this post was submitted on 04 Oct 2023
130 points (95.8% liked)
World News
32308 readers
841 users here now
News from around the world!
Rules:
-
Please only post links to actual news sources, no tabloid sites, etc
-
No NSFW content
-
No hate speech, bigotry, propaganda, etc
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
China has been trying for a decade with zero success, best of luck
I spent years living in China. Do you really mean zero success?
OpenVPN stopped working in 2017. Deep packet inspection prevents the initial handshake. I hosted my own SS for a number of years before switching to wireguard, with more success.. however, they IP ban a majority of VPS IP ranges, so the providers Linode/DigitalOcean were messed up.
And everyone experiences VPN slow down during CPC conferences.
It can only be worse now.
I mean zero practical success in banning vpns or stopping vpns from functioning correctly, yes.
They scared non-technically-minded people who already didn't use vpns into not trying them, but everyone I know in China who used and uses vpns without a problem for years are still using them today.
I know nothing about running a server, I'm just talking about my experience from the user side of the equation.
Ah ok. Well, as I said I lived there for years and i'm telling you they can and do block VPN traffic (not all, another commenter mentioned Astrill) quite well. To say zero success is incorrect.
Location (and peering) might be a factor, so if you/your friends lived somewhere different to I your experience may differ.
I mentioned astrill too, they do pretty well.
Vpns are working in Ningbo, Tianjin, urumqi, Chengdu, Beijing, Chongqing, Guangzhou, xian right now, idk, I haven't seen or heard of the problems you're describing, but I'm heading back over for the new year this year, so I'll check.
I think failing to block increasing, constant vpn use around the north, South, east, West, and center of a country for a decade despite constantly declaring vpns illegal and banned and stopped by government firewalls counts as zero practical success, yes.
My sister still lives there and from what she says it's not too difficult. Some VPNs work, others are on the 'no longer work' list and at big events they mysteriously stop working.
She's not technically minded, she'll just be using an app.
Are you hosting it through a provider such as AWS or Azure? That might be why. I had no issues when setting it up on my own.
I have 2x ISPS and through that multiple raspberry pis. Set up docker, then you can set up multiple VPNs (e.g. OpenVPN which I used just before pandemic) so after 2017. It always worked but these days I would also esim it - they can't block roaming mobile due to the way roaming works and the travel Sim prices are quite competitive these days.
Tldr no issues hosting on personal internet rather than through a cloud provider.
Example ones I use, simple to set up via docker files.
https://hub.docker.com/r/linuxserver/openvpn-as https://hub.docker.com/r/linuxserver/wireguard
Yep, precisely this. It's extremely hard to block arbitrary internet traffic and everyone who thinks China lives in a propagandized bubble with no exit is deluding themselves.
FWIW, VPN enforcement is much more strict in Xinjiang and Tibet so I think Chinese authorities have the capability, they just choose to not exert it most of the time (to avoid an ever-escalating arms race lol).
Got any suggestions for software?
I run openvpn normally and I've tried shadowsocks but neither have gotten through the vpn blocks I've tested against.
Tor. It's free, it works, and there's nobody to sell you out when the cops come knocking.
I'm looking for something self-hosted for secure access to my LAN, not just to reach open internet unfortunately.
If you're just looking for remote access, openvpn on port 443 should (in theory) be indistinguishable from normal https traffic.
Wasn't Russia able to block traffic from Tor?
If they did, I haven't heard about it. China has been trying and failing to block tor for decades though, so I kinda doubt Russia managed to beat them to it overnight.
Both astrill and protonvpn sashayed straight past the great firewall when I visited. There was some free Chinese vpn, greenvpn I think, that worked too, but was slow.
What's the reasoning for this? Surely it's not that difficult to block all traffic pointing to "vpn.protonvpn.com" (simplified url for the sake of argument)
Even if a VPN provider had 100 URLs to tunnel traffic through, they would all be found in a matter of time, no?
The difficulty is that a VPN isn't just a product like ProtonVPN, it's a huge family of software and protocols.
You can block vpn.protonvpn.com, but since most operating systems come with VPN functionality out of the box, you'd have to start listening to all traffic (not just DNS lookups) and blocking ALL packets that might be VPN traffic without causing regular disruption to non-vpn traffic.
TL;DR: it's easy to prevent unmotivated users from downloading a VPN app. It's practically impossible to block a motivated user from using a VPN, and they're the users you particularly care about.
I'm just a user, but afaik if the server you're routing through is outside of China, they have no right to block the traffic.
I think it's some international agreement that no country is allowed to block external traffic because that interferes in other countries' affairs something something, but I don't know the specifics.
Lmao.