ByPass China GFW
Posted: Sat Jul 12, 2014 2:09 pm
Let me begin with a massive "Thank You" to everyone involved in this project. “Thank YOU”…
For the most part, my experience to-date using SoftEther has been amazing since its release. The only issues faced consistently relate to staying ahead of those that force internet censorship onto the new generation of global citizens…
China's Great Firewall (GFW)
I have read many articles on bypassing the GFW and this is how I found out about SoftEther. The problem is that over the past month access is becoming "next to impossible" using standard bypass methods. This includes the method that suggests SoftEther’s protocol is not detected by DPI?
As a baseline, I want to add clarity to what the GFW is. The GFW is envisioned as a single device or gateway by most, but it is not. It is a set of policies imposed on network and content providers between the consumer and the mass border gateway proxy used by Beijing Co on international routes.
The design of the GFW is quite brilliant by layering the filtering to many levels and stages to ensure the majority of access is eliminated. As an example anything related to google requests have DNS cache poisoning attached to them by local ISPs and if you get around using local DNS then you end up seeing NET/RESET of the TCP stack again by your local ISP, but if you get beyond them, you may still get caught out by the Beijing Co super proxy.
Beyond these core methods they route any traffic not assigned to pre-approved destinations into the slow lane. The slow lane ensures the user experience is terrible to encourage use of other “approved resources”. As an example, using google maps API is sent into the slow lane whereas Baidu maps gets the high speed route to ensure a positive experience for local content.
Anyways, this was a high level precursor to this thread. This thread is about staying “ahead” of anyone using DPI to block access to an uncensored internet and prohibit free speech…
In the past 6 months things like OpenVPN have become unusable. Along with proxying http over ssh tunnels. Even when changing ports and IPs. Any change in port or IP still ends up with detection and blocking within 20 minutes and sometimes within minutes. Bypassing has become a nightmare and I need help to figure out “creative methods” of getting around DPI?
Open to any ideas? Please HELP!!!
suntzu
aka: a global citizen
For the most part, my experience to-date using SoftEther has been amazing since its release. The only issues faced consistently relate to staying ahead of those that force internet censorship onto the new generation of global citizens…
China's Great Firewall (GFW)
I have read many articles on bypassing the GFW and this is how I found out about SoftEther. The problem is that over the past month access is becoming "next to impossible" using standard bypass methods. This includes the method that suggests SoftEther’s protocol is not detected by DPI?
As a baseline, I want to add clarity to what the GFW is. The GFW is envisioned as a single device or gateway by most, but it is not. It is a set of policies imposed on network and content providers between the consumer and the mass border gateway proxy used by Beijing Co on international routes.
The design of the GFW is quite brilliant by layering the filtering to many levels and stages to ensure the majority of access is eliminated. As an example anything related to google requests have DNS cache poisoning attached to them by local ISPs and if you get around using local DNS then you end up seeing NET/RESET of the TCP stack again by your local ISP, but if you get beyond them, you may still get caught out by the Beijing Co super proxy.
Beyond these core methods they route any traffic not assigned to pre-approved destinations into the slow lane. The slow lane ensures the user experience is terrible to encourage use of other “approved resources”. As an example, using google maps API is sent into the slow lane whereas Baidu maps gets the high speed route to ensure a positive experience for local content.
Anyways, this was a high level precursor to this thread. This thread is about staying “ahead” of anyone using DPI to block access to an uncensored internet and prohibit free speech…
In the past 6 months things like OpenVPN have become unusable. Along with proxying http over ssh tunnels. Even when changing ports and IPs. Any change in port or IP still ends up with detection and blocking within 20 minutes and sometimes within minutes. Bypassing has become a nightmare and I need help to figure out “creative methods” of getting around DPI?
Open to any ideas? Please HELP!!!
suntzu
aka: a global citizen