Jumping the Great Firewall

Great Firewall of China

For a person like me, there are a few things that I worry about when in China.

  • Food

    Great Firewall of China
    Don’t worry. China isn’t actually on fire.
  • Water
  • Public bathrooms

However, one of my main concerns is the Great (fire)Wall of China, a government mandated firewall that all ISPs maintain. A lot of my life is based around Google’s services, like email and document storage. However, as some as you may know, Google is blocked in China, which poses major problems for me.

A brief aside: Apparently the creator of the Great Firewall of China had to use a VPN to bypass the firewall during one of his lectures. He was attempting to access a South Korean website, and clearly used a VPN during his lecture. Anyway, into actual methods of jumping over the Great Wall.

Tor Shouldn’t Work

Before anything about VPNs, a mandatory note about Tor. Tor is a great service to anonymize your traffic. However, the Great Firewall of China reportedly takes down Tor connections. Apparently, Great Firewall of China uses Deep Packet Inspection to try to detect traffic to Tor nodes. If a potential packet is flagged as a possible Tor packet, the Great Firewall will attempt to contact that node and check for a Tor response.

There are possible ways to get around this restriction, but they are long and complicated.

Personal VPNs

There are a ton of tutorials out there about creating personal VPNs from your house. Even Netgear routers have a built in VPN creation tool. These VPNs will mostly work in China. However, the Great Firewall also allegedly is able to recognize VPN packets with Deep Packet Inspection and then block your house’s IP and port combination.

This is a problem because your house is only one IP address, unless your ISP assigns you a new one. However, there are a few ways to mask your traffic. One possible way is by obfuscating your VPN traffic. This method, however, is not completely foolproof, as some VPN traffic can still be distinguished.

The best method of using your own VPN in China is probably through an SSL tunnel. Using stunnel, VPN traffic can be encapsulated with SSL, making it essentially indistinguishable from traditional HTTPS traffic. In this case, it would also help to have your VPN through port 443, as that is the normal SSL port, which the Great Firewall of China would be expecting.

Other Paid/Free VPNs

There are a huge number of VPNs that exist for the purpose of getting people out of government censorships. Oftentimes, these VPNs will work. Even if the Great Firewall of China manages to block one of these servers, a good VPN provider will have multiple servers to choose from,

When choosing between a paid and free VPN provider, it’s often better to use a paid VPN provider. Usually, paid VPN providers have more features. However, I’m too cheap to pay for a VPN, so I just use a free VPN service.

Before using any VPN, it’s probably best to make sure that they don’t track and log your usage. Sometimes even paid VPNs will log your usage. If you care about privacy, it’s important that you make sure that a VPN doesn’t log your usage.

Conclusions

There are a few things to keep in mind regardless of what method you use to get over the Great Firewall. However, the best method for you is probably a paid or free VPN hosted by somebody besides you. It’s the easiest to configure and probably also has faster speeds than any VPN that you could host back home because of the distributed network of servers to choose from.

If you want a challenge, you can set up stunnel and a VPN at your house, although I haven’t tested it yet.

Good luck getting over the firewall!

Leave a Reply

Your email address will not be published. Required fields are marked *