New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
netomx:
You need to add the DNS entry to the shadowsocks, and enable forwrding DNS. Mine works flawlessly.
I don't know how to add dns forwarding to shadowsocks. please tell me how. shadowsocks doc is really lacking. i cannot see a list of all the setup options, etc.
thanks
How to set up ssh socks tunnel, could you give more detail,thks.
i presume that you have sshd running on your vps (default it will be running for any linux),
otherwise you will have problem getting to it unless using some panel.
download putty (google it).
in putty, connection->SSH->tunnels
source port 1080 (or whatever you want), click on Dynamic, click on Add
on your firefox (or whatever browser you use)
tools->options->advanced->Network->Settings
Manual Proxy Configuration
Socks Host 127.0.0.1 Port 1080 (or whatever you want)
Click on Socks v5, Remote DNS
OK
Then you are all set to go.
Perhaps you want to add something like FoxyProxy for easier control of all your proxies.
netomx:
sorry. my mistake. i had a bunch of proxies using FoxyProxy. somehow the only one that i did not click using remote host for dns lookup as shadowsocks.
now i did it. all is fine. just a stupid miss.
Welcome to China!
Thank you! I'm really enjoying it
I wrote a tutorial on Strongswan but only for KVM. Old thread on Strongswan and OpenVZ: http://lowendtalk.com/discussion/22542/openvz-vps-providers-that-have-working-pure-ipsec-capability
@bertan, IPsec on OpenVZ is broken. Well, it's not broken itself, but NAT doesn't work inside IPsec. The only way out of this problem is to use strongSwan with kernel-libipsec (userspace IPsec implementation), which requires recompilation.
Psiphon 3 is good!
I used "putty -N root@ipaddress -pw password-D 127.0.0.1:1080" to set up a putty client, then the scoket 5 proxy of firefox , and succeed.
Not always, and gosh it's slow....
Any tunneling via SSH may lead your IP address and/or port being permanently banned or worsen [2] .
It is possible to detect tunnel traffic from SSH[1], thus makes it possible to block SSH traffic regardless of port used[3].
References
[1] 谭小兵, 'SSH 隧道流量检测与识别技术研究', 2012.
[2] V2ex.com, '我的IP被封的经历 - 墙是如何封IP的 - V2EX', 2014. [Online]. Available: http://www.v2ex.com/t/72498. [Accessed: 17- Oct- 2014].
[3] Solidot.org, 'Solidot | SSH翻墙方式疑似遭到中国政府封锁', 2014. [Online]. Available: http://www.solidot.org/story?sid=32755. [Accessed: 17- Oct- 2014].
It appears that softether is working, at least in Beijing, of you change the SSL protocol
I know a VPN service that works incredible against the great firewall of China. I've been utilizing http://www.sunvpn.net/ It is completely operational from mainland China, connects from behind restrictive firewalls. This is super cool.
@cnbeining give a lot of ways to fight with GFW.
I have tried most of them.
vpn(pptp,l2tp,openvnpn)
shadowsock(replace vpn need a vps and to install software both server and client)
goagent(use google appengine like shadowsock)
Compare with them,I think the fastest and easiest and best way is pptpd vpn.
No need to install additional software for computer and mobile.Theyself support pptp.
If you need, i can provide a free account for you.
If you can, you can build a https proxy for youself to personal use.
The first problem which I encounter when helping someone to access the Internet within China mainland is the operating system used, very often it's a windows machine that has censorship built-in.
From our recent research we've figured out that dns hijacking is the preferred blocking method. With China Unicom, by simply switching to a honest dns resolver we've been able to access sites such as youtube.com with tls without having to route traffic through a proxy.
Of course it's preferrable to avoid leaks, so encapsulating the whole traffic is a good idea.
Take easy.
Use shadowsocks as VPN client.
Update your hosts file often, that can make you accessable to Google, FB and TWTR.
Dropbox really needs VPN. Chinese oversea-storage often use mega.co.nz because it is not blocked.
Maybe I can offer you my own DNS server, it is anti-poisoned... and my shadowsocks.
I'd like to help foreigners in China to fight against censorship.
Astrill.com promise that they Stealth VPN service (addon) will bypass the GFW. So maybe give them a try?
This doesn't make sense as he lives in North America.
There's DNS filtering. DNS over UDP was not reliable at all. DNS over TCP had a good time until being blocked as well, IIRC.
How about Softether over DNS?
They claim they do overcome GFW afterall...
If you want I can provide you an account from my own personal server for a limited time if you want to test if it works or not.
Update:(Worst case)
China Mainland is officially banning PPTP & L2TP. OpenVPN's handshake package would be dropped automatically. I am not 100% sure the influence regarding self-hosted PPTP VPN for none of my friends uses that...
Shadowsocks: PLEASE use AES! Reports had shown that RC4* and Table can be blocked by GFW. If you run SS on port 443 with AES, it is really hard to distinguish SSL traffic and SS.
For HTTPS proxy, you can try goagent's PHP mode over HTTPS.
Goagent's GAE mode has mixed reports, and, in my point of view, I do not like the result that GFW would ban all the IP addresses of Google, including their internal ones. Sure we can do better than that.
And, yeah, thank you for your kindness, but @msg7086 is right, I am in a country that respects freedom of speech now.
Tell them to uninstall those sick "safety" software provided by 360, Tencent and Baidu, etc. with this: https://github.com/SCFWSE/BlockChinaSoftware
(They may need access to Tencent QQ though...)
Also, tell them to stop using Chinese browsers. They ignore SSL warnings, which leaves them vulnerable to ISP-level MITM attacks. https://github.com/chengr28/RevokeChinaCerts
(Should they need 12306 to buy train tickets, whitelist it manually.)
GFW is poisoning UDP DNS packages. Use TCP or DNSCrypt instead.
Using VPN (e.g. SS), don't DNS queries go out encrypted over VPN as well?
SS is a proxy. And you may need to manually change your DNS server.
Is there a way to connect shadowsocks with a RADIUS server?
There needs to be a way to automate provisioning of new client accounts on a shadowsocks deployment.
Somebody bought that freeRadius module and wants to hit up the vpn market that just opened up with the stricter GFW? :P
Smart man...
the this new VPN + Proxy service, If VPN got block at port level, Proxy with port 443 is always working..
http://ppgate.com
EU and US citizens claming they hold the power over their governments.
Someone not watching the news.
https://www.dnsleaktest.com/how-to-fix-a-dns-leak.html - Windows likes to send DNS queries out on the actual network adapter when connected to VPN's, I don't think it does for PPTP/L2TP/IPSEC/SSTP but that's presumably because these are built into the OS so it knows it's a PPP/VPN connection
While Chinese government is providing a 2-year tour of jail for free or little charge for anyone who dare to raise questions like this...
man these chinese kids are killin us in the internet war games, are we going to fight back or what
man china is okay, but damn the air sucks bad. taiwan too. i rather stay in hongkong than china