mungouk Posted December 5, 2019 at 03:30 PM Report Share Posted December 5, 2019 at 03:30 PM OK I know this has come up before, but in terms of the GFW and tech stuff generally, things change pretty quickly. I've been wondering for a while if it's worth setting up my own private VPN server in my mum's house back in the UK. The cat-and-mouse thing with my normal provider has become a pain in the neck recently (especially when all you want to do is benign stuff like read wikipedia and watch youtube). I presume there are fairly simple ways of doing this with something like a Raspberry Pi? Maybe even some off-the-shelf boot images? Does anyone have recommendations? I will be home over the Christmas holiday so this would be a good opportunity to get something set up. Quote Link to comment Share on other sites More sharing options...
889 Posted December 5, 2019 at 04:29 PM Report Share Posted December 5, 2019 at 04:29 PM I believe it's not just a question of having a server that's not on a black list but also disguising the traffic itself in such a way that it's not marked out as headed to a VPN. China's put some effort into technical ways of identifying VPN traffic: blocking certain servers is just one tool. Quote Link to comment Share on other sites More sharing options...
mungouk Posted December 5, 2019 at 04:32 PM Author Report Share Posted December 5, 2019 at 04:32 PM Hmm... I suspect they're not simply blocking IP addresses since I've been able to ping ones I've tested. Presumably modern VPN protocols hide their port numbers, or at last masquerade as port 80 to look like normal website requests. So they're doing deep packet inspection with their supercomputers or what? Paging @imron ? Quote Link to comment Share on other sites More sharing options...
889 Posted December 5, 2019 at 04:57 PM Report Share Posted December 5, 2019 at 04:57 PM Obviously they're not telling how they do the blocking. And obviously too the people that make a business of figuring out how to get around the blocking aren't talking, either. Quote Link to comment Share on other sites More sharing options...
mungouk Posted December 5, 2019 at 04:59 PM Author Report Share Posted December 5, 2019 at 04:59 PM Well, fair point. There must be white-hat hackers out there who have some idea, though. And yes, I suppose it's also obvious that they could just switch EVERYTHING off if they wanted to, given that these things come and go. Quote Link to comment Share on other sites More sharing options...
jannesan Posted December 5, 2019 at 05:31 PM Report Share Posted December 5, 2019 at 05:31 PM I am planning to try this the next time I am in China. I was thinking to try different setups, using both OpenVPN and wireguard. I have the OpenVPN up on AWS right now, would be interested to see it works for you. Probably it's better to self-host and use wireguard instead of OpenVPN as it is less used by VPN providers, but that's just a theory. @mungouk Pm me if you're up for trying it out. 2 Quote Link to comment Share on other sites More sharing options...
vellocet Posted December 5, 2019 at 08:51 PM Report Share Posted December 5, 2019 at 08:51 PM I remember several rounds of blocking ago, people with their own VPNs reported they got blocked, despite being the only person using the server. So they're doing deep packet inspection and can spot packets that aren't disguised. That's one reason you go with a commercial provider, they have to stay one step ahead. 1 Quote Link to comment Share on other sites More sharing options...
imron Posted December 5, 2019 at 08:52 PM Report Share Posted December 5, 2019 at 08:52 PM 4 hours ago, mungouk said: So they're doing deep packet inspection with their supercomputers or what? Yup. I remember reading something somewhere a while back that they do DPI with machine learning and a bunch of other things too. I haven't visited mainland China for a number of years so don't know how well a roll your own solution works. Previously I just used an SOCKS5 proxy over SSH (on a custom port) and modified the config options in firefox to send DNS requests via the proxy also. Don't know how well that still works these days, but it's trivial to try if you have ssh access to a box outside of China. 1 Quote Link to comment Share on other sites More sharing options...
DavyJonesLocker Posted December 6, 2019 at 04:09 AM Report Share Posted December 6, 2019 at 04:09 AM 12 hours ago, mungouk said: (especially when all you want to do is benign stuff like read wikipedia and watch youtube). You would wonder what they are afraid of especially with websites like wikipedia, dumb ones like YouTube(it's so politically correct anyway) Foreigners in China are not going to be persuaded by propaganda, and the amount of Chinese that will actually have the reading ability and inclination to start browsing overseas websites (predominately in English) is a tiny percentage of the population. In fact every Chinese person I know who has a great command of English never bothers checking overseas websites. Access to illegal online material such as drug's, promoting criminal activity, pornographic Quote Link to comment Share on other sites More sharing options...
mungouk Posted December 6, 2019 at 11:27 AM Author Report Share Posted December 6, 2019 at 11:27 AM 7 hours ago, DavyJonesLocker said: dumb ones like YouTube Well, for me it's a good source of UK comedy shows (when I can't get iPlayer to work), nature documentaries, video podcasts, occasional lectures and of course lots of Chinese learning videos. Quote Link to comment Share on other sites More sharing options...
jannesan Posted December 13, 2019 at 11:19 AM Report Share Posted December 13, 2019 at 11:19 AM Anyone else who lives in China and could help me test out two VPN setups I have running right now? One uses OpenVPN and requires you to download either Tunnelblick[0] (MacOS) or OpenVPN Connect client[1] (Windows), the either one uses Wireguard and you need the Wireguard client[2] for that one. The OpenVPN client and Wireguard are also available on mobile platforms. [0] https://tunnelblick.net/downloads.html [1] https://openvpn.net/client-connect-vpn-for-windows/ [2] https://www.wireguard.com/install/ 1 Quote Link to comment Share on other sites More sharing options...
feihong Posted December 15, 2019 at 04:41 AM Report Share Posted December 15, 2019 at 04:41 AM On 12/5/2019 at 2:52 PM, imron said: I haven't visited mainland China for a number of years so don't know how well a roll your own solution works. Previously I just used an SOCKS5 proxy over SSH (on a custom port) and modified the config options in firefox to send DNS requests via the proxy also. Don't know how well that still works these days, but it's trivial to try if you have ssh access to a box outside of China. This approach worked great for a good while but has been totally ineffective for the past few years. I haven’t tried it lately, but not much reason to suspect they would suddenly start allowing this again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.