• makingrain@lemmy.world
      link
      fedilink
      English
      arrow-up
      23
      arrow-down
      1
      ·
      1 year ago

      I spent years living in China. Do you really mean zero success?

      OpenVPN stopped working in 2017. Deep packet inspection prevents the initial handshake. I hosted my own SS for a number of years before switching to wireguard, with more success… however, they IP ban a majority of VPS IP ranges, so the providers Linode/DigitalOcean were messed up.

      And everyone experiences VPN slow down during CPC conferences.

      It can only be worse now.

      • Varyk@sh.itjust.works
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        1 year ago

        I mean zero practical success in banning vpns or stopping vpns from functioning correctly, yes.

        They scared non-technically-minded people who already didn’t use vpns into not trying them, but everyone I know in China who used and uses vpns without a problem for years are still using them today.

        I know nothing about running a server, I’m just talking about my experience from the user side of the equation.

        • makingrain@lemmy.world
          link
          fedilink
          English
          arrow-up
          9
          arrow-down
          1
          ·
          1 year ago

          Ah ok. Well, as I said I lived there for years and i’m telling you they can and do block VPN traffic (not all, another commenter mentioned Astrill) quite well. To say zero success is incorrect.

          Location (and peering) might be a factor, so if you/your friends lived somewhere different to I your experience may differ.

          • Varyk@sh.itjust.works
            link
            fedilink
            arrow-up
            6
            arrow-down
            1
            ·
            1 year ago

            I mentioned astrill too, they do pretty well.

            Vpns are working in Ningbo, Tianjin, urumqi, Chengdu, Beijing, Chongqing, Guangzhou, xian right now, idk, I haven’t seen or heard of the problems you’re describing, but I’m heading back over for the new year this year, so I’ll check.

            I think failing to block increasing, constant vpn use around the north, South, east, West, and center of a country for a decade despite constantly declaring vpns illegal and banned and stopped by government firewalls counts as zero practical success, yes.

          • HipPriest@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            My sister still lives there and from what she says it’s not too difficult. Some VPNs work, others are on the ‘no longer work’ list and at big events they mysteriously stop working.

            She’s not technically minded, she’ll just be using an app.

      • Anonbal185@aussie.zone
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Are you hosting it through a provider such as AWS or Azure? That might be why. I had no issues when setting it up on my own.

        I have 2x ISPS and through that multiple raspberry pis. Set up docker, then you can set up multiple VPNs (e.g. OpenVPN which I used just before pandemic) so after 2017. It always worked but these days I would also esim it - they can’t block roaming mobile due to the way roaming works and the travel Sim prices are quite competitive these days.

        Tldr no issues hosting on personal internet rather than through a cloud provider.

        Example ones I use, simple to set up via docker files.

        https://hub.docker.com/r/linuxserver/openvpn-as https://hub.docker.com/r/linuxserver/wireguard

    • zephyreks@lemmy.mlM
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      1 year ago

      Yep, precisely this. It’s extremely hard to block arbitrary internet traffic and everyone who thinks China lives in a propagandized bubble with no exit is deluding themselves.

      FWIW, VPN enforcement is much more strict in Xinjiang and Tibet so I think Chinese authorities have the capability, they just choose to not exert it most of the time (to avoid an ever-escalating arms race lol).

    • Darkassassin07@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Got any suggestions for software?

      I run openvpn normally and I’ve tried shadowsocks but neither have gotten through the vpn blocks I’ve tested against.

      • Gellis12@lemmy.ca
        link
        fedilink
        English
        arrow-up
        9
        ·
        1 year ago

        Tor. It’s free, it works, and there’s nobody to sell you out when the cops come knocking.

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I’m looking for something self-hosted for secure access to my LAN, not just to reach open internet unfortunately.

          • Gellis12@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If you’re just looking for remote access, openvpn on port 443 should (in theory) be indistinguishable from normal https traffic.

          • Gellis12@lemmy.ca
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            If they did, I haven’t heard about it. China has been trying and failing to block tor for decades though, so I kinda doubt Russia managed to beat them to it overnight.

      • Varyk@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        Both astrill and protonvpn sashayed straight past the great firewall when I visited. There was some free Chinese vpn, greenvpn I think, that worked too, but was slow.

    • residentmarchant@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      1 year ago

      What’s the reasoning for this? Surely it’s not that difficult to block all traffic pointing to “vpn.protonvpn.com” (simplified url for the sake of argument)

      Even if a VPN provider had 100 URLs to tunnel traffic through, they would all be found in a matter of time, no?

      • apt_install_coffee@lemmy.ml
        link
        fedilink
        arrow-up
        15
        arrow-down
        1
        ·
        edit-2
        1 year ago

        The difficulty is that a VPN isn’t just a product like ProtonVPN, it’s a huge family of software and protocols.

        You can block vpn.protonvpn.com, but since most operating systems come with VPN functionality out of the box, you’d have to start listening to all traffic (not just DNS lookups) and blocking ALL packets that might be VPN traffic without causing regular disruption to non-vpn traffic.

        TL;DR: it’s easy to prevent unmotivated users from downloading a VPN app. It’s practically impossible to block a motivated user from using a VPN, and they’re the users you particularly care about.

      • Varyk@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        arrow-down
        13
        ·
        1 year ago

        I’m just a user, but afaik if the server you’re routing through is outside of China, they have no right to block the traffic.

        I think it’s some international agreement that no country is allowed to block external traffic because that interferes in other countries’ affairs something something, but I don’t know the specifics.