October 03, 2016

Circumventing Internet Censorship in China

It’s been a while since I went back to China in June this year. This post is intended as a summary of my most recent Internet experience using some very useful bypassing techniques.

AT&T Passport Data

AT&T Passport is the international data roaming plan by AT&T. With this plan enabled, you are able to select available network carriers (such as China Unicom) while in China, but need no further censorship circumvention, as if you were using a non-China network carrier directly. I’m not clear if other mobile network providers behave similarly. However, this method has its limitations of data usage, so you cannot use it freely.

ocserv

OpenConnect VPN server (ocserv) works best of all means. It is fast and stable.

To ease the server-side setup, I used ocserv-docker on a DigitalOcean box and a Linode box. By the time I was setting it up, there was some dependency errors, so I forked it into my own GitHub repo, fixed the errors, and built a Docker image. I ran the following commands on an Ubuntu 14.04 system that uses UFW:

# Add UFW rules
sudo ufw allow 443/tcp
sudo ufw allow 443/udp
sudo service iptables-persistent save
sudo ufw reload

# Install Docker image
mkdir -p ~/ocserv-docker/ocserv
touch ~/ocserv-docker/ocserv/ocpasswd
wget https://raw.githubusercontent.com/shichao-an/ocserv-docker/master/ocserv/ocserv.conf -O ~/ocserv-docker/ocserv/ocserv.conf
sudo docker run --name ocserv -d --privileged -v ~/ocserv-docker/ocserv:/etc/ocserv -p 443:443/tcp shichaoan/ocserv-docker

# Add user and prompt for password
sudo docker exec -it ocserv ocpasswd shichao

# Debug
sudo docker logs ocserv
sudo docker exec -ti ocserv /bin/bash

Then, you can install Cisco AnyConnect clients on both your computer and mobile devices and try to connect your server.

Shadowsocks

Shadowsocks also works well. It’s just that I didn’t bother to set it up my mobile devices, that is, iPhone and iPad. I set up the server side with my Docker image, whose source is shichao-an/docker-shadowsocks-libev.

ExpressVPN

ExpressVPN, one of the best commercial VPNs, is slow and unstable most of the time, which is basically unusable in China.

Pulse Secure

My company provides Pulse Secure SSL VPN. It is usable, but very slow.

Posted by Shichao An

Tags: Network

• Personal Hotspot Backup Plan »

Recent Posts

• Circumventing Internet Censorship in China
• Personal Hotspot Backup Plan
• Relationships among nice, priority and weight in Linux kernel
• Setting up nss-ldapd on Ubuntu 14.04
• Auditing user TTY and root commands with auditd on Ubuntu
• Setting up OpenLDAP client server with SSH access on Ubuntu 14.04
• Setting up OpenLDAP server with OpenSSH-LPK on Ubuntu 14.04
• Tunneling RDP over SSH with xrdp and xfreerdp
• RabbitMQ clustering and high availability on Ubuntu EC2 servers
• Serving local filesystem using nginx on OS X

Search

Tags Cloud

Apache   auditd   AWS   Bash   BSD   C   CentOS   Computer Science   Django   DNS   Eclipse   Emacs   Fedora   GDB   Hacking   iOS   iptables   Java   Linux   MongoDB   MySQL   Network   Nginx   OCaml   OpenLDAP   OS X   Perl   PHP   Python   RabbitMQ   RDP   SML   Sphinx   SSH   Tunneling   Ubuntu   Unix   Vim   VPN   Windows