The biggest hastle was that any persistent tunnel I would make over any protocol (I tried OpenVPN, WireGuard, SSH, Shadowsocks, etc) to any IP address would be blocked after (I think) 3 hours. This let them basically block any VPN that wasn’t already explicitly blacklisted outright.
My solution was to make a simple API on the server that got a new IPv6 address for the server and returned it.
There was a WireGuard server running on port 53 and listening from any incoming IP. On my devices I would call the API every hour when idle and change the IP in the WireGuard config. On Android I had a Tasker automation to do this and on my laptop a shell script on a cronjob.
wat