Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Tunneling Under the Great Firewall?

kdawson posted more than 4 years ago | from the tiptoeing-around-dragons dept.

Censorship 403

An anonymous reader writes "I am traveling to China in the near future, and needless to say as a Slashdot reader I am going to require access to the Internet. The whole, unadulterated, unfiltered Internet. Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that). I will only be there for a few weeks, and will not be using the computer for much of that time, so I don't want to shell out a lot of money to a VPN service. However I also don't want to be hindered by extremely slow speeds such as those provided by the Tor network. I have experience implementing Web servers and work fairly often with Linux; however, many of my friends who also face the same dilemma don't. What would be the most cost-effective (free is best) method for me to subvert the Great Firewall during my travels while maintaining sufficient anonymity and enjoying sufficient speed?"

Sorry! There are no comments related to the filter you selected.

Fear (3, Insightful)

sopssa (1498795) | more than 4 years ago | (#32773620)

This fear of China is just WTF. "my lack of a nickname on this submission being testament to that", VPN's, Tor, all of that just to browse the regular Internet. Anyone who writes these things obviously have not been there or in the other Asian countries.

Most of the western quality hotels provide access to unfiltered Internet and you are most likely staying in one of those. Besides, the Chinese and Asian in general are quite relaxed people. Just think if American cops would be this patient and try to help the guy [] .

Seriously, the Chinese, Asian and rest of the world hate and fear by Americans is getting beyond ridiculous.

Re:Fear (5, Informative)

grub (11606) | more than 4 years ago | (#32773740)

Besides, the Chinese and Asian in general are quite relaxed people.

It isn't the general population causing the VPN problems we have with people travelling in China, it's the government.

Re:Fear (4, Insightful)

Moridineas (213502) | more than 4 years ago | (#32773762)

Slashdot rails against DMCA, censorship, walled gardens, etc, and you expect the Chinese government to get a free pass? What a joke.

You can raise frail strawmen all you want, but it's not about how "relaxed" Asians or anything else like "hate and fear" that you've just made up in your post. It's very specifically about the Chinese government. Exactly what part of "I am very leery of the government" have you completely failed to understand?

Is this REALLY a conversation you want to get into?

Re:Fear (2, Interesting)

Anonymous Coward | more than 4 years ago | (#32773770)

Most of the western quality hotels provide access to unfiltered Internet and you are most likely staying in one of those.

Is that 'unfiltered' access also 'unmonitored'?

Re:Fear (1)

Kell Bengal (711123) | more than 4 years ago | (#32773792)

I don't know why you're at -1, but you know, you probably have a point. I would argue that if you're not browsing 'seditious' Chinese websites (which are probably in Chinese) then the government there probably doesn't give a damn about what you're doing. It sounds like the poster has way too high an expectation of how much other people pay attention to him. Unless you're looking for trouble, or very unlucky, it's just FUD.

Good luck! (5, Interesting)

grub (11606) | more than 4 years ago | (#32773634)

At my workplace we have people who travel to China. On occasion VPN connections from China just stop for hours or days at at time. No hits at our VPN endpoint from China at all; the traffic is stopped upstream somewhere while everything else that is unencrypted works.

That's the only country we have people visit where the VPN can be problematic.

Re:Good luck! (1)

girlintraining (1395911) | more than 4 years ago | (#32773812)

Use SSL proxies. There's a huge number of them, and people scan for and compile lists for new ones all the time. It's not as slow as Tor, but if you find one that doesn't use a standard port (8080, etc) it may work well for you. I use them all the time to download stuff from "geo-locked" websites like the iPlayer/BBC.

Re:Good luck! (2, Insightful)

Martin Blank (154261) | more than 4 years ago | (#32773918)

Do you really trust using a random SSL proxy for getting out? That's likely to cause even more problems, because you almost certainly do not know who owns the proxy and what they're doing with your traffic. If the guy has to do anything sensitive like banking, his ability to do so safely has dropped precipitously.

Re:Good luck! (4, Insightful)

Aqualung812 (959532) | more than 4 years ago | (#32773936)

If you use a SSL proxy, make sure you note the fingerprint of the one you want to use BEFORE you go. Compare it when there to make sure you don't get a man in the middle attack.

Happens exactly the same with the good ole' USA (2, Interesting)

ArsenneLupin (766289) | more than 4 years ago | (#32773852)

A friend of mine is working for a supplier of automotive parts with (at the time) two branch offices in Luxembourg, and one in the United States (Detroit).

All 3 are linked together with a VPN.

And just after the planes struck the buildings on 911, the VPN with Detroit mysteriously went down. Unencrypted connections continued working as if nothing happened (so it's not a case of a router being located physically in WTC, or whatever). A couple of days later, all was back to normal. No explanation ever followed.

Hardly a common example (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32774008)

A friend of mine is working for a supplier of automotive parts with (at the time) two branch offices in Luxembourg, and one in the United States (Detroit).

All 3 are linked together with a VPN.

And just after the planes struck the buildings on 911

Lets stop right there.

A single event, nine years ago, precipitated by an attack by foreign nationals on the United States.

You're using the example of (presumably) the US Government shutting down encrypted Internet traffic during a time of national emergency to support a claim that VPN traffic in the USA is unreliable.

That's just pathetic.

Re:Hardly a common example (1)

LordKazan (558383) | more than 4 years ago | (#32774266)

and the service interruption was probably caused by the fact that a lot of network equipment driving the transatlantic link was in the WTC FFS!

Re:Good luck! (3, Informative)

Anonymous Coward | more than 4 years ago | (#32773868)

I live in China. I access the Internet unhindered. I've never, in nine years, encountered a situation where only encrypted links are shut down (for even MINUTES at a time!) while everything else went through. I have experienced situations where specific backbones get so badly clogged up that *all* traffic (including, sadly, my link to my VPS) is screwed up, but never one where just the link to my VPS was down.

That's almost a decade, folks. I'm not quite calling "bullshit" on grub here. I'm sure he's seen this problem with VPNs. I just think his techies (or grub himself) are using the Great Firewall as an excuse and not bothering to actually test things. "Oh, it's from China. Obviously the Great Firewall."

Re:Good luck! (1)

grub (11606) | more than 4 years ago | (#32773968)

Nope, we've tested as best we could. Ping and traceroutes to our VPN box failed within China somewhere, other machines here worked fine, even one that was one IP 'up'.

We spent a considerable amount of time trying to find the problem the first time it happened as it was our Director General (read: 'god') having the problem and he was calling me from there about it.

Re:Good luck! (3, Informative)

Amouth (879122) | more than 4 years ago | (#32774042)

i run a VPN server for several friends of mine - the whole use is to get around what ever they run into - be it China (rare but they do go there) or some lame ass university's filter..

one of the more often used services for really locked down places is a good old SOCKS server running on 443..

Re:Good luck! (0)

Anonymous Coward | more than 4 years ago | (#32774076)

Having just spent 5 weeks in China, an inexpensive way to go is Using the link to the SSL in Manchester it was great service. You will run across dropped packets, slow bandwidth and latency, but the SSL connection will help with that. They seem to want the banking part to keep going. Am sending this as anonymous coward as I also don't want the Chinese government to know...grin.

Pick any... (1)

mcrbids (148650) | more than 4 years ago | (#32774164)

Fast, Easy, Secure. Pick any two.

Sorry, pal - it's those pesky laws of the universe or something gettin' in the way...

Make a proxy. (2, Informative)

stanlyb (1839382) | more than 4 years ago | (#32773646)

Have somewhere a computer with real IP, and start some proxy server. Or even some remote-control(vnc,rdp), if you have a good bandwidth.

Re:Make a proxy. (1)

AnonymousClown (1788472) | more than 4 years ago | (#32773718)

...if you have a good bandwidth.

That's the thing, the poster didn't say where in China he's going to be. Outside of the major cities, you're in an agrarian Third World country. It's not like he can walk into an internet Cafe and plug in.

I think the poster is going to have to use a "cocktail" of different ways of getting under the firewall - with a prayer: Spectacles, testicles, wallet and watch.

SSH (5, Informative)

Hatta (162192) | more than 4 years ago | (#32773652)

SSH tunneling with SSH -D is trivial to set up. Make sure you forward DNS with network.proxy.socks_remote_dns set to true if you're using Firefox.

I think I read that SSH can even create a virtual network device that forwards all traffic over a tunnel. Haven't had time to play with that though. That would be a great solution for every app, even those that don't support SOCKS proxies.

Re:SSH (4, Informative)

leuk_he (194174) | more than 4 years ago | (#32773774)


-Setup a ssh server outside of china, always on. for windows use some port like copsshd.
-Set ip up at an alternate port (not 22, use 443), it will obfuscate it a little bit.

In china run ssh client, putty can do this, tunnelier has some more options []
Then use proxy options of firefox to send traffic over this proxy. Be careful no to leak too much dns info.

Re:SSH (4, Insightful)

richardellisjr (584919) | more than 4 years ago | (#32773882)

I'm not sure if this is what your referring to but I use a SSH socks proxy and tsocks under linux quite a bit to allow proxy unaware apps to be use it (like RDP). The only issue I have with this setup is DNS. Since it primarily uses UDP not TCP for lookups they are all performed against the locally configured name servers not the remote. I haven't found an elegant solution for this yet but your network.proxy.socks_remote_dns config may help a lot (I've never heard of that before).

For the original submitter, I understand your reluctance to being restricted and object to the idea of the great firewall as much as the next guy, however is completely open access really worth breaking the law there and potentially being imprisoned in China. Also keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful. If you really don't like the law don't travel there, if your trying to make some sort of political statement (which I doubt) then best of luck to you... China isn't well know for being good sports about that sort of thing.

Re:SSH (1)

IndustrialComplex (975015) | more than 4 years ago | (#32774136)

so keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful.

Allow me to play the world's smallest Er-Hu.

Re:SSH (2, Informative)

Nerdfest (867930) | more than 4 years ago | (#32774046)

TSocks may be the application you're looking for. I haven't gone through the setup of it yet but it looks like it will tunnel any traffic through ssh.

Socks (0)

Anonymous Coward | more than 4 years ago | (#32773664)

ssh -D $port $host -N

Is ssh blocked? (1)

WhiteDragon (4556) | more than 4 years ago | (#32773672)

if not, do

ssh -D 9999 my.home.machine

then use localhost port 9999 as the SOCKS proxy.

Re:Is ssh blocked? (4, Informative)

DoctorNathaniel (459436) | more than 4 years ago | (#32773822)

I have done this from Beijing and it worked the week I was there.

FoxyProxy is a nice add-on to use for this, since it allows you to either whitelist specific sites for use through the proxy, or to simply switch back and forth to the proxy as you need.

Re:Is ssh blocked? (1)

Daimaou (97573) | more than 4 years ago | (#32774272)

Even if it is blocked, you can use corkscrew to circumvent it.

Run your own secure proxy (1)

Event Horizon (85658) | more than 4 years ago | (#32773678)

Presumably you have broadband internet at home. Set it up as a gateway and encrypt all traffic through it.

Regardless, you are not likely to have fast internet access in China, or at least not *consistent*, fast internet access. In my experience, quality of internet connectivity there is very touch-and-go.

Screenshare (4, Interesting)

bobdotorg (598873) | more than 4 years ago | (#32773686)

Before leaving, set up a computer with decent upstream bandwidth and VNC / screen share. Pretty simple, and only shows a connection to that one IP address. If you use OSX it's a 30 second setup in sharing preferences, and I'm sure that there are windows and Linux equivalents. You may need to tweak the ports to get under the Great Firewall.

However, one significant drawback (with the OSX solution) is that audio is not streamed. Another is lag with slow / far connections.

But it will get you the full net.

Re:Screenshare (3, Insightful)

ckthorp (1255134) | more than 4 years ago | (#32774126)

I vote for this strategy because then no contraband will ever be present on your computer in China. Nothing on the computer, nothing for authorities to find in your cache or via deleted file recovery.

Really? (1, Insightful)

DJ Jones (997846) | more than 4 years ago | (#32773698)

How about just suck it up and deal with it. Unless you need to look up "Tiananmen Square" every 10 minutes, it really shouldn't be a problem. They filter state secrets and political opinions, not your twitter traffic.

Re:Really? (5, Informative)

flippy10 (1846544) | more than 4 years ago | (#32773720)'s_Republic_of_China [] Those definitely all sound like sites chock full of state secrets.

Re:Really? (1)

Darkness404 (1287218) | more than 4 years ago | (#32773844)

And that page really needs to be updated...

China randomly blocks and unblocks pages for no real reason, one day something may be totally unblocked and the next day its blocked.

Re:Really? (0)

Anonymous Coward | more than 4 years ago | (#32773884)

Rofl @ being blocked. :D

Re:Really? (2, Funny)

ta bu shi da yu (687699) | more than 4 years ago | (#32773766)

My political opinions are state secrets that I communicate over twitter, you insensitive clod!

Re:Really? Yes Really. (1)

malloc (30902) | more than 4 years ago | (#32773784)

it really shouldn't be a problem. They filter state secrets and political opinions

Have you ever been there?

I've spent a total of 3 months in the last several years. In actual practice they block tons of things you want. (e.g. Wikipedia, last time I was there in 2007).

Re:Really? (1)

djsmiley (752149) | more than 4 years ago | (#32773806)

So.... not a search engine like [] then?

Re:Really? (1)

ArsenneLupin (766289) | more than 4 years ago | (#32773932)

Unless you need to look up "Tiananmen Square" every 10 minutes, it really shouldn't be a problem.

And even then, it wouldn't be a problem. As a simple anti-spam deterrent, we've got "Remember Tienanmen" in the greeting string of our sendmail. But we still get loads of Chinese spam.

A couple of years back, there were loads of lists of open proxies circulating around. Many were located in China. Out of curiosity, I connected through one of these, and started googling for Tienanmen, Tibet, and other assorted keywords. All sites were accessible... So, if there is a Great Wall of Fire, it must be very leaky.

Re:Really? (5, Insightful)

BobMcD (601576) | more than 4 years ago | (#32774018)

While not necessarily the best tone in the world, I actually agree with DJ Jones here.

Here's your decision tree:

1) Is the website you want to see worth defying the laws of your hosting nation?

2) Is absolutely no way you can do without it until you come home?

3) Do you have some kind of diplomatic immunity, wealthy connections, etc that can extract you from a sticky situation?

You get the picture.

Imagine this post on the Arabian Slashdot:

I am getting ready to travel to the United States and don't want it to interrupt my terrorist training. Can you guys recommend a way around the DHS's websniffing protocols, eavesdropping, cellular tracking, etc?

And what would your advice be??

Opportunistically, if you gave advice about methods, would you feel bad if he landed in Gitmo?

Think about the implications. After all, it is only the internet and you don't live there. Think deeply.

Anonymous? (4, Funny)

Hoi Polloi (522990) | more than 4 years ago | (#32773702)

Just change your online name to "FreeTibet". They'll never notice.

Ummmm... (5, Insightful)

Anonymous Coward | more than 4 years ago | (#32773722)

I suggest that you play nice with China's laws if you are going to China. Trying to bypass their firewall as a foreigner traveling there is more likely to attract the sort of attention you don't want than anything else. As you said, you're just going to be there for a few weeks. Do you *really* need to search for the kind of stuff they filter out while you are there?

My wife travels regularly to China for work. We are very careful about our conversations on the phone when she's there, and about the emails we send when she's there. I sure as hell would never advise her to try to bypass their firewall.

If you are a Chinese freedom activist, by all means, you know what you're getting into, bypass away. I support the people of China in their efforts to access the whole internet, to speak their minds, to be as free as they care to be.

If you are a Westerner visiting, I'd suggest you just hold your horses there bucko and deal with the internet you can get from your hotel room and don't make yourself look more suspicious than you actually are. You really, really don't want anybody to think you are doing anything against Chinese interests while you're there. Seriously.

Re:Ummmm... (3, Insightful)

tthomas48 (180798) | more than 4 years ago | (#32773944)

Yes. Remember the US government is under no obligation to get you out of prison for trying to subvert their firewall. Most of the time if you commit an obvious crime in another country, the US is more than happy to let you serve your time.

SSH + Squid (1)

Wonko the Sane (25252) | more than 4 years ago | (#32773724)

Keep your home computer run at home with SSH listening to a non-standard port (80 or 443 are good choices).

If you're going to be using Windows computers in China take a USB thumbdrive with you with a copy of PuTTY installed.

Forward ports 53 and 3128 and set your web browser proxy and DNS settings appropriately.

remote desktop (2, Interesting)

circletimessquare (444983) | more than 4 years ago | (#32773726)

if on windows, set up your home computer to accept incoming rdp requests (and configure your router to pass that port to the right machine), and leave your home computer on the whole time

login remotely, and surf anywhere you want

Re:remote desktop (2, Informative)

TheLink (130905) | more than 4 years ago | (#32774134)

ok (1)

circletimessquare (444983) | more than 4 years ago | (#32774212)

then install windows xp on an old junk machine just for browsing remotely

pay zero attention to security

then wipe the thing when you get home

Re:ok (1)

solevita (967690) | more than 4 years ago | (#32774264)

Or use NoMachine to connect to your remote box.

Tor, maybe? (0, Offtopic)

stakovahflow (1660677) | more than 4 years ago | (#32773744)

I am thinking that maybe a Tor client would be useful, but I do not know if this is allowed in China...

Anyone else know?


Re:Tor, maybe? (4, Funny)

tomz16 (992375) | more than 4 years ago | (#32773816)

As long as we are going with "things the original author specifically discounted in his post", I think he should purchase VPN service...

Re:Tor, maybe? (3, Funny)

LordSkout (1427763) | more than 4 years ago | (#32774202)

Or more specifically, he should shell out a lot of money for one.

Re:Tor, maybe? (0)

Anonymous Coward | more than 4 years ago | (#32773940)

Even though the original poster excluded it, I also second Tor. It's actually surprisingly fast now. I tried it a while back but shelved it because it was too slow. I reinstalled it a week ago and it's much faster now. Now it's my foxyproxy default.

Private Proxy? (1)

The MAZZTer (911996) | more than 4 years ago | (#32773788)

The best solution may be to set up a private proxy such as CGIProxy on your own web server behind HTTP auth. Then access it via HTTPS only (on slashdot I think I read a story where someone's site was blocked for such a proxy... using HTTPS greatly reduces the chance of that). I think there was speculation on slashdot a while ago that the Chinese government could probably issue signed SSL certs if they wanted to and thus easily perform man-in-the-middle attacks. You should probably check to be sure the cert matches what you expect (especially the issuer) before using your proxy. Also if you know of a site that has a bad SSL cert (self-signed, etc) if it's suddenly valid while in China that could be another warning sign.

There's also Tor but it is quite blockable by blocking connections to its dictionary servers, so I'd be surprised if it worked in China.

SSH as a solution (2, Informative)

segin (883667) | more than 4 years ago | (#32773794)

This is a really simple problem to solve.

Keep a box at home, run Linux/*BSD/whatever on it. Have SSH on it. Run SSH on a "common" port that's not 22. 21, 23, 56, 69, 80, and 443 are good candidates. For good measure, keep a small web-based admin util on some other common port (with SSL!) in case you guessed the SSH port wrong.

Use SSH as a proxy. I forgot exactly how to acomplish this on *nix but on Windows... Use PuTTY. Connection -> SSH -> Tunnels. Set a random source port (which is what port you connect to on your local machine) and select the "Dynamic" option. IPv4/IPv6 option should stay to default "Auto". An entry in the list should read something like D12345 where 12345 is the port. Use localhost:port as a SOCKS proxy.

And for *nix, there's this guide that should for for all OSes with standard ssh: Guide! []

Re:SSH as a solution (0)

Anonymous Coward | more than 4 years ago | (#32774024)

Don't even waste time finding a "good" port. I use 22. It's never been a problem in nearly a decade.

SSH -- avoid known & transparent proxied ports (1)

swb (14022) | more than 4 years ago | (#32774096)

This is all good advice.

As for your port advice, I agree to avoid port 22 -- I have this totally disabled on my FreeBSD system.

443 is a good alternative since it is the normal HTTPS port, but in my work as a consultant I've run into client networks where HTTPS works fine but SSH through port 443 doesn't work at all. I seldom get to the bottom of it, but usually its a filtering/transparent proxy device that works with normal HTTPS traffic.

My work around (that hasn't failed yet) has been to run my SSH server on a few random non-reserved ports. It's not unusual or unknown for apps to exchange encrypted/binary data on negotiated high number ports so most/many filtering systems & transparent proxies avoid it to keep from breaking those apps.

I personally would avoid using ports otherwise used for FTP, SMTP or other well-known unencrypted protocols since those are likely to be filtered/proxied or otherwise not be reliable with SSH proxy sessions.

It also wouldn't surprise me if the Chinese didn't have some kind of pattern analysis software that LOOKED for tunneled data; SSH proxy traffic probably stands out like a sore thumb. It might make sense to use multiple ports on the SSH server end to avoid creating a pattern over time (eg, one session on port 6043 may not get detected, multiple sessions over time from the same place on that port might sound an alarm).

China asks Slashdot how to catch hungry minds (3, Funny)

Sleen (73855) | more than 4 years ago | (#32773796)

So when China asks slashdot how best to catch people circumventing their firewall, how would they do it? They might pretend to be a western touron visiting their fair nation and asking some innocent questions about firewall circumvention. If any of these methods are effective, they are likely to cease being effective now that they are widely published. Either way, the anonymity of the poster prevents direct help and indicates perhaps a clever approach to hardening the firewall.

Re:China asks Slashdot how to catch hungry minds (1)

segin (883667) | more than 4 years ago | (#32773830)

Except the only seriously effective method mentioned here is already widely known. SSH tunneling, duh! They don't need Slashdot to figure that out!

Re:China asks Slashdot how to catch hungry minds (4, Insightful)

Tsunayoshi (789351) | more than 4 years ago | (#32773908)

Hey, if all information wants to be free, it will be free for everyone, including the "bad guys".

Re:China asks Slashdot how to catch hungry minds (1)

Thiez (1281866) | more than 4 years ago | (#32774166)

Yes, because the IT experts in China are all complete retards and they have never heard of SSH/Tor/whatever... no only us smart people from the west know and understand about these tools...

Have you considered that China probably knows about every method mentioned in the responses and probably some more? It's likely that they've decided that things like ssh filtering are too hard, or that they're not really worth the hassle, or that the prototype of their new ssh-block-o-tronic (made from the souls of dead puppies) is simply not quite ready yet (but will be any week now).

I seriously doubt any response here is going to contribute to their firewall and you're probably way too paranoia.

Re:China asks Slashdot how to catch hungry minds (1)

rindeee (530084) | more than 4 years ago | (#32774214)

For the most part, they (not just China, but most countries that try to control content) go after low hanging fruit. There are indeed a couple of ME countries that employ high-end Narus filters which, if managed and updated near real time, could pretty well block any means of bypass. The reality of implementation however is that it's just not worth the time investment. Typically with a bit of tweakery one can manage to use SSH, OpenVPN, an SSL proxy or some other form of obfuscation to circumvent the filters.

SSH tunneling (1)

rwa2 (4391) | more than 4 years ago | (#32773804)

Meh, I'd just simply chalk it up to part of the cultural immersion, to experience the internet the same way the locals do. Ask the Chinese at internet cafes, they'll probably be more than happy to point you to the workarounds they use.

For my part, I'd simply run ssh back to my box and run "links" to do searches from home.

With a little more effort, you could do SSH+TightVNC or TigerVNC to extend your home desktop... performance is actually pretty decent even with modem-like uplinks.

With a bit more effort, you could create an ssh tunnel to your home squid proxy server. But then you start leaving traces on your client machine in China... unless you boot it from a LiveCD or LiveUSB something. Try Knoppix or Linux-Mint, though you might need to remaster them to make sure you have all the apps you want.

Also, if ssh is blocked for some reason but you still have web proxy access, you can try installing ajaxterm to get a shell on your machine via https.

Have fun!

Re:SSH tunneling (1, Insightful)

Anonymous Coward | more than 4 years ago | (#32774258)

"Ask the Chinese at internet cafes, they'll probably be more than happy to point you to the workarounds they use."

I really rather doubt they will. You don't seem to understand how the chinese system of control works. From what I have read very recently from multiple sources, nobody is going to want to be openly seen explaining anything like this, in case they get asked to go drink tea with the police. Also the internet cafés don't work the way free wifi from starbucks works; they aren't just businesses connecting to the internet with central control. The internet cafés are part of the system of little-brother surveillance; they are forced to be.

If you, the OP, or anyone reading this ever goes to China, for the love of all that is good, don't ask a Chinese citizen to help you break the laws of their country; the consequences for them are worse than they will be for you.

How much is it worth to you? (1)

damn_registrars (1103043) | more than 4 years ago | (#32773814)

You said you'd only be there for a few weeks, and you wouldn't be using the computer that often. Are you sure you can't live without some parts of the internet under those conditions? If it's really that important to you, then perhaps you should restrict your travels to Hong Kong and Taiwan instead of mainland China?

After all if the firewall is the law, subverting the firewall may be illegal; which could lead to your stay being longer than expected ...

Re:How much is it worth to you? (0)

Anonymous Coward | more than 4 years ago | (#32774048)


I've been there and figure it's best to keep my mouth shut and smile and nod a lot.

If you have a reason to be there, it's probably best to focus on that --- if you're THIS concerned about circumvention, don't go or stay unplugged.

I'm not being sarcastic here, just being realistic about it - if the perception is that they (whomever is doing the censoring etc.) can do what they want, then weigh the risk of the behavior.

Personally, I'd be more concerned of electronic searches (like, security confiscation etc.) of personal electronics and/or coming home with something on your device(s) that you didn't show up with.

sufficient (0)

Anonymous Coward | more than 4 years ago | (#32773818)

"sufficient anonymity and enjoying sufficient speed"

Ummm? What is sufficient? In each case.

Also, I'd see someone about the paranoia. I doubt that China could give a rats about your browsing habits while visiting for a couple of weeks. Unless you plan on browsing some "dissident" sites that already have them in a huff I don't see it as an issue. Chill out.

Going on a pron hunt. (1, Funny)

Anonymous Coward | more than 4 years ago | (#32773840)

I'm going on a porn hunt
I'm not a afraid.
I got some good business partners.
By my side.
Oh. Oh.
What do I see.
Oh look! It's a Chinese Firewall.
Can't go over it.
Can't go under it.
Can't go around it.
Got to go through it.

(First thing I thought of)

try to use SOCAT. (1)

stanlyb (1839382) | more than 4 years ago | (#32773842)

Another very good solution is to use this little multipurpose relay netcat++: [] They are saying that you could tunnel even a VPN traffic, with just one simple command.

Ask Slashdot: How to Break the Law (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32773856)

Sorry, but that's what this is. The internet is regulated by the Chinese government, it's kind of asinine to ask users how to circumvent and break Chinese laws.

When you're in another country or in someone else's home, you follow and abide by their rules. It's not just being respectful, its good manners.

The Great Firewall sucks, but that's how they roll. Just suck it up and deal with it.

Re:Ask Slashdot: Civil Disobedience (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#32773962)

But when the law unfairly restricts your natural rights, then the breaking of that law is completely justified, hell, armed revolution in the case of China is very much justified for the Chinese people.

That said, I'm not sure if I'd really do it in China as a tourist, not that they'd probably do much (China gets western businessmen all the time) but I just wouldn't want to take the risk unless.

But really, if a law is unjust and violates natural rights, you have every right to break it, some may say you even have a responsibility to break it because by not breaking it you in essence prop the law up.

Please don't try this. It isn't worth it. (1)

Liambp (1565081) | more than 4 years ago | (#32773872)

Are you seriously willing to risk a stay in a Chinese prison just because you can't do without your internet fix for a few days? If you lived in China then trying to bypass the firewall might be conceived as a heroic gesture against oppression but for a tourist to risk it is just foolishness.

Stop being cheap (1)

Evildonald (983517) | more than 4 years ago | (#32773876)

"I want something that has great performance but i don't want to pay any money for it"

Shell out for a VPN connection already.. iPredator is very cheap and encrypts your whole network connection.

Forget About Speed (3, Informative)

malloc (30902) | more than 4 years ago | (#32773878)

... while ... enjoying sufficient speed?"

Unless they've opened a few new trans-pacific pipe connections since I was last there, forget about speed. Maybe it was just my ISP (Great Wall, ha) but within China you can get nice (e.g. 750kb/s) speed but the moment you cross the pacific your latency is killer and you're crawling at 5-10kb/s. This is using corporate VPN or without. I suspect the actual throughput is a result of active throttling by the State. In terms of restricting general information, making something extremely painful is nearly the same as blocking it.

You don't need the internet (0)

Anonymous Coward | more than 4 years ago | (#32773898)

Go outside.

Dear Slashdot " how do i commit a crime" (4, Insightful)

nurb432 (527695) | more than 4 years ago | (#32773900)

What you are asking is illegal there. If you get caught bad things will happen to you. Is it really worth the risk for a couple of weeks? Are you THAT addicted?

Obligatory MLK quote (2, Insightful)

Anonymous Coward | more than 4 years ago | (#32774236)

"There are just laws and there are unjust laws. I would agree with St. Augustine that an unjust law is no law at all... One who breaks an unjust law must do it openly, lovingly...I submit that an individual who breaks a law that conscience tells him is unjust, and willingly accepts the penalty by staying in jail to arouse the conscience of the community over its injustice, is in reality expressing the very highest respect for law."

- Martin Luther King, "Letter from the Birmingham Jail," April 16, 1963.

Cheap Colo/Virtual Host (1)

Spansh (219937) | more than 4 years ago | (#32773910)

Get yourself (if you don't already have) a cheap colo/virtual host. Then just use SSH with the-D option, and set your browsers proxy to a socks proxy on localhost.

Thats what I always do at when there are network issues (firewall, throttling, shaping).

What about your laptop ? (1)

mbone (558574) | more than 4 years ago | (#32773920)

I know of large US companies that do not allow executives to take their laptops into China, as they assume that its contents will be read (at the border or elsewhere). So, they get a sanitized laptop for the trip. Sounds extreme, but there have been cases of industrial espionage in the past.

When I went... (0)

Anonymous Coward | more than 4 years ago | (#32773924)

I left a windows PC running at home and tunneled in using remote desktop over VPN to view the web. I used Hamachi but there are many other simple set-up VPN type software out there you could use.

Are you out of your fucking mind? (0, Offtopic)

russotto (537200) | more than 4 years ago | (#32773928)

You're going to a country with a ruthless authoritarian dictatorship, and which further is both the darling of the US government and willing and able to stand up to it if need be, and you're asking how to subvert one of the institutions beloved to its leaders? Here's an idea for you: don't. Best if you just don't go to China at all, but if you're going to go, don't do anything which might result in you being imprisoned indefinitely, particularly when the best the US embassy will do is put in some token protest.

True, by most reports, the government doesn't particularly care if foreigners evade the firewall. But if they change their mind, or if they think you're helping Chinese people do to the same, you could be in the shit in no time at all. Do you really want to spend the rest of your life at hard labor in a foreign country?

Re:Are you out of your fucking mind? (3, Informative)

LWATCDR (28044) | more than 4 years ago | (#32774120)

I agree with you about 99%.
Setting up your own VPN is probably fine. If their are problems just claim that you need it to access work or school. What I wouldn't do is "help" people in China do the same.
1. If you are asking on slashdot you probably lack the skills to do it well.
2. If you get caught as a US citizen they will probably just take your computer and kick you out. You are not worth the bad press they will get.
3. If you help Chinese citizens do the same you can become worth the trouble. Which is a very bad thing.
4. You may hurt those that you are trying to help. Trust me their a lot of bright folks in China that have the skills to get around the great firewall. They also probably know better who to trust.
You are a foreigner trust me odds are they may already be watching you a bit. If you are not a business person I expect they are watching for you to try and do this very thing. As much as people like to make fun of security people they are not dumb. Figure that they have a lot more skill at catching you than you have at evading them If you or your friends don't get caught it will be just because of luck.

Re:Are you out of your fucking mind? (0)

Anonymous Coward | more than 4 years ago | (#32774256)


They're not going to throw a tourist in jail for trying to circumvent the Great Firewall. Here's a clue, Sparky: they know that you already know all the stuff that's blocked by the Great Firewall seeing as how, you know, you come from outside of it. It's THEIR CITIZENS they're trying to stop from seeing the outside world, not a bunch of . Even if you were to, say, let locals use your circumvention tool all that will happen is that said local gets smacked down when your back is turned and/or your circumvention tool's IP address gets added to the banned list.

Would you people please use your heads before you panic?

Lay all the secrets out here... (1)

pongo000 (97357) | more than 4 years ago | (#32773934) the Chinese government can make their Great Firewall better!

Seriously, does this person believe that /. readers are so gullible that they will lay out their best-kept secrets here? Or how do we know that you aren't a Chinese operative trying to mine the collective wisdom of /.?

In fact, if you need to ask, you probably don't need the "unadulterated, unfiltered" Internet as much as you think you do. Go, enjoy your trip. The Internet will be there when you return.

Don't bring a good computer (1, Insightful)

IndustrialComplex (975015) | more than 4 years ago | (#32773956)

I advise you to also bring a 'throw-away' computer, unless you keep your current computer with you at all times. Depending on your business, if you leave your computer behind somewhere (hotel room, security) you may return to find it perfectly fine, maybe even with a bit extra hardware or software if you get my meaning.

At the very least, be prepared to wipe it clean when you get back home.

ssh tunnel to 443 port (0)

Anonymous Coward | more than 4 years ago | (#32773970)

If you have only windows, install colinux. Setup ssh, forward all traffic from 443 (https port) to your 22 port (ssh) and voila.

Use putty and setup tunnel easy or tunnelier.



Here's what the nonprofits do... (0)

Anonymous Coward | more than 4 years ago | (#32773976)

Need to balance cheap-as-hell with this-might-get-me-arrested? Activists do it all the time. Here's a snip from an internal manual:

Use a "Virtual Private Network" service to avoid some snooping and beat censorship. This is a lightweight program running on your computer that encrypts all your online activity locally. In effect, it appears as though you are surfing from somewhere else... Until then you can use a free VPN called "Hotspot Shield", which is supported by ads. This is annoying, so we recommend a Firefox plug-in called AdBlockPlus, which blocks the ads. HotSpot Shield also gives you a random IP address, which will defeat most local censorship.

        * Download HotSpot Shield by AnchorFree: [] Hotspot Shield
        * AdBlockPlus ( a plug-in for Firefox browser ) []

Roll your own (1)

rindeee (530084) | more than 4 years ago | (#32774012)

Several options: Setup an SSL proxy on 443. Setup sshd running on a non-standard port. Setup OpenVPN listening on 443. Blah blah blah. I've used all three of these when traveling to countries that heavily filter the 'tubes and met with little issue. I even run VoIP/VTC over them without issue.

Socks + SSH tunnel (0)

Anonymous Coward | more than 4 years ago | (#32774016)

If you have a computer at home with broadband Internet, install a SOCKS server there, open an SSH access. From your laptop create a SSH tunnel, and configure your OS and/or apps to use the SOCKS server (through the tunnel). You double or triple the ping, but you may get good bandwidth.

Is this appropriate? (0)

carvell (764574) | more than 4 years ago | (#32774056)

Is asking a question on how to circumvent the Chinese filtering system really appropriate? It's highly illegal, and you've been pretty blatent about what you want to do and that you don't care.

I'm surprised the question made it to the front page.

Re:Is this appropriate? (1)

Americium (1343605) | more than 4 years ago | (#32774152)

Is it illegal? Connecting to your home computer from China? Obviously it's not hacking the firewall... if the firewall already allows a connection to your VPN, then is that illegal? As an American visitor, is it illegal to look at certain content online? Or perhaps this is only illegal for Chinese citizens... does anyone actually know? Do Chinese police respect the law anyway?

Some random sites blocked for no apparent reason (0)

Anonymous Coward | more than 4 years ago | (#32774064)

I was in China about a year back and had no real problems browsing the internet except for one site that I can guarantee had absolutely nothing to do with Tibet or state secrets or anything like that. I forget what it was now, but it really surprised me at the time. Logging into a VPN let me get there without problems.

Make sure you understand the cost. (2, Insightful)

mtippett (110279) | more than 4 years ago | (#32774066)

If the requirements and restrictions on the Internet in China are enshrined in Law in China, you may be putting your visa at risk.

It's like a Australian 18 year old coming to the US and drinking alcohol and getting caught. In Australia, there no restriction above 18, in the US, it's 21. You get caught, you may not be able to enter the country again.

A local law is a local law, no matter what your views are. What you can do freely in your country may be illegal and carry harsh punishments in others.

Do you really need it? (0)

Anonymous Coward | more than 4 years ago | (#32774086)

If you're traveling for business that's one thing, but if you're traveling for pleasure I don't really see the point.

It's unlikely that the Chinese gov't will care what you do online if you're just surfing slashdot, but do you care enough about that(especially if you won't be using a computer most of the time) to put yourself in a position of vulnerability?

Maybe it's a principled notion. Something like "I'm a Westerner and entitled to a free internet", but again how far are you willing to go for that principle, especially if you're only going for a few weeks, and this internet freedom is really just for you.

Might be over-kill (0)

Anonymous Coward | more than 4 years ago | (#32774088)

You're going to be in the country just a few weeks and not using a computer that much. Yet you claim to need access to the entire Internet at high speed. Those two statements don't seem to make much sense. Really, if it's just a few weeks, you might be better off just playing by the Chinese government's rules. When in Rome do as the Romans do.

You also say you're going to China, but don't want to shell out for VPN service. Honestly, if you can afford to travel to China for two weeks, you should be able to afford a VPN service. Really, you're making this harder than it has to be.

CCProxy (1)

bodhijon (991528) | more than 4 years ago | (#32774102)

I've used CCProxy [] before when I didn't have access to my own linux box, or time, etc. It was fairly easy to guide my non-technical friends over the phone through installation and configuration. It's free for up to 3 users.

Are you serious? (1, Funny)

Anonymous Coward | more than 4 years ago | (#32774116)

>> Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that).

You're just an overly paranoid neckbeard. Don't use the same Slashdot nickname twice and make sure all your equipment, plus your brain, is wrapped in tin foil to avoid atheist Chinese mind reading.

OpenVPN + your computer back home (or a vps) (2)

gpuk (712102) | more than 4 years ago | (#32774174)

I travel quite frequently and often need to subvert the various restrictions of local ISPs (DNS redirection, throttling, censorship etc.). The method that works for me is:

1). Rent a cheap 512MB VPS (I use Linode and highly rate them but there are many other providers)
2). Grab a copy of OpenVPN and set it up in server mode on your VPS (make sure you push "redirect-gateway" to clients so that they send all their internet traffic through the VPN)
3). Install a copy of OpenVPN on the computer you'll be travelling with (set it up in client mode and configure it to point to your VPS).

That's it. All your traffic will now flow encrypted to your VPS where it will then break-out on to the open, unfiltered internet.

Additional tips:
- If you are using Windows on the computer you're travelling with, you need to make sure your DNS queries are going through the VPN (see: [] for what steps you need to take)

- To help obscure the fact you are using a VPN, set the server to use TCP rather than UDP (note: this will increase latency a bit) and set it to listen on a port normally associated with something else (e.g. TCP 993 which is normally used for secure imap or TCP 443 which is normally used for https traffic).

If you haven't got the cash for a VPS (frankly though you should, they are really cheap!), you could always setup the OpenVPN server on your home machine and point your travelling computer to that.....

Good luck!

Subscribe to a SSH tunnel service (1)

Smoodo (614153) | more than 4 years ago | (#32774182)

When I lived in China, I subscribed to a SSH tunnel service. I would setup a small application on my machines that would open a tunnel and funnel that traffic out from America. Be careful trying things like Onion. My financial trading software blocked me when their IT department detected requests shifting from IP to IP from various countries. It looks very suspicious. It's worth the fee paid to the SSH tunnel operators because you don't have to pay for a network connection in the US and they handle all the technical junk on the backend. Also since these service offerings are not super clear on China's Radar, chances of getting the IPs and ports blocked are really small. There is an advantage to being a small fish.

RFC2549 might work ... (0)

Anonymous Coward | more than 4 years ago | (#32774208)

but the Chinese eat anything that moves, and a load of wierd stuff that doesn't so YMMV.

My suggestion for a VPN: (1)

Pathway (2111) | more than 4 years ago | (#32774262)

Fast. Good. Cheap.

Choose any two.

I would suggest Tor [] . (Good and Cheap.)


Load More Comments
Slashdot Login

Need an Account?

Forgot your password?