CONNECT is not required if using a Squid SSL Bump MiTM proxy. Squid can intercept HTTPS requests provided one generates a cert on the proxy and installs it in the OS or browser. The one thing that might stand out to the adversary is that this is a self signed certificate but that is not uncommon for developers to create. If people are interested I can post the config that includes commented steps for generating the certs. I'm not sure if it will fit in a HN comment however.
Either way, I agree Shadowsocks is another great option. The more options people have the better.
Outline on the other hand appears to be a service that someone would have to trust and pay for. Commercial VPN providers are a great targets for swooping up large swaths of dissenting citizens. I believe people should stick with tools they can entirely host themselves. Using a VPN provider is probably fine for things like Netflix region selection but very much not for subverting a states control. It's risky enough to pay for a VM. People outside of Iran could contribute VM's for this purpose.
I should also add for clarification that if going the Squid SSL Bump route, the VPS VM should only be hosting HAProxy using a Layer 4 TCP VIP and nothing else. HAproxy should be routing the Squid Intercept to a private home in the region of the VPS provider and outside of Iran. Using Squid from a VPS directly nearly guarantees one will experience non-stop Captchas.
Iranian HTTPS Client with cert installed -> HAProxy Layer 4 TCP listener on a VPS VM -> Squid SSL Bump running on a home router at someones house or business.
Also important is to not do any of this from a cell phone.
Either way, I agree Shadowsocks is another great option. The more options people have the better.
Outline on the other hand appears to be a service that someone would have to trust and pay for. Commercial VPN providers are a great targets for swooping up large swaths of dissenting citizens. I believe people should stick with tools they can entirely host themselves. Using a VPN provider is probably fine for things like Netflix region selection but very much not for subverting a states control. It's risky enough to pay for a VM. People outside of Iran could contribute VM's for this purpose.