Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


China GFW OpenVPN censorship bypass methods
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

China GFW OpenVPN censorship bypass methods

No Obfsproxy and Stunnel. Are there other methods? Compatible for Android, Linux and Windows.

«1

Comments

  • bashlykbashlyk Member

    This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android

    Thanked by 1netomx
  • @bashlyk said:
    This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android

    I could not find a Linux client for ShadowsocksR.

  • @bashlyk said:
    This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android

    Does ShadowsocksR work with the Shadowsocks-Qt5 client?

  • bashlykbashlyk Member

    @kocamanyarrak said:

    @bashlyk said:
    This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android

    Does ShadowsocksR work with the Shadowsocks-Qt5 client?

    Don't know. Try to find out and let everyone know.

    Thanked by 1Ole_Juul
  • kocamanyarrak said: Does ShadowsocksR work with the Shadowsocks-Qt5 client?

    Great question. I think I'll Google that.

    Thanked by 1Lm85H4gFkh3wk3
  • 502loc502loc Member

    Thank you for asking questions
    in China. Openvpn is not a valid encrypted tunnel, when the GFW detects openvpn ip will automatically cut off, so in China, you can use the tunnel is limited to shadowsocks & shadowsocksr, there are similar to v2ray tunneling options like

  • qquccsqquccs Member

    You can use openvpn tcp port 25,
    This port is the mail sending port,
    So there is no interference in mainland China,
    Can be used normally!

  • TammyTammy Member
    edited May 2017

    kocamanyarrak said: Does ShadowsocksR work with the Shadowsocks-Qt5 client?

    ShadowsocksR is a mod of shadowsocks, if you disable all shadowsocksR features on your shadowsocksR server, shadowsocksR does same as shadowsocks, it will work well with Shadowsocks-Qt5 client,

    Personally, I recommend you to use shadowsocksR features.

    iOS Client: Wingy,Surge,Potatso,A.BIT.T,Shadowrocket

    Android Client:
    ShadowsocksR-Android:https://github.com/shadowsocksr/shadowsocksr-android/releases

    Postern(Do not support shadowsocksR):https://github.com/postern-overwal/postern-stuff

    NetPatch FireWall(Do not support shadowsocksR):https://play.google.com/store/apps/details?id=co.netpatch.firewall

  • The protocol of OpenVPN can be detected by GFW with DPI in 2013, so it won't work any more

  • dergelbedergelbe Member
    edited August 2017

    @lihanlin said:
    The protocol of OpenVPN can be detected by GFW with DPI in 2013, so it won't work any more

    Depends. I use OpenVPN quite often and it does work, but not everywhere. Last week it didn't work in Shenzhen, but worked in Zhuhai. Strangely, the simple PPTP worked. Some blocks are certainly regional.

    As a 2nd OpenVPN server I setup PiVPN on a Raspberry, will test that soon in China. On the RPi is also a Shadowsocks server. That usually always works.

    So I actually have no need for more connections, but it's fun to try and more options are better.

    To the experts here I wonder if this will work: SShuttle on the RPi and Ki4A as Android client. Anyone here knows?

    PS: The simple 'Lantern' works too.

  • im8aim8a Member
    edited August 2017

    For Linux users, check out python bash version, shadow socks electron or avenge.

    Also, u may use anyconnect in China

  • Here is a list of eight or more methods you can try. https://dcamero.azurewebsites.net/ The SSR article includes instructions for Linux client.

    Thanked by 1bashlyk
  • BAKABAKA Member

    Note that ShadowsocksR's original developer (breakwa11) has removed Github repos, after her personal info being revealed by someone using social engineering and threatened to expose even more private info.
    There are still some forks of ShadowsocksR on Github.

  • im8aim8a Member
    edited August 2017

    @dcamero said:
    Here is a list of eight or more methods you can try. https://dcamero.azurewebsites.net/ The SSR article includes instructions for Linux client.

    Nice tutorial!

  • @kocamanyarrak said:

    @bashlyk said:
    This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android

    Does ShadowsocksR work with the Shadowsocks-Qt5 client?

    No

  • dergelbe said: Strangely, the simple PPTP worked

    Because the gov cracks (if it can, especially on older Windows servers) the hashing used and then, in real time, decrypts your neat insecure PPTP tunnel :>

    qquccs said: You can use openvpn tcp port 25, This port is the mail sending port, So there is no interference in mainland China, Can be used normally!

    I mean, yea, that seems to work somewhat, but at the 17-20KB/s i see Ürümqi <-> Frankfurt this looks like shaping port based to prevent usage (CU) - on 53 i get nothing (dropped), on 1194 i get nothing (dropped, normal in XJ, never seem this work) and on 443 i get - what one assumes to be - full speed (~12Mbit to DE, notably this is CU telco, not end-user connectivity).

    In theory port 25 does not use SSL (or should) so it could be put into the DPI and dropped rather easily if encrypted (or, in fact, not containing mail headers) - the mail SSL ports are probably a better choice.

  • rm_rm_ IPv6 Advocate, Veteran
    edited August 2017

    William said: In theory port 25 does not use SSL (or should) so it could be put into the DPI and dropped rather easily if encrypted (or, in fact, not containing mail headers) - the mail SSL ports are probably a better choice.

    You can send STARTTLS on port 25, and that switches the connection into the encrypted mode. I wonder if there are tunnel implementations which simulate and mask under this. But of course the GFW can "allow" any mail port, while shaping it heavily, which will stay usable for transferring mail, but not for VPN usage.

  • That would solve something the Iranians had at a time (drop connection if direct on something that should actually be seen as upgrade from another one at the central ITC core); as that seems disabled now (or at least works to connect from Afranet to non-Google mailserver in EU) probably was not effective though.

    Also need to consider legal aspects; Beijing can just enforce disabling of all external mail via SSL if they have the desire for that, and force everyone to use local services or proxy/MITM...

  • Went to China for a visit over the summer. I had set up OpenVPN, SSH tunnel, and PPTP vpn before I left. I agree with dergelbe about the "regional" part. Sometimes all of them works, but if you move to a different 'province' I start to experience packet drop on the ssh tunnel, and openVPN will be stuck at retrieving server settings. Betternet is also intermittent and only usable in some areas. I stayed in a hotel for a few days that can strangely access google/gmail/youtube without any vpn at all. Strange.

  • dergelbedergelbe Member
    edited August 2017

    @EnumC said:
    I stayed in a hotel for a few days that can strangely access google/gmail/youtube without any vpn at all. Strange.

    Some 5-Star hotels in China have unblocked internet. They use a VPN I presume. But with the recent crackdown that might get less too.

    On my next trip I will try:

    • PiVPN (on a RasPi, should be same as NAS VPN I guess)

    • SShuttle (on a RasPi) - any feedback?

  • HxxxHxxx Member

    Don't bypass it, stay in your home. We don't need more china hitting the servers or over population good services.

  • WSSWSS Member

    @Hxxx said:
    Don't bypass it, stay in your home. We don't need more china hitting the servers or over population good services.

    If they stay in their home, that doesn't generally help overpopulation.

    Thanked by 1bugrakoc
  • @dergelbe said:

    @EnumC said:
    I stayed in a hotel for a few days that can strangely access google/gmail/youtube without any vpn at all. Strange.

    Some 5-Star hotels in China have unblocked internet. They use a VPN I presume. But with the recent crackdown that might get less too.

    On my next trip I will try:

    • PiVPN (on a RasPi, should be same as NAS VPN I guess)

    • SShuttle (on a RasPi) - any feedback?

    SShuttle won't work in some areas. The only sure bet would be shadowsocks. Install Tor with a list of bridges just in case if all else fails.

  • HxxxHxxx Member

    You got a point. Free boarding into the USA for Chinese citizens , better than increasing by 2x a day.

    @WSS said:

    @Hxxx said:
    Don't bypass it, stay in your home. We don't need more china hitting the servers or over population good services.

    If they stay in their home, that doesn't generally help overpopulation.

  • WSSWSS Member

    @Hxxx said:
    You got a point. Free boarding into the USA for Chinese citizens , better than increasing by 2x a day.

    @WSS said:

    @Hxxx said:
    Don't bypass it, stay in your home. We don't need more china hitting the servers or over population good services.

    If they stay in their home, that doesn't generally help overpopulation.

    wat

    Thanked by 1Hxxx
  • @EnumC said:
    SShuttle won't work in some areas. The only sure bet would be shadowsocks. Install Tor with a list of bridges just in case if all else fails.

    I am pretty happy with Shadowsocks, I just like some what if options. I don't think Tor on Android (that's what I use) can do bridges. I have the Tor client, but that never worked in China so far.

  • If they stay in their home, that doesn't generally help overpopulation.

    wat

    I think he meant, going out to the streets helps overpopulation. China has about 200,000 traffic dead a year.

    Thanked by 1Hxxx
  • it looks like that a new maintainer is working on a new branch of Shadowsocks R, which apparently it goal is to add more features.

    If anyone could shed some light on this branch, would be great.

    and this is the GitHub link: https://github.com/shadowsocksrr/shadowsocksr/tree/akkariiin/master

  • @williclarkam said:
    a new branch of Shadowsocks R....

    Can somebody please enlighten me. I am using Shadowsocks, and it work very well with good speed over the wall. But what are the differences to ShadowsocksR, ShadowsocksRR and KCPTUN?

    Is it speed? Or better hiding? Less throttling? Is there any point on upgrading my normal Shadowsocks?

  • @dergelbe said:
    But what are the differences to ShadowsocksR, ShadowsocksRR and KCPTUN?

    Is it speed? Or better hiding? Less throttling? Is there any point on upgrading my normal Shadowsocks?

    I think, Shadowsocks doesn't work well (or as intended) in China, because GFW is able to detect it, but shadowsocksRR can overcome this issue, and apperantly can be used without any problem whatsoever.

    ShadowsocksR was the first branch of Shadowsocks which implemented all these obfuscation protocols and method but a while back something happend and the maintainer deleted all the codes and everything related.

    A new maintainer is now responsible for the new branch of ShadowsocksR, which is now called ShadowsocksRR

    KCPTUN is used to speed up Shadowsocks (and maybe ShadowsocksR-not sure). But I couldn't find any decent tutorial, and Shadowsocks works perfectly on my end, so didn't look further :).

Sign In or Register to comment.