I’m going to China soon and I’ll be in charge of of connecting a team back to our central office. I do understand that using firewalls to circumvent the great firewall is not allowed, but how are we supposed to deal with private traffic going back to the Head office?
Thanks
They are generally not looking at shutting down business site to site vpn tunnels. To my knowledge they are targeting vpn connections that their citizens are using to circumvente The Firewall
Make sure to follow the Chinese “data localization” laws - check if your company is affected by them when it comes to storing “Chinese” data (personal information, critical data - whatever that means for you). Apart from that, company site-to-site VPN’s are no problem, never had any regulation issues with remote sites in China. There are several Chinese ISP’s offering special products with better/good connections to EU, US or other countries - I recommend looking for these if you require a stable connection.
The mere fact people are asking this should be a massive red flag about doing business in China.
I’m in the same boat. We were planning to cut our MPLS line and deploy a VPN solution but I’m not so certain now. I’d love to see some sources that say corporate VPNs are okay.
This looks like a good use case for VDI.
As an example Back int he early 2000’s when SUNRAY was the definitive solution for long distance VDI, SUN would deploy this solution to their chinese dev’s/workers. When the chinese government would come through and sieze the devices, they would just get dumb terminals. (Sauce: Old man worked for SUN/Oracle from 2000 to 2017)
If you use an SSL based VPN to access a remote computer through a browser, it looks like web traffic and no one knows…
Some are! They are on a approved list which idk where to find but the idea goes if it’s approved it’s because the Chinese gov can access it
I worked for a company that would send engineers and execs to Shenzhen a couple times a year. We had SSL VPNs set up via our Sonicwall, the only issue I ran into is it being pretty darn slow at times. As soon as they left Shenzhen and went to Hong Kong, speeds were solid.
private traffic in China
First mistake. This doesn’t exist, which is why private VPNs are no-no.
We had a Huawei instructor over a few months back.
He was clearly acessing a VPN from time to time (even though everything just was emojis and random signs… lol)
Any suggestions for a ISP in Sanya?
If your company has the potential to save millions in labor wages and benefits by moving to production to China and they only have to sacrifice data security to do it; guess what your average 2-year tenure CEO is gonna do.
Of course it is a red flag. Does that mean I won’t deliver a workable solution? I am trying to do this right and not use a concealed way. China has its own set of laws with which we need to comply if we are to do business there.
I found this http://www.miit.gov.cn/n1146290/n4388791/c5471946/content.html . It seems corporate VPN are ok if provided by a registered Chinese provider
I would love to do everything via VDI, unfortunately, the team is quite small 65-75 people, and mostly coming from everywhere with their own laptops and desktops.
Did you imagine that? Or is there a source?
Well, having the Chinese government inspect my traffic is not really desirable, but we could probably live with it if that’s the only legal way.
There’s really only 2 choices in China. China Telecom and China Unicom. And they’re both controlled by the gov’t. We tried over the years all sorts of site to site vpn’s on both providers but in the end the only way to get a stable connection that doesn’t get shut down is to get an MPLS circuit.
That’s the point. You can’t. Anything you provide will absolutely be ripped apart if China wanted to. No data is safe going in or out of China, regardless of if it’s encrypted.
Companies that do business in China are just asking for trouble.
This article contains a bit more information (and refers to the link you posted)