ExpressVPN down in China - What to use now?

[liuzhou]

The GFW has been upgraded and now can learn. When it identifies VPN traffic, it blocks it. The process is automated.

Interesting theory. But not borne out by the facts.

If they automatically blocked all and any VPN traffic the entire international banking system would collapse. As would international trade. As has already been pointed out.

Secondly, some VPNs continue to work, some work some of the time, some don't work.

[ChTTay]

Can anyone PM a VPN that currently works or might work out here?

PPPLLLLEEEEEAAAASSSSEEEE

I did just find out that the two services I signed up to are, essentially, the same service. In that they use the same "something technical". Doh!

[Kenny同志]

Roddy, I am sorry to bother you, but the unfollow button is unresponsive at my end. Could you please remove me from the list of followers of this topic? Thanks.

[yaokong]

I have a slightly different question, I have family all around Europe, is there a foolproof way to install a VPN server on their computers, which I can use to connect to from China? They are all Windows XP machines, most with fast internet bandwidth. Thanks!

[daofeishi]

Can anyone PM a VPN that currently works or might work out here?

PPPLLLLEEEEEAAAASSSSEEEE

Since you're asking so nicely

Witopia seems to be working, but you never know how long. They had a couple of days of downtime last year, if I remember correctly. The safest thing to do to prevent being shut out by blanket restrictions might be to buy server hosting and set up your own VPN.

[imron]

might be to buy server hosting and set up your own VPN.

There's even no need to buy server hosting (at least not initially) if you take AWS up on their free one year trial (see previous posts for link).

is there a foolproof way to install a VPN server on their computers, which I can use to connect to from China? They are all Windows XP machines, most with fast internet bandwidth.

If you're capable of installing VPN server software it's probably going to be easier to just do it yourself - get free (sort of) hosting with AWS, then install and configure VPN software such as OpenVPN or Freelan.

If you don't need a full VPN, and just want to browse overseas sites, you just need a machine you can SSH to and then tell your browser to use the SSH connection as a SOCKS proxy.

[ChTTay]

@Irom - At the moment that sounds a bit too much above my expertise. If I was on a WINDOWS pc/laptop here I would just try and learn it but I'm using UBUNTU. It's so much quicker on the netbook I have but I am still not in love with LINUX as an OS.

@daofeishi

Will try it!

[sthubbar]

imron,

Your SSH solution is a great idea. You are right that for much of my daily work it does not work because of http proxy restrictions.

As for setting up my own SSL bases proxy, based on one report from another technically proficient engineer. His personal SSL based proxy is also having problem as of about December 5th. It is possibly that they have found some sophisticated ways to detect VPN traffic more than just destination IP address.

BTW, also received this message from ExpressVPN saying it is fixed. It does work sometimes, though seems to hard fail after a period of use, unlike before where I could leave it on for days with heavy use and no issues:

------ Message from ExpressVPN ---------

We have great news regarding the recent blocking of VPNs in China, which also affected ExpressVPN. Our team worked day and night and just finished deploying updates to our servers to automatically solve these problems for most of our customers.

The ExpressVPN apps for Windows and Mac should now be working fine again in China. ExpressVPN for Android, iOS, and other devices should also work as usual.

In case you have already used any of the fixes we suggested in the past few days, feel free to return to the former settings that had worked for you. That means you should connect using the ExpressVPN app instead of the dialers or manual configurations we may have sent you.

In case you had switched the ExpressVPN app to "TCP" mode, please try switching your ExpressVPN app back to "UDP" mode in the "Options" menu.

[Matty]

I think they've just been brute-force blocking IP's not using some amazing new auto-ban method. Some of the services out there have been half banned, which means that if you spam connect enough times you'll eventually fall upon an IP that will connect. YAY!

And it's a little better than it was 2-3 days ago too, which leads me to believe the services are actively adding IP addresses which aren't instantly being blocked.

[sthubbar]

Matty,

I agree with you that the most likely answer would be that they are brute-force blocking IPs seems more likely than some amazing new auto-ban method.

What makes me think that here is more involved are the following observations:

• I have ExpressVPN configed to use static IP instead of name resolution so the destination has not changed, even though performance has gotten better over the last few days. If the server IP had been banned, this hard coded IP most likely would continue to be banned as opposed to a DNS name that could be updating.
  
• The email for ExpressVPN seems to indicate that they made a configuration change on their side and did not request clients to make any changes on the client side, so again indicates that something more/different than banned server IPs is involved.
  
• I have recently noticed many messages "Authenticate/Decrypt packet error: bad packet ID (may be a replay)" which have never seen before. These could be indicative of monkey business going on between client and server.
  
• And again, the report that private OpenVPN installations which have traffic levels so low as to be highly unlikely that they would be detectable unless maybe the protocol was being attacked.
  

Of course, this is now getting into the why's and how's of the problem of probably little interest to anyone beside me, and maybe imron.

[Matty]

Sthubbar,

Well, my knowledge of lower level networking is very limited, but it doesn't mean I wouldn't be interested.

An observation I just made is that an IP address I could not connect to this morning, that kept being reset, I am now, tonight able to connect to. This makes absolutely no sense to me that an IP address would be blocked this morning but not now, which leads me to believe there is something even more unusual going on.

I originally thought there was a list of IP addresses that are given and the client attempts to connect to 3 in any 1 connection attempt, I thought if I tried to connect to 1 enough times I'd be able to find a safe IP.

Is it possible the problem is at the ExpressVPN end? Have they reduced capacity and are rejecting extra connection for some reason? I've noticed they're also ignoring support tickets. The symptoms speak of GFW, but this...

Unless is possible they're somehow measuring and temp banning based upon extreme traffic and high connection quantities over a broad geographical area with secure connections to unknown services. ~ or something similar

[sthubbar]

FYI,

I live in Beijing and that is where my internet issues have been. Today, I'm in Shenyang and the Internet is great with VPNs working quickly. I wonder if up here in the cold they pay less attention. Might be worth buying and place up here, It's a quick 1 hour flight if we get the need to visit Beijing.

[gato]

The attached is a note on recent China GFW problems from a VPN provider. It says that the blocking is worse with China Unicom, whose coverage includes Beijing.

[sthubbar]

Gato,

Thank you for that note. It seems to confirm my guess that they have a way to do protocol blocking.

I noticed that they don't mention SSTP and this protocol does seem to be working from ExpressVPN.

[imron]

They also make no mention of standard SSH. I've been in touch with a friend in Beijing who I helped set up a similar solution to the SSH method I use, and he says it's still working fine.

It's interesting to note that the VPN guy mentions how close China is skirting the line between censorship and breaking the Internet for companies.

[hiten]

FYI, PPTP still works for me. At least that's the case for my provider.

[realmayo]

Guardian article here: http://www.guardian....nternet-control

China appears to be tightening its control of internet services that are able to burrow secretly through what is known as the "Great Firewall", which prevents citizens there from reading some overseas content.

Both companies and individuals are being hit by the new technology deployed by the Chinese government to control what people read inside the country.

A number of companies providing "virtual private network" (VPN) services to users in China say the new system is able to "learn, discover and block" the encrypted communications methods used by a number of different VPN systems.

[ChTTay]

In an email from my VPN provider (which hasn't worked for over a month! ahhg!) they mentioned that China "appears to have blocked openVPN" at the moment.

Someone mentioned PPTP still works above. I guess I might try that next...

[Matty]

I'm able to connect to ExpressVPN's many servers now, but there's a few issues...

I can't open www.chinese-forums.com on some

I can't use QQ on some.

Some other random sites wont open.

Connecting to the Australian server... gives me an IP in Shanghai?

These... I don't see how they could be influenced by the GFW, as my connection to the VPN is good and none of those sites are banned by the GFW.

[abcdefg]

Anyone had recent success with installing and using Tor inside China?