New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Accessing HostHatch HK Windows RDP in Mainland China
bojackhorseman
Member
in Providers
Hello, I am a trader and require low latency access via RDP to my Windows Machine.
When I am in HK, I can use HostHatch's HK VPS server with 4-5ms latency. It is awesome.
I will be traveling to the Mainland soon.
Does anyone have experience if the IP address would be accessible through the Great Firewall?
How else should I be prepared? Should I setup my own Outline / WireGuard? I have used LetsVPN in the past - but the VPN providers is a cat and mouse game - and my intent is to only access my personal server via RDP - I am not really looking at circumventing the GFW to access websites etc (my HK phone still has unfettered access for that).
Thanks!
Comments
As far as I know, all VPNs with distinct characteristics are likely to be blocked by the Great Firewall; therefore, one must employ unconventional VPS methods to circumvent it. The reputable and stable provider that I am aware of is Just My Socks. however, you will need certain tools to connect this VPN to your Windows computer located in Hong Kong.
Any "VPN" type commercial solutuion from big companies are not goung to defeat the GFW. Use tools that are designed specifically for that, such as xray (linked for disambiguation) and shadowsocks. Naiveproxy works very well but cant to UDP.
For xray you can use the vless-xtls-reality chain but that requires you to have a direct connection to your server's IP. Using vless-tls-ws allows the use of a reverse proxy like cloudflare. Both works by mimicking web traffic, so you'll need a decoy website. Any website will do, even a simple "This site is in maintenance". This has a much stronger defence against GFW active probes. The latency is about 500~2000ms on first connect, then subsequent connects are usually below 250ms.
Shadowsocks works by obfuscating but isnt that good compaired to xray. But is the most simple to setup and still works now.
Naiveproxy goes a step further and directly uses the chromium network stack to send proxy traffic so it is virtually undetectable unless AI is involved. There were rumors about timing-based and packet-size-based detection but they are already mitigated.
Technicially you can also abuse cloudflare to host a vless proxy for you, but I do not recommend for obvious reasons. I dont even think it would be able to handle RDP messages.
I dont know if RDP supports proxies like this, but they do expose a socks5 and http proxy endpoints. I have been using nekobox as Android clients and it uses a VPN-backend. This captures even the pings sent from termux. Speedtest.net works normally which suggest UDP are going through.
Source: myself as a frequent tourist to China
Just use tailscale/zerotier/Cloudflare Zero Trust. I've used Tailscale personally and it was super easy to setup and no issues at all connecting to my home server. It is completely free and a lot easier to setup than xray/socks proxy.
Can it get pass the GFW especially as the current sensitive times tho? GFW has different strength on different dates and even different regions and ISPs.
Yes, the Tailscale website isn't even blocked. Every time I've traveled there it has had no issues. It just directly connects to the server. I was thinking that it may need to use Tailscale's DERP relay servers to bypass the GFW but nope.
You will not have any issue with RDP connect to a HK base VPS, but Hosthatch HK does not have a direct connection to China, it will route to somewhere else than route to china.
If you want normal latency to china you need to buy something that specifically mentions "CN2" which is at a much higher markup and usually limited to 5-10 mbits of bandwidth. Otherwise you will face random packet loss of up to 80% and/or routing through japan or lax for up to +100-200 ms of ping.
Hosthatch buys china transit through misaka in Japan and it frequently goes down.
direct chinese routing is expensive - if you use an IP that is whitelisted by gfw like a uni vpn then it lowers the latency is a pretty big way in my experience
This part is correct. This transit can go up to $40-50/Mbps. If I lived in China, I'd consider buying some sort transit that helps me live a normal internet life through there. However I have been to China with a SIM card (just like you), and the added few ms does not hurt that much. It's way better than the alternative. I was able to access my remote desktop and other servers just fine. Netflix, everything else worked, at top speed. The only problem would be gaming latency, but I was there for work related reasons and was not really gaming at the time.
Yeah this is just factually incorrect. Just like you claimed high steal in the other thread that we have steal happening all the time, yet showed zero screenshots of it.
Here is a screenshot of our Misaka uplink from the past 30 days. Where is yours?
OP: if you have CM, even from CN, you might not have much issues. But generally a HK SIM will better, just personal experience, as we make no guarantees of connectivity to mainland China.
Thanks @hosthatch and everyone in this thread. I have a few options to play around and see what works best for me. Great forum and community!
And again I don't have screenshots of the CPU steal because I'm not here to trash talk providers, so I don't go around compiling bullet proof evidence that a provider has problems. It doesn't exactly take 0 effort to log the performance of every single vps I use.
If it turns out that a provider has issues, I just switch to another one. This ticket that went unanswered should be proof enough that it did occur.
Where? Any proof? You have attached a bunch of communication, as you did before, yet 0 of that communication back up your words.
The request that you made to us, few Mbps to China for rainbow pricing, is not possible, as you figured out, not just by us but by anyone else. You didn't even get a response from one of the most major providers in the market because that's how ridiculous your request was.
Why don't you start sharing complete screenshots instead, that show I was completely polite to you in explaining how Chinese transit works, while you continue spreading lies like this one:
I don't know what my completely polite responses did to hurt your feelings, but the screenshot that you attached with packet loss from a few endpoints in China at peak times does not paint a complete picture (which you know, which makes it a fact that you are being malicious here)
FYI, if you think you are the first person who got the brilliant idea of abusing our Misaka connection purely for Chinese traffic while paying peanuts......well yeah.
We have measures in place that make sure abusers are put on a different path, or a different pricing level.
Like one of those threads here who are innocently looking for a provider with direct DTAG peering that also happens to offer BGP. Laughable.
GFW is blacklist and continuously updates, it won't block IP detected as VPN and connected in China. Probably speaking, you are safe.
The greater thing you need to worry about is the connectivity, you might need to check the route/latency from China to your server using MTR tools, such as ping.pe or ping.sx .
How does this not back up my words?
35% packet loss to China Unicom 58% to China Telecom. This is 2 out of 3 of the major ISPs in China.
I don't know how this can be construed as something other than the link to china going down. Hosthatch didn't lose connectivity to Misaka, it is Misaka that lost connectivity to China, so your screenshot of your uptime to Misaka doesn't disprove this. The end result is still Hosthatch losing connectivity to China.
My feelings are not hurt, and I am not doing this out of revenge. This is me sharing my factual experiences to other customers here.
I did not ask for rainbow pricing. I asked for a smaller amount of bandwidth at the same rates and not >100 mbit commits only suitable for vps providers.
And I did not even tell xTom what price I wanted?
I will stop talking about my experiences with hosthatch in the future, because I don't really care for this drama, and I am not here to ruin the reputation of any host, just giving people advice.
I will let that for the people to decide. Maybe I wrong, but just wanted to see some proof of this "downtime".
And no, some particular routes having packet loss (from ping.pe of all the tools that are available out there)....if that is your standard, then please hire someone who knows how this works. Starting with opening a map of China will help. You're sounding like an angry MJJ because of packet loss from certain endpoints.
Even after doing this for several years, even I have to realize that there are people out there who know far more than I do about particular markets or tech, and have to ask them nicely about it, and usually pay for their time.
I think you are just taking this way too personally and think that everyone that says something remotely bad about your service is out to get you.
Sure ping.pe isn't going to be 100% reliable, but it just doesn't get >50% packet loss by itself. When I trace to a vps with 100% CN2, it never gets more than 1% packet loss.
I realize that China transit is expensive and do not blame any budget host for not being able to provide it.
But I was providing honest advice to bojackhorseman.
I don't know if you saw, but it was the same 3 people. Maybe I am delusional and you can point it out though? You seem to be deflecting with something else pretty much every time I have asked for proof though. We've been here for nearly 14 years and made some un(fans) because of it, especially with my no bull way of speaking. Does that translate it into bad service? Probably not.
To certain endpoints.
Step 1) please open the map of China
Step 2) hire someone who knows the market. I know more than you about this particular market, but there are people who far more than I do.
The above is truly honest advice, since your use case, unlike the OP, is actually a business one, where you plan to spend actual money.
By claiming "it frequently goes down", and then providing complete evidence of such. Understandable.
Your best bet for reliable access will probably be using some kind of port forwarding service. There are Chinese services utilize private lines between SZ and HK that bypass the GFW. These are generally called IEPL or IPLC services. They allow you to port forward between a mainland IP with an exit somewhere in HK.
When I travel to Shanghai last year, latency is about 200ms to Hosthatch HK...quite slow ! Just need search somewhere for HK CN2 and installing Wireguard.
For HK: Try to not use any VPS without premium route to China.
Between 7pm and 12pm Chinese time (GMT+8) you will inevitably suffer from >50% packet loss when trying to access any western site (incl. HK), when using any ordinary VPS
the switches of the cheap networks can’t handle this amount of traffic
(if only 1 in 1000 Chinese people try to visit western sites in the evening, it’s over a million active users lol, it’s definitely more than that)
in Addition, the some of the Chinese ISP also artificially throttle their “normal” network to the west, forcing you to buy their premium traffic via CN2 etc., if you want to do business in China or need your employees connect back to your company etc.
China Mobiles consumer network has a good connection to HK, no premium network needed
China Telecom must go through CN2 or unusable
China Unicom must go through AS9929 or unusable
If you know someone in China or HK, ask them if they can provide you a proxy or VPN with a good route. Once you got through to HK via a high quality tunnel, you can then connect to your non-optimized HK VPS which is significantly cheaper than those who are optimized.
We did not have any optimized transit to China last year, so it should be much better now, but we make no guarantees for this.
Tencent cloud Shanghai to HostHatch HKG, acceptable since they have no guarantee, my 2 cents
buy dmit or misaka to port forward your hh 3389 port.
hello,i am from china,if you need any help,you can find me!
