All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
My GFW-mitigation strategy (and a technical question)
Based on the generous feedback of many posters here and even a generous donation from a VPN company, I want to tell everyone what I'm going to test out after I get to Shenzhen.
I'm going to pick up a RK3188 or 3288 Single-board computer with an ethernet port on it and flash Ubuntu to it. In the end, I may pick up several of these, since ideally there'd be one at home, one at work, etc.... This board will serve as my "internal server". I've also heard of people using aliyun images to host their internal server so that they can easily connect to a multitude of services from their aliyun instance, as the Aliyun instance is behind the firewall. (for example, assigning the aliyun instance as their gateway on all of the devices they would like to connect)
Software Configuration
Since I will have the SBC to connect to the VPS-Mesh, I will use tinc sent through stunnel or OBFSproxy3 on port 443 as https traffic. I do hope that you guys will vote in the poll on which is better and let me know your thoughts on that. The SBC will provide a gatewaay for all of the computers & phones & tablets and god knows what in my home to connect to.
As for protocols and stuff, I still want to try optimizing the routing. However, I do not know of the right tool to do it. Since I have 7 VPSes, I figure I should be able to somehow set them to route optimally for me. That is-- the server that can get the client the data the fastest based on myriad factors is the one that ends up being used. Does anyone here know how to configure that? I believe the term for it might be "bonding", but I really am not sure.
For reference, here is my list of servers:
**2x weloveservers.net** (Buffalo & LA)- Latency is quite bad as is throughput-- ~400ms avg & ~10-20KB/sec downloads. Peering is probably the issue here, but with GFW you never, ever truly know.
**2x (Chinese letters here) WIndows VPS in HK;** identical performance -- ping is rarely over 50ms and each connection gets me 100-500KBPS throughput. HK servers are molested less by GFW.
**1x ramnode.com Seattle** - Better than WLS Buffalo & LA, but still ~200-400ms & 20KB/sec in downloads. Peering is probably the issue here, but with GFW you never, ever truly know.
**1x digitalocean Singapore** - 100ms ping & maybe 100KB/sec in downloads
**1x Japan AWS** - haven't played with lately
Ideal Scenario
Ideally, my RK3288 SBC would take some sites on pre-defined routes (ex: pandora.com should only use one of the US VPSes) and on others it would be able to have some idea of which route is "ideal", or even be able to combine multiple VPSes connections as to provide better speed. I'm going to have a 1gbps internet connection in Shenzhen, and the GFW wants to stop me from enjoying it. Gotta prevent that!
Advice?
- This idea is19 votes
- crazy-crazy15.79%
- so crazy it just might work84.21%
- Tinc or OpenVPN19 votes
- Tinc42.11%
- Openvpn57.89%
Comments
'So crazy it just might work' generally only applies to firefights and car chases, not technology...
Gotta strongly disagree with you on that one Nekki. Examples:
-Skype
-Napster
-3d printing
-Collaborative office suites
-Wireless transmission of electricity
etc.....
I voted for so crazy it just might work mate. I'm actually in the planning stages of building something similar myself for a major project.
Which of those was crazy?
All of them, before they were commonly used technologies.
If you say so.
how old are you?
I'm 19, thanks for asking!
52
Setting up OpenVPN and obfsproxy is really easy on VPSes once you have the config files. I'm not sure about running using android sticks though, they're not cheap to start off with, and there is not guarantee whether it'll run the programs you want to you.
Chan,
Not an android stick, for the reasons you stated. Instead, an originally android but convertes to Ubuntu Linux android box.... The sticks don't have Ethernet ports, and sometimes lack adequate heatsinks. Actually on the topic of the sticks, I think they are overall fantastic hardware...... With pretty much abysmal software.
But hey, finding and solving problems and opportunities is a great way to make a buck! [From the airport lobby of Shanghai Hongquiao on his way to Shenzhen]
☺
Nekki: none of those things seemed magical or previously crazy to you? How about cell phones?
Not really. I don't think anything's been crazy since manned flight. Everything just evolved from things that existed.
I'd suggest you not to use tinc.
I've been using it for several months now (ver 1.1pre7 I think, the latest one) and the measured bandwidth has been very poor, even on a gigabit LAN I wasn't able to get more than 1MB/s.
Sometimes I also have to restart the service on some nodes because they wouldn't connect anymore. It also happens that the service will crash (segfault) when it is experiencing packet loss or loss of internet connectivity.
Maybe this is only the case for the 1.1 version, you're free to give it a try yourself. Good luck and have fun!
I am sorry, but can you explain what is this?
GFW
aliyun
SBC
VPS-Mesh
tinc
stunnel
OBFSproxy3
I think need to learn some google-fu mate.
It's not possible to know what topic author means. For GFW, for example Google says "Games For Windows" and "Global Force Wrestling" and many others.
Yup, he wants to talk Global Force Wrestling mitigation.
Everyone understood what the author means, except you.
Okay couple of the less googleable ones:
GFW = Great Firewall (of China)
SBC = single-board computer.
GFW is The Great Firewall [of China]
Ok.
Okay couple of the less googleable ones:
GFW = Great Firewall (of China)
SBC = single-board computer.
I am sorry.
Seriously mate, the Wikipedia page for 'gfw' you looked at has about 8 items listed, only one of which makes any sense in the context of the OP. Make a little effort.
I am not using wikipedia, because one day i've tried to edit one topic there, which lies in style "We are superb and others are sucks" and after a few minutes, some marketer from big company back this lie. There was many situations like it later. While social editing is a plus of wikipedia it's also a big minus of it. I can't trust "source of knowledges", when any noob and some crazy guy can write anything he want.
BTW, topic author may still mean something else. Even something not listed in wikipedia, you know
Look, you're lazy, just admit it, you could have researched and figured it out if you had a small amount of common.
Update:
Tomorrow I'm picking up an Rk3188 SBC and I'll put ubuntu on it. I've dropped my ramnode server, and will be dropping the servers in HK that I bought on Taobao-- I can't get ubuntu running on them well enough for it to matter. So, architecturally speaking, here's how it's going to look:
Clients <-> Asus AC66u (totally a dumb box due to usage of rk3188 as gateway) <-> Rk3188 SBC <-> Controller Node (A digitalocean VPS connected to the others trackin6g how long various transactions took in order to optimize future transactions) <-> Cloud of VPSes Consisting of: 1x digitalocean "droplet" at each location they offer; 1x free AWS node in Tokyo; 1 or 2 HK VPSes if I can find them actually capable of running ubuntu (sources/advice?) <-> Sites (optimized by VPS location-- ex: Pandora will use US VPS & by speed based on past results.
Did that make sense to everybody? I'm going to produce a graphical network map if this works out. It still fascinates me that I am able to AFFORD a global deployment as the one I am planning. I'm not a rich man-- the servers have just become very affordable!
Oh, and just since I am ambitious:
Future plans, if I can get this cobbled together--
P2P internode server architecture, so that the control node can be eliminated and the network will have multiple points of entry (making it harder to track)
Port-hopping
IPV6, including IPV6 inside IPV4 (this is a "for the hell of it" thing-- if you have ideas on practical uses, I want in!
BTW this is no longer just about my personal quest to have reliable non-chinese Internet in China-- this is a part of my ongoing series of projects that attempt to empower everyone. Beginning this project made me wonder "what if everyone had a server" and frankly it looked a lot better than a future that ends up dominated by central providers of cloud services. (ex: Google-- and for the record, I am a massive G-lover. This said, I think even some Googlers would argue that their corporation is becoming too central to net architecture.
I consider this project to be an open-source project-- I will be releasing the server and client images, and hardware specs as well. I don't plan to do any programming. Instead, I will cobble together pre-existing bits in novel ways.
Wish me luck!
Try Debian 7.
Profforg:
Why? I know ubuntu best at this point but As is probably pretty clear, I'll give anything a shot
.
Also, I think that the "1.0" edition of this suite will use Ubuntu's Juju. I think at this stage I'm pretty comitted to Ubuntu-- it's just got no rough edges, and is certainly stable & secure enough for my needs.
Plus, I know exactly where to get the rk3188 port & what to do with it once I have it. Can't say that for any other distro.
Also, I'm thinking of Ubuntu phone as a target client OS. Basically, I think I've bought into Ubuntu's vision of what a converged digital future could look like.