Using US Company's VPN from China

[j.k.j.D.D.]

Hi,

 

I may be doing some remote work in China, and was wondering if anyone has any input on my situation. I will need to connect to the company's VPN in the US. Is there much of a chance that their VPN address will be blocked? If so, how could I work around it? Would I need to use a VPN within a VPN or something like that if it were to be an issue? I just want to have a Plan B in case I end up having problems connecting, thanks!

[889]

Actually your corporate VPN will more likely be blocked than some of the commercial VPNs that specialise in finding ways around the Chinese firewall.

 

My experience is that the ability to use a VPN seems to vary depending on where you are in China and on the local network that connects you. In short, what works one place may not work another, so you may have to wait till you're in China, though signing up for a VPN you can't access without a VPN is difficult, of course. And yes, it's possible that nothing may work.

[m000gle]

I have been in this exact situation, before, travelling in China while requiring periodic access to an institutional OpenVPN connection from my employer back home.

I had mixed success connecting to it: zero success while on the hotel Wi-Fi, for example, and this was a Western hotel which caters to business travellers; while experiencing nearly 100% success when using the same VPN on a mobile 3G/4G and regular local internet connection, in Beijing.

1. The fact that this VPN access is business/institutional, as opposed to public/commercial like most services used by expats, means the odds of it being blocked by IP address are slim to none.
2. The protocol used by your business/institution can, and likely will, still affect your ability to connect; but this is impossible to predict.  I assume any VPN worth its salt is using OpenVPN, L2TP, Cisco OpenConect etc., and is sufficiently secure; however, which protocols the Great Firewall is blocking via deep packet inspection (DPI) will vary depending on connection, location, timing, luck etc.
3. While business/institutional VPN access is in not illegal in China, per se, as its purpose is not explicitly bypassing the censorship apparatus and banning it outright would impede business more than is worthwhile to the authorities, don't expect any sympathy from your hotel, ISP, mobile carrier etc if/when your VPN won't connect.

In a nutshell: Your VPN will probably work, some of the time; but don't expect it to work 100% of the time, and have a (secure) contingency for the times that it simply won't connect.

 

I'm not sure whether this clears up the situation; but, should you have any additional (technical, anecdotal, political etc) questions, I'll do my best.

[ChrisOei]

Hm... If VPNs are iffy, what about SSH access to cloud servers?

 

I have some servers on Amazon EC2, Linode, Google Compute Engine, etc. and I was wondering if I'll be able to ssh into them.

 

Thanks in advance for any advice,

Chris

[m000gle]

SSH to your own private server, including Amazon EC2 instances etc., will generally have very good results.  Anything Google-based, however, is hardly worth trying given how essentially all of that company's websites/services have been blocked in China for ages.

 

The main downside of SSH tunneling or a private VPN server, for most users, is the complexity of initial setup and ongoing maintanence.  To put it politely, few are up to the task and most simply want somethinng "off the shelf" that" just works".

Consider this type of SSH tunneling to have all the same benefits and caveats as the business/institutional VPN access, in comparison to standard consumer products on offer; the only real difference being that the SSH protocol is somewhat less likely to get flaged and blocked than the others mentioned above.