this post was submitted on 04 Oct 2023
129 points (96.4% liked)

World News

32326 readers
458 users here now

News from around the world!

Rules:

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Varyk@sh.itjust.works 26 points 1 year ago (4 children)

China has been trying for a decade with zero success, best of luck

[–] makingrain@lemmy.world 22 points 1 year ago (2 children)

I spent years living in China. Do you really mean zero success?

OpenVPN stopped working in 2017. Deep packet inspection prevents the initial handshake. I hosted my own SS for a number of years before switching to wireguard, with more success.. however, they IP ban a majority of VPS IP ranges, so the providers Linode/DigitalOcean were messed up.

And everyone experiences VPN slow down during CPC conferences.

It can only be worse now.

[–] Varyk@sh.itjust.works 7 points 1 year ago (1 children)

I mean zero practical success in banning vpns or stopping vpns from functioning correctly, yes.

They scared non-technically-minded people who already didn't use vpns into not trying them, but everyone I know in China who used and uses vpns without a problem for years are still using them today.

I know nothing about running a server, I'm just talking about my experience from the user side of the equation.

[–] makingrain@lemmy.world 8 points 1 year ago (2 children)

Ah ok. Well, as I said I lived there for years and i'm telling you they can and do block VPN traffic (not all, another commenter mentioned Astrill) quite well. To say zero success is incorrect.

Location (and peering) might be a factor, so if you/your friends lived somewhere different to I your experience may differ.

[–] Varyk@sh.itjust.works 5 points 1 year ago

I mentioned astrill too, they do pretty well.

Vpns are working in Ningbo, Tianjin, urumqi, Chengdu, Beijing, Chongqing, Guangzhou, xian right now, idk, I haven't seen or heard of the problems you're describing, but I'm heading back over for the new year this year, so I'll check.

I think failing to block increasing, constant vpn use around the north, South, east, West, and center of a country for a decade despite constantly declaring vpns illegal and banned and stopped by government firewalls counts as zero practical success, yes.

[–] HipPriest@kbin.social 2 points 1 year ago

My sister still lives there and from what she says it's not too difficult. Some VPNs work, others are on the 'no longer work' list and at big events they mysteriously stop working.

She's not technically minded, she'll just be using an app.

[–] Anonbal185@aussie.zone 6 points 1 year ago* (last edited 1 year ago)

Are you hosting it through a provider such as AWS or Azure? That might be why. I had no issues when setting it up on my own.

I have 2x ISPS and through that multiple raspberry pis. Set up docker, then you can set up multiple VPNs (e.g. OpenVPN which I used just before pandemic) so after 2017. It always worked but these days I would also esim it - they can't block roaming mobile due to the way roaming works and the travel Sim prices are quite competitive these days.

Tldr no issues hosting on personal internet rather than through a cloud provider.

Example ones I use, simple to set up via docker files.

https://hub.docker.com/r/linuxserver/openvpn-as https://hub.docker.com/r/linuxserver/wireguard

[–] zephyreks@lemmy.ml 7 points 1 year ago* (last edited 1 year ago)

Yep, precisely this. It's extremely hard to block arbitrary internet traffic and everyone who thinks China lives in a propagandized bubble with no exit is deluding themselves.

FWIW, VPN enforcement is much more strict in Xinjiang and Tibet so I think Chinese authorities have the capability, they just choose to not exert it most of the time (to avoid an ever-escalating arms race lol).

[–] Darkassassin07@lemmy.ca 5 points 1 year ago* (last edited 1 year ago) (2 children)

Got any suggestions for software?

I run openvpn normally and I've tried shadowsocks but neither have gotten through the vpn blocks I've tested against.

[–] Gellis12@lemmy.ca 9 points 1 year ago (2 children)

Tor. It's free, it works, and there's nobody to sell you out when the cops come knocking.

[–] Darkassassin07@lemmy.ca 4 points 1 year ago (1 children)

I'm looking for something self-hosted for secure access to my LAN, not just to reach open internet unfortunately.

[–] Gellis12@lemmy.ca 1 points 1 year ago

If you're just looking for remote access, openvpn on port 443 should (in theory) be indistinguishable from normal https traffic.

[–] sangriaferret@sh.itjust.works 1 points 1 year ago (1 children)

Wasn't Russia able to block traffic from Tor?

[–] Gellis12@lemmy.ca 1 points 1 year ago

If they did, I haven't heard about it. China has been trying and failing to block tor for decades though, so I kinda doubt Russia managed to beat them to it overnight.

[–] Varyk@sh.itjust.works 6 points 1 year ago

Both astrill and protonvpn sashayed straight past the great firewall when I visited. There was some free Chinese vpn, greenvpn I think, that worked too, but was slow.

[–] residentmarchant@lemmy.world 4 points 1 year ago (2 children)

What's the reasoning for this? Surely it's not that difficult to block all traffic pointing to "vpn.protonvpn.com" (simplified url for the sake of argument)

Even if a VPN provider had 100 URLs to tunnel traffic through, they would all be found in a matter of time, no?

[–] apt_install_coffee@lemmy.ml 14 points 1 year ago* (last edited 1 year ago)

The difficulty is that a VPN isn't just a product like ProtonVPN, it's a huge family of software and protocols.

You can block vpn.protonvpn.com, but since most operating systems come with VPN functionality out of the box, you'd have to start listening to all traffic (not just DNS lookups) and blocking ALL packets that might be VPN traffic without causing regular disruption to non-vpn traffic.

TL;DR: it's easy to prevent unmotivated users from downloading a VPN app. It's practically impossible to block a motivated user from using a VPN, and they're the users you particularly care about.