VPN & GFW question
 

This is really for the geeks on the forum. Does China's GFW block SSH traffic these days?

I have no idea what "SSH" is, but most of the better VPNs are fairly reliable. That having been said, the net nannies have the means to bring any one of them to a stand still.

normal ssh block in China. you need use obscure SSH.
why not use VPN, youtubevpn.com

ssh is http://en.wikipedia.org/wiki/Secure_Shell

I heard regular VPNs (openVPN or PPTP protocols) get blocked a lot since last year. I can tunnel traffic through SSH on pretty much any TCP ports I want (port 443 for example, or even tcp/53 or tcp/179), and I want to know if there're any geeks at China who can comment on how viable this is through GFW.

openvpn can not use last year
pptp can use in some city in China
if you have iphone , cisco ipsec is better ways.
http://www.youtubevpn.com/index.php?...tent&cont_id=6

I am not a tech geek but my standard PPTP protocols did stop working so now I use IPSEC, UDP, L2TP protocols. I change my ports if the net nannies are really being a pain.

I also still use openVPN but change the ports if things get too slow.

(disclaimer: I have no idea what the above initials stand for, its the protocol's that my vpn gave me)

I regularly ssh out using port 22 when I am in China and found that it's more reliable than VPN (both PPTP and OpenVPN). VPN fails once in a while but I don't remember once that ssh didn't work. That said, my VPN and ssh service are from different providers so this could be one of the factors.

They do funny things to SSH like login flood it to cause it dropped the connection... hard to say what triggers it other than they are definitely doing deep packet inspection. The GFW is very sophisticated these days.

OK I'm here now and SSH tunnel works, at least on port 443 & port 53 (yes I'm pretty naughty). Haven't tried other ports yet.

During my last trip earlier 2013 my commercial VPN sucked big time. So far this trip my SSH tunnel to my own squid proxy running on Amazon EC2 works like a charm - it's even cheaper.

I don't think they will block SSH totally. They block UDP, so use TCP. They block certain ports, so use others (1194 is the obvious one to avoid). It is not in their interest to make online banking unavailable. That also uses SSH.
Also google for ' "Lantern", a software program funded by the US government that allows internet users to circumvent government censors, is spreading rapidly on the mainland as people seek access to websites such as Facebook, YouTube and Twitter.'

VPN service to access blocked sites
 

Does anybody have any recommended VPN software to recommend? I use it mainly for twitter or other blocked sites. I'm currently using TowerVPN and it's expiring soon. Wondering if there's anything better out there or I'll just continue with TowerVPN.

I'm using Express again (we had a thread about it several years ago and a bunch of us bailed to do reliability issues, but I've been quite pleased with them recently).

Four years in China with Witopia.

Every time the GFW adjusted their tactics, witopia would send an update OR if your area is experiencing special difficulties, their techs are always available to set you with a custom solution.

Wife never missed an episode of Good Wife, NCIS while I always got my netflix.

Thanks for the recommendations, will look through them.

Google has been blocked now for 4 days, & will probably be blocked for another few days. :confused:

Express has worked extremely well for me recently. I can't imagine not having a vpn any more.

Today (June 4) the censors have demonstrated that they can always defeat vpns when they care to crank things up.

Agree, when you see all the recent postings on the internet that is not suitable for people in PRC.

Not just internet, CNN-HK was blocked about 20 %, as of coverage of T sq.

and many 'brave' we-chat postings sensored. A cute math one, 6 4 + 25=89.
( the date + anv. years= year of event )

How about this one: 2 to the power of 6 !
The usual math symbol got translated to thumbs up which is not the meaning.

I have a small office with a server, firewall, etc. this has a PPTP vpn set up on it, and all traffic is tunneled through it. Any reason this would NOT work in Beijing and Shanghai?

Yes. If the censors decide to mess with pptp (seems to happen 2 or 3 times per year), you'll probably have problems.

China is always block VPN especially free VPN service, more and more paid VPN is blocked recently. you should buy multiple VPN accounts from several vendors so GFW can't block them all.

I was able to connect back to my office fine. Worked a treat. Your mileage may vary.

If anybody wants a 15% discount on witopia, just pm me.

Could you post a how-to for this process for Android and Mac? I have an Amazon account, but I have no idea how to set this up.

(not in China at the moment) Has the blocking really gone worse last few weeks? And are many VPN providers not working any more?

I have my own server in france. What would be the best way to tunnel traffic there? I already setup a OpenVPN connection, but as far is I know GF will block this traffic. Should I tunnel the connection through SSH or SSL?

I was a little surprised not to see more current info. (The VPN section in the top-level China FAQ leads to a thread that apparently no longer exists.) According to some other travel forums, various VPNs seem to work sporadically and get blocked and unblocked, so up-to-date information would be very helpful.

So, what do people currently recommend as the best VPN for China? This will mostly be for hotel wi-fi, but also for my new GlocalMe G2 4G mobile hotspot which I hope to use with my iPhone when out and about.

Express is reliable, and kind of fast (need to run speed tests frequently).

Thanks, I will start there. What do you think of the idea of needing to sign up with several in case of blocks? (Once you're there, it's pretty much too late.)

I already have one VPN, HotspotShield, to use over high-risk public wi-fi networks like cafes and airports here in the U.S., not sure if it works in China.

Express has never been completely blocked, to the best of my knowledge. While it's obviously easier to kick off things outside of China, signing up in China is also doable.

I don't understand this. VPNs are for several purposes:
1) Securing private data from a device in transit to a private network, over a public network
2) For bypassing firewalls
3) For protecting anonymity (from your ISP or from the websites you're visiting)

They are NOT for protecting data that goes over the public internet. If you are transmitting your data in such a way that it can be stolen, all the VPN does is push the point at which the data can be stolen from the coffee shop to after it leaves your VPN provider's network. You should use end-to-end encryption for all of your data that you care about, and in that case, it does not matter whether you are using a VPN.

It is always good to have multiple VPNs whenever you go into China. On my next trip, I will likely have:
1) OpenVPN to home server
2) Shadowsocks to home server
3) SSH tunnel to home server
4) ExpressVPN
5) VPN.ac
6) Psiphon
7) TOR
8) HK SIM card
9) AT&T SIM card

Overkill? Probably. But I'd rather have more VPNs than I need than need more VPNs than I have...

You really only need a single VPN. I can assure you that Express works well in Shanghai, and pretty well in Beijing. And, if you get a HK sim, you don't need a VPN. Tor is a waste of time these days.

That is complete overkill. One or two VPNs is enough. ExpressVPN and VPN.AC is a good combination. Actually one is enough but two is better if you are looking for the best speed and latency. TOR doesn't work in China unless you are running it through a VPN. VPN+TOR is very slow so not recommended unless you have a specific need for it (dark web). As for SIM cards I recommend the China Unicom "cross border king dual extra". It has reasonably priced data packages. http://www.cugstore.com/hk_en/prepai...vice-plus.html. I'm not sure about AT&T data roaming rates but probably much more expensive.

If you are looking for further information on VPNs please check my website www.tipsforchina.com. There is lots of information as well as promo codes, discounts, etc.

News article re VPN China in SCMP Sept 4 2017
 

I would expect all VPN's to be under even more pressure at least through Beijing regional ISP's, as we approach the Party Congress that starts on Oct 18. Internet security tends to get a lot tighter and some websites that are normally not blocked, may be.

Have Plan B's and Plan C's ready to deploy.

The crackdown on VPNs seems to be intensifying. Best to use a VPN provider based outside of China, some of which are still working very well.

I've got a CMHK SIM at the ready in case my preferred VPN fails or becomes too slow. HK$48 a day if I need a lot, HK$198 for 2GB/30 days otherwise, and HK$300 becomes HK$415 credit, which is a nice bonus.

That's a good idea. I used to use a prepaid one from CUHK that worked quite well. I think the data was HK $68 for 500MB (valid for 30 days) if I recall correctly. The data could be used freely between HK, Macau, and mainland. The SIM card had both an HK number and a China number, incoming calls were free in both HK and China.