![]() ![]() I have noticed they have multiple situation, for example when everything's quiet internet is not so bad (despite the fact bandwidth is extremely low for huge amount of people), but when some news came out about government corruption, guess what ? some vpn does not work. Connection to outside web is almost impossible. every open vpn, cisco vpn, etc connection will lose connection every 2-3 min. I am in Iran, you cannot believe it, same here, They use deep packet inspection too, they will shut every package down. I have a lot of respect for all these Chinese hackers like clowwindy who try to escape censorship, as it takes more technical prowess than you think to design a VPN that works in China. All these tools try to obfuscate and hide VPNs. That's why people in China have to use VPN tools that most westerners have never heard of: obfsproxy, ShadowVPN, SoftEther, gohop, etc. But when using a VPN that encrypts data at the IP layer, these empty ACK packets will be encrypted, so The Great Firewall will see the client sending small ~80-120 bytes encrypted packets, and will count this as one more sign that this might be a VPN. For example in a traditional HTTPS session, if the client browser downloads, say, a 500kB image over HTTPS, it will send periodical empty TCP ACK packets as it receives the data. You need to disguise your VPN traffic to make it look like standard HTTPS sessions (since they don't block HTTPS). When they think there is a high probability a VPN is detected, they simply start dropping all the packets.Įncryption is not enough. After some research I read online the government does deep packet analysis and uses machine learning to find heuristics to guess which TCP connection or UDP stream is likely being used as a VPN. If you try this, or even a basic OpenVPN setup, you will quickly find out your VPN works fine for about 5 minutes, but then latency increases to 5sec, 10sec, 30sec(!), and then everything times out. I thought bypassing The Great Firewall was going to be as simple as an "ssh -D" SOCKS setup, or a "ssh -w" tunnel. I was visiting China recently (my first time there). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |