The Chinese Censors Are Winning

Post your questions about VPN Gate Academic Experiment Service here. Please answer questions if you can afford.
Post Reply
rollingscissors
Posts: 18
Joined: Sun Mar 17, 2013 4:07 am
Contact:

The Chinese Censors Are Winning

Post by rollingscissors » Fri Jun 14, 2013 8:05 am

Things are taking a turn for the worse regarding connectivity from China.

Since the beginning of June it has been more and more difficult to use the VPN Gate servers from locations in China. Even the L2TP/IPSec connections are being blocked within a few of hours, especially on the American, UK, and Canadian servers. OpenVPN servers only last a couple of hours before they are taken down for Chinese netizens.

I have some suggestions for the good volunteers who go through the trouble to run these servers:

1) Configure OpenVPN so that is NOT on port 1194 or 1195. The Chinese block those ports outright. Think of large random numbers for ports, like 3389, 40231, or other numbers.

2) When the OpenVPN software is updated to support protocol obfuscation, use it. The GFW doesn't do so well when it can't identify packets.

3) Set the OpenVPN MTU to something smaller than the default. Try 1100, for example, or something smaller that doesn't scream "I am OpenVPN" to the packet inspectors.

4) How about a better implementation of LT2P/IPSec? Longer passwords and a guide which actually reflects the proper client configuraton? Right now there is one guide which doesn't address the way many of the servers are set up.

5) SoftEther? I'm all for new protocols that are hard to detect and hard to break. Keep up the good work. It seemed good in my virtual machine until the GFW blocked the server's IP.

VPN Gate is great for users outside outside places like Iran, China, or North Korea. There is, in those nations, a diminishing usefulness of VPN Gate which can be revived with a more creative approach to beating the censors. With proper effort, the GFW can be made into a leaky crumbling ruin...

Post Reply