Pretty much all the ISPs sell "international lines" as well. They both champion their "stealth" options and other than the odd day you don't really notice the GFW. Almost every senior developer I've met here subscribes to one or the other - with Astrill being far ahead in terms of user base. I'm surprised no one has mentioned them here yet. I have heard he did want to do something but supreme leader and his people stopped him. even president rohani couldn't manage the situation. : pptp, l2ps and others are closed right now. but It takes huge amount of time and a little money.but the point is 99.999% people don't have this option (I use shadowsocks, sometimes another tunnels) so they use internet the way is or some software like freegate and other but with extremely low speed unbearable lag. : I use vps from netherlands for bypassing firewall. In 2009 green movement they closed every https connection.(maybe that was red alert situation) I have noticed they have multiple situation, for example when everything's quiet internet is not so bad (despite the fact bandwidth is extremely low for huge amount of people), but when some news came out about government corruption, guess what ? some vpn does not work. Connection to outside web is almost impossible. every open vpn, cisco vpn, etc connection will lose connection every 2-3 min. I am in Iran, you cannot believe it, same here, They use deep packet inspection too, they will shut every package down. I have a lot of respect for all these Chinese hackers like clowwindy who try to escape censorship, as it takes more technical prowess than you think to design a VPN that works in China. All these tools try to obfuscate and hide VPNs. That's why people in China have to use VPN tools that most westerners have never heard of: obfsproxy, ShadowVPN, SoftEther, gohop, etc. But when using a VPN that encrypts data at the IP layer, these empty ACK packets will be encrypted, so The Great Firewall will see the client sending small ~80-120 bytes encrypted packets, and will count this as one more sign that this might be a VPN. For example in a traditional HTTPS session, if the client browser downloads, say, a 500kB image over HTTPS, it will send periodical empty TCP ACK packets as it receives the data. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS). When they think there is a high probability a VPN is detected, they simply start dropping all the packets.Įncryption is not enough. After some research I read online the government does deep packet analysis and uses machine learning to find heuristics to guess which TCP connection or UDP stream is likely being used as a VPN. If you try this, or even a basic OpenVPN setup, you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out. I thought bypassing The Great Firewall was going to be as simple as an "ssh -D" SOCKS setup, or a "ssh -w" tunnel. I was visiting China recently (my first time there).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |