not to enforce are still on the books. If Democrats ever get back in to power, people that are casting them aside under pressure from the current administration are likely in for a whole lot of pain. And likewise, during the Biden administration all the laws about immigration and federal control over the federal budget were still in force, and people who relied upon a friendly administration are currently going through a world of pain right now.
No, this is not the way it should be. If I were to rewrite the Constitution, one thing I'd put in is a feedback mechanism between legislation and enforcement, so that laws which are not enforced fall off the books, and it becomes illegal for the executive branch to choose not to enforce a law. That'd force the body of law to converge to what is a.) realistically enforceable and b.) what actually happens in practice, so that people can look at what their neighbors are doing and be reasonably sure that they're not breaking any laws by doing the same thing.
But in the absence of that, your best bet is often to still just look at what your neighbors are doing and do the same thing, because then you blend in to the crowd and don't attract attention.
> every single person I know has and actively uses a VPN
I do know people who use no circumvention methods: some are simply not sufficiently familiar with technologies (including older people, who seem to think that something is wrong with their phones), for others it is a mix of regular shying away from technologies and being worried that it draws the government's attention. And then there are those who appear to genuinely support the censorship (or whatever else the government does). I also hear of people switching to local services as the regular ones are blocked.
Anecdotal data is of little use to determine the extent though, and trustworthy statistical data may be hard to come by, but if you somewhat trust the Levada Center, their polls indicate that YouTube's Russian audience halved following the blocking, among other things. [0]
> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.
For both IPsec and WireGuard, I have both heard of the blocks [1] and observed those myself, particularly to servers across the border (which were otherwise available; there is a chance that I misconfigured something back then, but I recall it working fine with local servers). For IPsec, I have also observed blocks within the country (and RKN lifting those on request, confirming an intentional blocking that way, twice; also confirmed that those were for IPsec packets in particular, not any UDP). But possibly it does not affect all the foreign subnets: as with a recent blackout [2], when quite a few were affected, but not all of them.
> WireGuard also works just fine - I was able to selfhost and use it without any extra obfuscation.
Good for you. I have a few machines around the world (a truly geo-distributed homelab lol), and my node on a residental connection in Russia (north-west, no clue about other regions) has pretty spotty vanilla Wireguard connectivity to the rest of the world - it works now and then, but packets are dropped every other day. My traffic patterns are unusual compared to usual browsing (mostly database replication), and something seem to trigger DPI now and then. Fortunately, wrapping it in the simplest Shadowsocks setup seems to be working fine at the moment.
But yeah, can confirm, VPNs are ubiquitous and work reasonably well for everyone I know who still lives there. Although I think all decent VPN providers have measures against traffic analysis nowadays, as plain Wireguard is not exactly reliable.
Have you tried AmneziaWG? From what I know, it's specifically designed to bypass protocol-level blocking of WireGuard
> decent VPN providers
You'd be surprised by the amount of people I know who use random "VPN services" which are literally just WireGuard configs you can buy through a Telegram bot for like 100₽/month
Well... It all started from a single-location homelab 20-ish years ago, while I was still living at my parents' place (although I had a 1/4 stake in ownership). Then I moved around but kept the server at the old place and added a second machine. Just because I'm self-hosting my email, and residential connections aren't best in terms of availability I thought having a HA system would be fun and useful - and so it was (although not always fun, of course). Few more moves later, I've ran a bunch of servers on residential connections all around the world. Some were demoted to VPSes for consensus and backups, as I moved out, some are still there.
There's a Wireguard-based mesh (static routing, but declarative centrally managed setup using Nix) with Shadowsocks for traversing hostile borders. Runs a few private/personal services for myself, family, and friends - email, messaging, media library, the commonplace homelab stuff. Certainly not the best design - things never are, there's always room for more and more improvements, no matter how much you work on it, but I'm pretty happy with it overall.
There's no real reason why is it like this. I could've done it more conventionally and probably avoid a lot of downsides - but it's a fun little exercise that allows me to play with various technologies, and I like that the system is truly mine, hardware and premises it's on, all built by my own hands (random fun fact: I was a founding engineer at the ISP that two of my nodes are on).
tl;dr: Had a single home server, moved around and added a few more. No particular reason, it's just a fun geeky toy for me. :-)
