Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Great Firewall of China: solutions?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Great Firewall of China: solutions?

I arrived in China for the first time in two years. This time a lot of things are blocked such as dropbox, no access to google for searches, could not get tor to install and work, etc.

What is the best/simplest/quickest way for a fix? I tried proxies but to no avail.

If the only solution is a vpn which works the best, fastest, and is cheap?

I am in Yiwu and Shanghai for the most part.

«134

Comments

  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2014

    said: could not get tor to install and work, etc.

    I believe Tor with bridges (especially obfs3 protocol ones) should work.
    Did you try to use bridges at all? https://www.torproject.org/docs/bridges.html.en

    Thanked by 1linuxthefish
  • cnbeiningcnbeining Member
    edited October 2014

    Well....

    Firstly, welcome to China. Hope you enjoy your time there.

    Some of the most popular solutions(and most of them are free, or would only need a little bit of your spare resources of your spare VPS, since you are here in LET) are:

    0.Change your hosts file.

    This should give you access to most of the Google services, except Youtube.

    https://github.com/txthinking/google-hosts

    Grearfire also provides some mirrors of Google, if you choose to trust them.

    https://github.com/greatfire/wiki

    1.Shadowsocks.

    https://github.com/clowwindy/shadowsocks

    Detailed instructions available in this link.

    2.Cisco IPSEC VPN.

    In particular parts of China, OpenVPN, PPTP, L2TP VPNs are blocked.

    Require KVM or Xen.

    3.goagent.

    IMHO this unusual restriction to Google is one unsuccessful try of blocking this tool.

    https://code.google.com/p/goagent/

    Any of these ways can be deployed in an hour, if you have some knowledge of Linux.

    Hope these would help.

    AND DONT FORGET TO HATE GFW.

  • said: What is the best/simplest/quickest way for a fix?

    Move. Or start a revolution to stop the censoring by a government. :P

  • Mmm... Can you try adding '0.0.0.0 gov.cn' to hosts file? It worked when I was on China. like 3-5 years ago.

  • zxbzxb Member

    Make a friend in a university with CERNET network and use vpn on that. Better if you can get ipv6.

  • netomxnetomx Moderator, Veteran

    I will go tomorrow to Shanghai. So OpenVPN on a port (443) will not work?

  • Welcome to china.

    To be honest, the simplest solution must be VPN. There are so many VPN providers in Shanghai.

    Thanked by 1netomx
  • netomxnetomx Moderator, Veteran

    @FirstVM_com said:
    Welcome to china.

    To be honest, the simplest solution must be VPN. There are so many VPN providers in Shanghai.

    OpenVPN? Softether?

  • belinikbelinik Member
    edited October 2014

    there was a few thread in the forum. i have tried most of them and find if you are only using it for the stuff you mentioned shadowsocks has the best performance out of all. pair it up with a japan vps and most of my issues are solved. best part about it is pairing it up with chrome/ff plugin and you can specify which website can use direction connection etc...

    socks 5 over ssh is most likely the fastest way to setup, deploy a vps, get bitvise client ... profit! but the performance is not as good.

    the trick is to find which vps provider works good with your isp

    @netomx openvpn is hit or miss.

  • Welcome to China!
    You can found the same thing on china .
    Like baidu.com for searches (you can use the fanyi.baidu.com to choose the language and you can use it to translate the website just input the link in the text box !)

  • @netomx said:
    I will go tomorrow to Shanghai. So OpenVPN on a port (443) will not work?

    Not at all.
    Not all the 443 was ban!
    You can use your own server with the ip who not use it for vpn

  • @netomx said:
    OpenVPN? Softether?

    I think not. They often provide their private vpn client.

  • @netomx said:
    OpenVPN? Softether?

    You'd better ask your chinese friends, they may help you a lot.

    1. No,

    Mmm... Can you try adding '0.0.0.0 gov.cn' to hosts file? It worked when I was on China. like 3-5 years ago.

    This would never work. I was in China 3-5 yrs ago, and that would do absolutely nothing.

    1. OpenVPN on 443 may work, if you use pre-shared key. The handshake process would be reseted though.

    It is believed that GFW has the ability to detect the fingerprint of OpenVPN from your traffic several yrs ago.

    1. SSH? Also, it is believed that GFW has the ability to detect the fingerprint of SSH port forward from your traffic around 2 yrs ago. Changing to some other random ports may fail, and lead to permanently ban of the IP address of your machine. So you do need more than good luck with this.

    2. Softether? They have multiple "donated" nodes, but just like using Tor, if you use this, you choose to trust a random server to hand over all your traffic. Of course you can build up your own server, but I haven't tried myself for I use Cisco IPSEC.

    3. Afraid that you would have slow speed connecting to websites in China and cannot follow Tyrant on Tencent Video? Use chnroutes, an automaticly PAC list to let your normal traffic bypass your VPN.

    https://github.com/fivesheep/chnroutes

    1. CERNET is a piece of awful garbage. Damned terrible peering with any other network (China Unicom, China Telecom, etc.), extremely limited on IPv4 traffic and speed, and not everyone can give you a public IP address, let alone it is against their AUP.

    And, no, you will not have IPv6 at your home or office like everywhere else in the world.

    1. You will hate Baidu, for its spiders are in China, and is quite stupid when coming to searching in any other language than Chinese.

    2. NEVER FORGET TO HATE THE GFW.
      **
      **AND REMEMBER, INTERNET FREEDOM DOES NOT COME FOR NOTHING. SO STICK WITH IT, DO SOMETHING FOR IT, AND IF SOMEONE DARE TO TOUCH IT, FIGHT FOR IT.

    Thanked by 1noisycode
  • netomxnetomx Moderator, Veteran

    @FirstVM_com said:

    They don't know about this stuff.

    @superwbd

    I just want WhatsApp and Facebook.

    Thanked by 1Pwner
  • mirrors worked fine, thanks for the pointer.

    2.Cisco IPSEC VPN.

    In particular parts of China, OpenVPN, PPTP, L2TP VPNs are blocked.

    any suggestion for best provider?

  • @netomx said:
    I just want WhatsApp and Facebook.

    ssh tunnel is more then enough for facebook(make sure to use alternative port). whatsapp is not blocked

    Thanked by 1netomx
  • rm_rm_ IPv6 Advocate, Veteran
    edited October 2014

    rm_ said: I believe Tor with bridges (especially obfs3 protocol ones) should work.

    Did you try to use bridges at all? https://www.torproject.org/docs/bridges.html.en

    Btw I'm not just asking this out of curiosity, I run one of these bridges myself. Seeing how this question/advice is so splendidly ignored by everyone in this thread + the topic starter, perhaps there's not actually any point in doing that, should free up some RAM on my VPS.

  • JyleeJylee Member, Host Rep

    belinik said: ssh tunnel is more then enough for facebook(make sure to use alternative port)

    ssh tunnel was blocked for some time, though it works now.

    Thanked by 1netomx
  • rm_ said: Btw I'm not just asking this out of curiosity, I run one of these bridges myself.

    Does it work? I seldom hear people using tor in China.

  • yywudiyywudi Member
    edited October 2014

    @netomx said:
    I just want WhatsApp and Facebook.

    Get a Japan VPS such as Linode Tokyo or Vultr, build shadowsocks in minutes, and use the shadowsocks client in Windows/OSX/Android, for my experience, it works well without any issue.
    and if you have an iPhone/iPad, I suggest Cisco Anyconnect app, you could also build the ocserv(OpenConnectServer) in an hour, it's a great solution in iOS device IMNO.

  • The fact these types of things still exist and are tolerated today are incomprehensible to me.

    If all else fails, you can just RDP to a box with Internet access outside China.

  • yywudi said: build shadowsocks in minutes, and use the shadowsocks client in Windows/OSX/Android, for my experience, it works well without any issue.

    This. Don't forget if you're using KVM or Xen (not OVZ) to use their advanced sysctl tuning setup to speed things up / adjust keepalive times, etc.

    Almost no overhead on Shadowsocks with 60Mbps down, 10 up.

  • netomxnetomx Moderator, Veteran

    @yywudi said:
    and if you have an iPhone/iPad, I suggest Cisco Anyconnect app, you could also build the ocserv(OpenConnectServer) in an hour, it's a great solution in iOS device IMNO.

    My plan is to use a openwrt mobile router. Will check shadowsocks

  • @netomx recall openwrt has plugin for ss.

  • netomxnetomx Moderator, Veteran

    @belinik said:
    netomx recall openwrt has plugin for ss.

    Will check, thanks

  • No, most of the Tor nodes are banned, and Bridges will be banned in a couple of hours after they first appear, so there 's almost no change you can find a Bridge working for you.

    You can use Tor under VPN, but that's Catch 22. :-D

  • netomxnetomx Moderator, Veteran
    edited October 2014

    Right now SSH + Squid is working, looking for a easier solution :/

    EDIT 1: Softether + IPSEC is working on China Unicom :D
    EDIT 2: Softether + IPSEC stopped working :/

  • @netomx said:
    Right now SSH + Squid is working, looking for a easier solution :/

    EDIT 1: Softether + IPSEC is working on China Unicom :D
    EDIT 2: Softether + IPSEC stopped working :/

    How long did you use it until Softether stopped working?

  • superwbd said: 2.Cisco IPSEC VPN.

    Require KVM or Xen.

    This is not fully correct. I will write the tutorial on how to setup strongSwan on OpenVZ in some days.

Sign In or Register to comment.