Jump to content
Chinese-forums.com
Learn Chinese in China

DIY VPN?


mungouk
 Share

Recommended Posts

OK I know this has come up before, but in terms of the GFW and tech stuff generally, things change pretty quickly.

 

I've been wondering for a while if it's worth setting up my own private VPN server in my mum's house back in the UK.  The cat-and-mouse thing with my normal provider has become a pain in the neck recently (especially when all you want to do is benign stuff like read wikipedia and watch youtube).

 

I presume there are fairly simple ways of doing this with something like a Raspberry Pi?  Maybe even some off-the-shelf boot images?

 

Does anyone have recommendations?  I will be home over the Christmas holiday so this would be a good opportunity to get something set up.

 

 

Link to comment
Share on other sites

Site Sponsors:
Pleco for iPhone / Android iPhone & Android Chinese dictionary: camera & hand- writing input, flashcards, audio.
Study Chinese in Kunming 1-1 classes, qualified teachers and unique teaching methods in the Spring City.
Learn Chinese Characters Learn 2289 Chinese Characters in 90 Days with a Unique Flash Card System.
Hacking Chinese Tips and strategies for how to learn Chinese more efficiently
Popup Chinese Translator Understand Chinese inside any Windows application, website or PDF.
Chinese Grammar Wiki All Chinese grammar, organised by level, all in one place.

I believe it's not just a question of having a server that's not on a black list but also disguising the traffic itself in such a way that it's not marked out as headed to a VPN. China's put some effort into technical ways of identifying VPN traffic: blocking certain servers is just one tool.

Link to comment
Share on other sites

Hmm... 

I suspect they're not simply blocking IP addresses since I've been able to ping ones I've tested.

Presumably modern VPN protocols hide their port numbers, or at last masquerade as port 80 to look like normal website requests.

So they're doing deep packet inspection with their supercomputers or what?

 

Paging @imron 🙂

 

 

 

Link to comment
Share on other sites

Well, fair point. 

There must be white-hat hackers out there who have some idea, though.

 

And yes, I suppose it's also obvious that they could just switch EVERYTHING off if they wanted to, given that these things come and go. 

 

Link to comment
Share on other sites

I am planning to try this the next time I am in China. I was thinking to try different setups, using both OpenVPN and wireguard.

I have the OpenVPN up on AWS right now, would be interested to see it works for you.

Probably it's better to self-host and use wireguard instead of OpenVPN as it is less used by VPN providers, but that's just a theory.

 

@mungouk Pm me if you're up for trying it out.

  • Like 2
Link to comment
Share on other sites

I remember several rounds of blocking ago, people with their own VPNs reported they got blocked, despite being the only person using the server.  So they're doing deep packet inspection and can spot packets that aren't disguised.  That's one reason you go with a commercial provider, they have to stay one step ahead.  

  • Like 1
Link to comment
Share on other sites

4 hours ago, mungouk said:

So they're doing deep packet inspection with their supercomputers or what?

Yup.  I remember reading something somewhere a while back that they do DPI with machine learning and a bunch of other things too.

 

I haven't visited mainland China for a number of years so don't know how well a roll your own solution works.  Previously I just used an SOCKS5 proxy over SSH (on a custom port) and modified the config options in firefox to send DNS requests via the proxy also.  Don't know how well that still works these days, but it's trivial to try if you have ssh access to a box outside of China.

  • Like 1
Link to comment
Share on other sites

12 hours ago, mungouk said:

(especially when all you want to do is benign stuff like read wikipedia and watch youtube).

 

You would wonder what they are afraid of especially with websites  like wikipedia, dumb ones like  YouTube(it's so politically correct anyway)

Foreigners in China are not going to be persuaded by propaganda, and the amount of Chinese that will actually have the reading ability and inclination to start browsing overseas websites (predominately in English) is a tiny percentage of the population. In fact every Chinese person I know who has a great command of English never bothers checking overseas websites.

 

Access to illegal online material such as drug's, promoting criminal activity, pornographic 

 

Link to comment
Share on other sites

7 hours ago, DavyJonesLocker said:

dumb ones like  YouTube

 

Well, for me it's a good source of UK comedy shows (when I can't get iPlayer to work), nature documentaries, video podcasts, occasional lectures and of course lots of Chinese learning videos.

 

 

Link to comment
Share on other sites

Anyone else who lives in China and could help me test out two VPN setups I have running right now?

One uses OpenVPN and requires you to download either Tunnelblick[0] (MacOS) or OpenVPN Connect client[1] (Windows),

the either one uses Wireguard and you need the Wireguard client[2] for that one.

 

The OpenVPN client and Wireguard are also available on mobile platforms.

 

[0] https://tunnelblick.net/downloads.html

[1] https://openvpn.net/client-connect-vpn-for-windows/

[2] https://www.wireguard.com/install/

  • Like 1
Link to comment
Share on other sites

On 12/5/2019 at 2:52 PM, imron said:

I haven't visited mainland China for a number of years so don't know how well a roll your own solution works.  Previously I just used an SOCKS5 proxy over SSH (on a custom port) and modified the config options in firefox to send DNS requests via the proxy also.  Don't know how well that still works these days, but it's trivial to try if you have ssh access to a box outside of China.

This approach worked great for a good while but has been totally ineffective for the past few years. I haven’t tried it lately, but not much reason to suspect they would suddenly start allowing this again.

Link to comment
Share on other sites

Join the conversation

You can post now and select your username and password later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Click here to reply. Select text to quote.

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...