VPN with endpoint on affected ISP + Installing the cert (which is linked in the issue on Bugzilla) should be the same as just using the affect ISP directly, shouldn't it?
Yeah, it should, unless this is only for residential ISPs, which I strongly doubt. I can't appear to find a Kazakhstan-hosted VPN however, did you find one?