Seems like China is now blocking SoftEther VPN clients by inspecting packets on the wire rather than simply using a list of banned endpoints. I have users in China and when they try and connect to my SoftEther server all the return traffic from my server to their IP is dropped for 3-5 minutes. I can see their outgoing packets on the wire hitting my server but all return traffic, icmp, non softether, etc. from my server to the client is dropped once it hits China. This blocking only happens when a SoftEther VPN connection is initiated and started mid June.
Does anyone have any thoughts about the pattern matching that China is using to detect SoftEther packets?
I have hacked the SoftEther source (client and server) for my own purposes and have no problems with changing the code or the protocol on the wire but am just wondering if anyone has done any leg work on this and has a solution or any suggestions about avoiding China's DPI for matching and subsequently blocking SoftEther.
Guess it is more sensible for me to just try things until I work out how to avoid their rules and then keep it secret as anything in the public sphere will likely just end up being added to the GFW and I'll be back to square one.
At the same time, Cisco and Juniper VPN clients are not being blocked - guess they helped build the GFW so China doesn't block them - thanks guys.