New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
China GFW OpenVPN censorship bypass methods
kocamanyarrak
Member
in Requests
No Obfsproxy and Stunnel. Are there other methods? Compatible for Android, Linux and Windows.
Comments
This has been asked many many times. Shadowsocks or ShadowsockR seems to be a magic bullet. Works on Linux, Windows, Android
I could not find a Linux client for ShadowsocksR.
Does ShadowsocksR work with the Shadowsocks-Qt5 client?
Don't know. Try to find out and let everyone know.
Great question. I think I'll Google that.
Thank you for asking questions
in China. Openvpn is not a valid encrypted tunnel, when the GFW detects openvpn ip will automatically cut off, so in China, you can use the tunnel is limited to shadowsocks & shadowsocksr, there are similar to v2ray tunneling options like
You can use openvpn tcp port 25,
This port is the mail sending port,
So there is no interference in mainland China,
Can be used normally!
ShadowsocksR is a mod of shadowsocks, if you disable all shadowsocksR features on your shadowsocksR server, shadowsocksR does same as shadowsocks, it will work well with Shadowsocks-Qt5 client,
Personally, I recommend you to use shadowsocksR features.
iOS Client: Wingy,Surge,Potatso,A.BIT.T,Shadowrocket
Android Client:
ShadowsocksR-Android:https://github.com/shadowsocksr/shadowsocksr-android/releases
Postern(Do not support shadowsocksR):https://github.com/postern-overwal/postern-stuff
NetPatch FireWall(Do not support shadowsocksR):https://play.google.com/store/apps/details?id=co.netpatch.firewall
The protocol of OpenVPN can be detected by GFW with DPI in 2013, so it won't work any more
Depends. I use OpenVPN quite often and it does work, but not everywhere. Last week it didn't work in Shenzhen, but worked in Zhuhai. Strangely, the simple PPTP worked. Some blocks are certainly regional.
As a 2nd OpenVPN server I setup PiVPN on a Raspberry, will test that soon in China. On the RPi is also a Shadowsocks server. That usually always works.
So I actually have no need for more connections, but it's fun to try and more options are better.
To the experts here I wonder if this will work: SShuttle on the RPi and Ki4A as Android client. Anyone here knows?
PS: The simple 'Lantern' works too.
For Linux users, check out python bash version, shadow socks electron or avenge.
Also, u may use anyconnect in China
Here is a list of eight or more methods you can try. https://dcamero.azurewebsites.net/ The SSR article includes instructions for Linux client.
Note that ShadowsocksR's original developer (breakwa11) has removed Github repos, after her personal info being revealed by someone using social engineering and threatened to expose even more private info.
There are still some forks of ShadowsocksR on Github.
Nice tutorial!
No
Because the gov cracks (if it can, especially on older Windows servers) the hashing used and then, in real time, decrypts your neat insecure PPTP tunnel :>
I mean, yea, that seems to work somewhat, but at the 17-20KB/s i see Ürümqi <-> Frankfurt this looks like shaping port based to prevent usage (CU) - on 53 i get nothing (dropped), on 1194 i get nothing (dropped, normal in XJ, never seem this work) and on 443 i get - what one assumes to be - full speed (~12Mbit to DE, notably this is CU telco, not end-user connectivity).
In theory port 25 does not use SSL (or should) so it could be put into the DPI and dropped rather easily if encrypted (or, in fact, not containing mail headers) - the mail SSL ports are probably a better choice.
You can send STARTTLS on port 25, and that switches the connection into the encrypted mode. I wonder if there are tunnel implementations which simulate and mask under this. But of course the GFW can "allow" any mail port, while shaping it heavily, which will stay usable for transferring mail, but not for VPN usage.
That would solve something the Iranians had at a time (drop connection if direct on something that should actually be seen as upgrade from another one at the central ITC core); as that seems disabled now (or at least works to connect from Afranet to non-Google mailserver in EU) probably was not effective though.
Also need to consider legal aspects; Beijing can just enforce disabling of all external mail via SSL if they have the desire for that, and force everyone to use local services or proxy/MITM...
Went to China for a visit over the summer. I had set up OpenVPN, SSH tunnel, and PPTP vpn before I left. I agree with dergelbe about the "regional" part. Sometimes all of them works, but if you move to a different 'province' I start to experience packet drop on the ssh tunnel, and openVPN will be stuck at retrieving server settings. Betternet is also intermittent and only usable in some areas. I stayed in a hotel for a few days that can strangely access google/gmail/youtube without any vpn at all. Strange.
Some 5-Star hotels in China have unblocked internet. They use a VPN I presume. But with the recent crackdown that might get less too.
On my next trip I will try:
• PiVPN (on a RasPi, should be same as NAS VPN I guess)
• SShuttle (on a RasPi) - any feedback?
Don't bypass it, stay in your home. We don't need more china hitting the servers or over population good services.
If they stay in their home, that doesn't generally help overpopulation.
SShuttle won't work in some areas. The only sure bet would be shadowsocks. Install Tor with a list of bridges just in case if all else fails.
You got a point. Free boarding into the USA for Chinese citizens , better than increasing by 2x a day.
wat
I am pretty happy with Shadowsocks, I just like some what if options. I don't think Tor on Android (that's what I use) can do bridges. I have the Tor client, but that never worked in China so far.
I think he meant, going out to the streets helps overpopulation. China has about 200,000 traffic dead a year.
it looks like that a new maintainer is working on a new branch of Shadowsocks R, which apparently it goal is to add more features.
If anyone could shed some light on this branch, would be great.
and this is the GitHub link: https://github.com/shadowsocksrr/shadowsocksr/tree/akkariiin/master
Can somebody please enlighten me. I am using Shadowsocks, and it work very well with good speed over the wall. But what are the differences to ShadowsocksR, ShadowsocksRR and KCPTUN?
Is it speed? Or better hiding? Less throttling? Is there any point on upgrading my normal Shadowsocks?
I think, Shadowsocks doesn't work well (or as intended) in China, because GFW is able to detect it, but shadowsocksRR can overcome this issue, and apperantly can be used without any problem whatsoever.
ShadowsocksR was the first branch of Shadowsocks which implemented all these obfuscation protocols and method but a while back something happend and the maintainer deleted all the codes and everything related.
A new maintainer is now responsible for the new branch of ShadowsocksR, which is now called ShadowsocksRR
KCPTUN is used to speed up Shadowsocks (and maybe ShadowsocksR-not sure). But I couldn't find any decent tutorial, and Shadowsocks works perfectly on my end, so didn't look further .