I have OpenVPN setup, hosted on my PFsense box. I use FreeDNS (afraid.org) for DNS A-record forwarding so I now have a hostname instead of IP, should it change.
I know China has the great firewall, so I’m wondering if I can still access my home network, mostly for watching my cameras / security. As of now I have a .com domain, if I picked a .cn (which afraid.org does offer), would that help at all?
Is there any kind of obfuscation methods I could try, or use some 3rd party proxy service?
Set up something designed for bypassing GFW as fallback. Shadowsock with XRay/Cloak, optionally fronted by a CDN should have a good chance of being accessible.
See /r/dumbclub (real sub).
My self-hosted wireguard instance was accessible in china
I am using eSIM for Asia (currently traveling in China), and my VPN working, and all the common apps which should be blocked are working.
However, the hotels WiFi is blocked for the most common services.
Don’t even take tech, buy a burner everything and trash it on return. Don’t access any of your stuff while in China… there are reasons government reps behave this way.
This was from almost 10 years ago: https://www.reddit.com/r/China/comments/2y3qxk/the_gfw_vpn_block_speculation_on_how_its_done/
At that time, it was believed that they used deep packet inspection to detect VPNs (and other traffic they wish to block), and when detected, those connections would be shut down, which could take anything from minutes, to hours or even days.
I’d like to think that the GFW has evolved significantly since.
Supposedly, it has been said that, network connections “for foreigners” (eg. roaming your overseas mobile) are less restricted. I’ve previously also heard that the internet connection for guests at some of the nicer hotels (5 star?) are similarly less restricted too.
As a US citizen having been to the mainland several times, the GFW is not the problem I had expected it to be. As others here have said, there is an exception/leniency for foreign devices on roaming. The PRC aren’t stupid, the GFW isn’t meant for outsiders and they’ve certainly realized this tradeoff was in their best interest to shape visitor perception and/or for surveillance/intelligence gathering opportunities.
Google Fi + Tailscale has served extremely well on my international travels, including traveling in mainland China.
I hate to shill Google, but Google Fi just can’t be beat for international travel IMO. While they use T-Mobile network in US they must have their own local agreements abroad. I’ve been able to compare AT&T and T-Mobile on my work cell and with travel partners and it blows them away on connection bandwidth. I recommend anyone that travels internationally with any frequency or for an extended time to at least have a look into it.
I own ( technically not true ownership) an apartment and my in-laws live there since my wife and I return back to the US. I have a home assistant there I still manage and I use WireGuard for that. VPNs are not illegal in China in regards to that use case. For a Chinese citizen like my wife or in-laws to be caught with nordvpn or ExpressVPN on their phone, they could be arrested but most likely they would be forced to remove it and given an education lesson. But companies there rely on VPNs for secure connections and traffic.
It’s better to just assume that you cannot access most of your regular Internet sites and services while you’re there. For those that you can, you can be assured that the GFW can see and log everything you are doing.
Use of VPNs is forbidden and if it looks to them like you are trying to get around anything that the GFW blocks, don’t be surprised if someone unfriendly comes to visit you in person about it.
Don’t bring any laptop, mobile, or e-reader device. The border guards are very likely to copy your data, or confiscate your devices. (Likely saying they were lost or stolen.) You can buy devices while there, but assume everything you do on them will be monitored and that the devices can send your location, audio, and video to authorities at any time.
If you are going on vacation, just bring a couple of your favorite politically neutral physical books to pass the time. Buy a dumb phone or the cheapest smart phone you can find and only use it to make calls. (They will be monitored.) Go sight seeing and enjoy the deep and rich culture of the Chinese people.
If you are going for work, your employer will provide a laptop while you’re there and will give you training on what you can and cannot do.
Don’t know if it would help in China but an OpenVPN server listening on TCP gets me access from just about anywhere, even tunnelling through a proxy.
I used my Synology self hosted vpn while in China.
It was patchy, sometimes wouldn’t connect but when it did it worked well.
The way its been explained to me is that ISPs implement their own measurements some are better than others.
I had Proton as a fallback which with its server hopping worked way better
Some people I know went to China and their OpenVPN servers didn’t work (was filtered by the GFW). But my OpenConnect VPN server (ocserv) instances on port 443 worked without problems for them. It’s standart TLS, so more difficult to distinguish from normal https. The client support on linux is perfect… with very good integration into networkmanager. The opensource client on windows is not very good, but you can use the Cisco client (if you are willing to put time into finding an installer; don’t care about the question of how legal it is; and don’t care that it’s a nightmare to uninstall fully). The cisco clients from app stores on iOS and Android work perfectly.
I’ve read reports that Tailscale works in China. But I haven’t tried myself.
It’s been several years since I’ve gone, but a DigitalOcean VPS running wireguard was accessible in Beijing, Guangzhou and Shenzhen. AFAIK, corporate VPN access is not blocked in most areas. You’d also need to setup a tunnel back from the VPS to your home network.
I’m pretty sure that VPN to dynamic/residential IP’s won’t work reliably. And I suspect DNS in China won’t resolve domains registered to FreeDNS. Both would be easy to identify and block.
I tried self-hosted Wireguard, accessed it from a Chinese SIM. It worked for a couple of days, after that it was blocked.
If you use a data SIM card that is intended for traveling to China, it should not get filtered by the firewall.
My last experience with China was in 2019 so my info might be outdated.
I used Openvpn on tcp via port 443.
Spent 2 weeks there in 2 different cities.
In each city my VPN would work on the hotel wifi for the first 2 days or so and then it was blocked.
It still worked in either our office or via my phone hotspot. (EU based company, German phone with a German SIM card.)
That is some nice homework right there, never heard of that before. Looks pretty interesting, thanks.
How long did it work? i have one set up and it worked for one day. If yours worked longer, would you mind providing some details - e.g. who is the cloud provider, where is your server location etc. Thanks
This, Airalo worked fine for me. Nothing was blocked at all.
I did end up quickly running out of data, though, because I forgot to turn off uploading to Immich lol
I hear you and agree, but at the very least I would like to monitor my cameras / security / temps…etc.