Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Censorship Government Privacy Security The Internet Your Rights Online

Tunneling Under the Great Firewall? 403

An anonymous reader writes "I am traveling to China in the near future, and needless to say as a Slashdot reader I am going to require access to the Internet. The whole, unadulterated, unfiltered Internet. Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that). I will only be there for a few weeks, and will not be using the computer for much of that time, so I don't want to shell out a lot of money to a VPN service. However I also don't want to be hindered by extremely slow speeds such as those provided by the Tor network. I have experience implementing Web servers and work fairly often with Linux; however, many of my friends who also face the same dilemma don't. What would be the most cost-effective (free is best) method for me to subvert the Great Firewall during my travels while maintaining sufficient anonymity and enjoying sufficient speed?"
This discussion has been archived. No new comments can be posted.

Tunneling Under the Great Firewall?

Comments Filter:
  • Fear (Score:3, Insightful)

    by sopssa ( 1498795 ) * <sopssa@email.com> on Friday July 02, 2010 @11:11AM (#32773620) Journal

    This fear of China is just WTF. "my lack of a nickname on this submission being testament to that", VPN's, Tor, all of that just to browse the regular Internet. Anyone who writes these things obviously have not been there or in the other Asian countries.

    Most of the western quality hotels provide access to unfiltered Internet and you are most likely staying in one of those. Besides, the Chinese and Asian in general are quite relaxed people. Just think if American cops would be this patient and try to help the guy [liveleak.com].

    Seriously, the Chinese, Asian and rest of the world hate and fear by Americans is getting beyond ridiculous.

    • Re:Fear (Score:5, Informative)

      by grub ( 11606 ) <slashdot@grub.net> on Friday July 02, 2010 @11:19AM (#32773740) Homepage Journal

      Besides, the Chinese and Asian in general are quite relaxed people.

      It isn't the general population causing the VPN problems we have with people travelling in China, it's the government.
      • Re: (Score:3, Funny)

        by Anonymous Coward
        Caution! The original questions at the top of this page might have been posted by an agent of the Chinese government, so that all answers offered could be used to eliminate holes in the Great Firewall.
    • Re:Fear (Score:5, Insightful)

      by Moridineas ( 213502 ) on Friday July 02, 2010 @11:20AM (#32773762) Journal

      Slashdot rails against DMCA, censorship, walled gardens, etc, and you expect the Chinese government to get a free pass? What a joke.

      You can raise frail strawmen all you want, but it's not about how "relaxed" Asians or anything else like "hate and fear" that you've just made up in your post. It's very specifically about the Chinese government. Exactly what part of "I am very leery of the government" have you completely failed to understand?

      Is this REALLY a conversation you want to get into?

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Most of the western quality hotels provide access to unfiltered Internet and you are most likely staying in one of those.

      Is that 'unfiltered' access also 'unmonitored'?

    • I don't know why you're at -1, but you know, you probably have a point. I would argue that if you're not browsing 'seditious' Chinese websites (which are probably in Chinese) then the government there probably doesn't give a damn about what you're doing. It sounds like the poster has way too high an expectation of how much other people pay attention to him. Unless you're looking for trouble, or very unlucky, it's just FUD.
      • Even IF you're assuming the OP doesn't care about the Chinese government's filtering and censoring from a philosophical, practical or personal viewpoint, let me wikipedia that for you: http://en.wikipedia.org/wiki/Industrial_espionage [wikipedia.org]

    • Re:Fear (Score:5, Insightful)

      by Lumpy ( 12016 ) on Friday July 02, 2010 @12:28PM (#32775010) Homepage

      Yup. I dont understand also other parts of the question...

      "Shell out a lot of money for a VPN service..." $9.95US for 1 month is a Lot of money?

      He also claims he knows computers yet does not think of setting up his own VPN gateway at home? It's clear he is not moving there, just going there for a few weeks. Nobody I know terminates all their leases and sells all their stuff to go out of the country even for a few months....

      Pay $9.95 for VPN service each month, or set up a linux box as a VPN point. Call it done.

      • Re: (Score:3, Informative)

        Even cheaper: $19 for three months, by the IPREDator: https://www.ipredator.se/ [ipredator.se]

      • Re: (Score:3, Funny)

        by fishexe ( 168879 )

        "Shell out a lot of money for a VPN service..." $9.95US for 1 month is a Lot of money?

        In China it is. Have you seen that exchange rate? Damn...

      • Re: (Score:3, Informative)

        by QuantumRiff ( 120817 )

        Or, if you have a linux web server (as he claims he can setup) setup SSL on there, and redirect all web traffic over the SSL Tunnel. Bonus points if he authenticates to his linux box using keys, instead of a password.

      • Re:Fear (Score:5, Insightful)

        by afabbro ( 33948 ) on Friday July 02, 2010 @03:15PM (#32778136) Homepage
        "Hi, I'm a college student who thinks computers are cool but I don't really get into code or anything. I run Linux because it's L33T and strikes a blow against THE MAN! BTW, I can't get the latest version of Fedora to boot, but that's another question. Anyway, when I get to China I want to connect to some site outside China that the firewall blocks. I will then come back and tell my friends how cool I am! How I am cyberpunk and stuff! Striking a blow for FREEDOM! I mean, yeah, I'd just be doing a search for Falun Gong on Google, even though I'm not really sure who they are, but still, it'd be SO L33T! I know that I'm a dangerous underground revolutionary because I'm posting anonymously on Slashdot out of FEAR OF THE CHINESE GOVERNMENT! Angela Davis ain't got nothing on me. I mean, I'm not crazy - I wouldn't invest $10 for VPN service for this, and your talk of setting up my own VPN gateway is confusing (can I just apt-get that and connect from a kiosk in the Beijing airport?). OK, actually about 95% of the time I dual boot to Windows except when progressive chicks might be walking by my dorm room, and then I switch to Linux with a big tux wallpaper..."
  • Good luck! (Score:5, Interesting)

    by grub ( 11606 ) <slashdot@grub.net> on Friday July 02, 2010 @11:12AM (#32773634) Homepage Journal

    At my workplace we have people who travel to China. On occasion VPN connections from China just stop for hours or days at at time. No hits at our VPN endpoint from China at all; the traffic is stopped upstream somewhere while everything else that is unencrypted works.

    That's the only country we have people visit where the VPN can be problematic.
    • Use SSL proxies. There's a huge number of them, and people scan for and compile lists for new ones all the time. It's not as slow as Tor, but if you find one that doesn't use a standard port (8080, etc) it may work well for you. I use them all the time to download stuff from "geo-locked" websites like the iPlayer/BBC.

      • Re: (Score:3, Insightful)

        Do you really trust using a random SSL proxy for getting out? That's likely to cause even more problems, because you almost certainly do not know who owns the proxy and what they're doing with your traffic. If the guy has to do anything sensitive like banking, his ability to do so safely has dropped precipitously.

      • Re:Good luck! (Score:5, Insightful)

        by Aqualung812 ( 959532 ) on Friday July 02, 2010 @11:31AM (#32773936)
        If you use a SSL proxy, make sure you note the fingerprint of the one you want to use BEFORE you go. Compare it when there to make sure you don't get a man in the middle attack.
      • Re:Good luck! (Score:5, Informative)

        by Cimexus ( 1355033 ) on Friday July 02, 2010 @01:28PM (#32776156)

        Yep, mod parent up.

        Even better, make one yourself. Grab an old box you have lying around, whack a copy of Ubuntu on it (or other Linux distro of your choice), enable SSH server and leave it running on your net connection at home. Then using PuTTY or whatever on your laptop you're taking to China, make SOCKS proxy/SSL tunnel to your home box and you are good to go.

        Free software and simple to do. Speeds are limited by the speed of your connection in China, and obviously the upstream speed of your net connection back home. But should be enough for basic browsing.

    • A friend of mine is working for a supplier of automotive parts with (at the time) two branch offices in Luxembourg, and one in the United States (Detroit).

      All 3 are linked together with a VPN.

      And just after the planes struck the buildings on 911, the VPN with Detroit mysteriously went down. Unencrypted connections continued working as if nothing happened (so it's not a case of a router being located physically in WTC, or whatever). A couple of days later, all was back to normal. No explanation ever follow

    • Re: (Score:3, Informative)

      by Anonymous Coward

      I live in China. I access the Internet unhindered. I've never, in nine years, encountered a situation where only encrypted links are shut down (for even MINUTES at a time!) while everything else went through. I have experienced situations where specific backbones get so badly clogged up that *all* traffic (including, sadly, my link to my VPS) is screwed up, but never one where just the link to my VPS was down.

      That's almost a decade, folks. I'm not quite calling "bullshit" on grub here. I'm sure he's se

    • Re:Good luck! (Score:4, Informative)

      by Amouth ( 879122 ) on Friday July 02, 2010 @11:36AM (#32774042)

      i run a VPN server for several friends of mine - the whole use is to get around what ever they run into - be it China (rare but they do go there) or some lame ass university's filter..

      one of the more often used services for really locked down places is a good old SOCKS server running on 443..

    • Fast, Easy, Secure. Pick any two.

      Sorry, pal - it's those pesky laws of the universe or something gettin' in the way...

  • Make a proxy. (Score:2, Informative)

    by stanlyb ( 1839382 )
    Have somewhere a computer with real IP, and start some proxy server. Or even some remote-control(vnc,rdp), if you have a good bandwidth.
  • SSH (Score:5, Informative)

    by Hatta ( 162192 ) on Friday July 02, 2010 @11:14AM (#32773652) Journal

    SSH tunneling with SSH -D is trivial to set up. Make sure you forward DNS with network.proxy.socks_remote_dns set to true if you're using Firefox.

    I think I read that SSH can even create a virtual network device that forwards all traffic over a tunnel. Haven't had time to play with that though. That would be a great solution for every app, even those that don't support SOCKS proxies.

    • Re:SSH (Score:4, Informative)

      by leuk_he ( 194174 ) on Friday July 02, 2010 @11:21AM (#32773774) Homepage Journal


      -Setup a ssh server outside of china, always on. for windows use some port like copsshd.
      -Set ip up at an alternate port (not 22, use 443), it will obfuscate it a little bit.

      In china run ssh client, putty can do this, tunnelier has some more options
      https://calomel.org/firefox_ssh_proxy.html [calomel.org]
      Then use proxy options of firefox to send traffic over this proxy. Be careful no to leak too much dns info.

    • Re:SSH (Score:5, Insightful)

      by richardellisjr ( 584919 ) on Friday July 02, 2010 @11:28AM (#32773882)

      I'm not sure if this is what your referring to but I use a SSH socks proxy and tsocks under linux quite a bit to allow proxy unaware apps to be use it (like RDP). The only issue I have with this setup is DNS. Since it primarily uses UDP not TCP for lookups they are all performed against the locally configured name servers not the remote. I haven't found an elegant solution for this yet but your network.proxy.socks_remote_dns config may help a lot (I've never heard of that before).

      For the original submitter, I understand your reluctance to being restricted and object to the idea of the great firewall as much as the next guy, however is completely open access really worth breaking the law there and potentially being imprisoned in China. Also keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful. If you really don't like the law don't travel there, if your trying to make some sort of political statement (which I doubt) then best of luck to you... China isn't well know for being good sports about that sort of thing.

      • so keep in mind that while you may object to the concept of the firewall but you are a guest in the country and breaking any countries laws while as such is really disrespectful.

        Allow me to play the world's smallest Er-Hu.

        • Re:SSH (Score:5, Insightful)

          by norminator ( 784674 ) on Friday July 02, 2010 @12:31PM (#32775068)
          While the traveler is in China it's probably not a good idea to risk legal issues with the Chinese government.
    • Re: (Score:3, Informative)

      by Nerdfest ( 867930 )
      TSocks may be the application you're looking for. I haven't gone through the setup of it yet but it looks like it will tunnel any traffic through ssh.
      • Re: (Score:3, Insightful)

        by Hatta ( 162192 )

        Actually, this [perturb.org] is what I was thinking about. You get an actual entry in ifconfig, and with a little routing it should be entirely transparent to all applications.

    • NX is a great cross-platform remote desktop application that runs over SSH. On Ubuntu, I just installed the sshd package and the NX packages from nomachine.com and it's usable for any ssh-able user account on the machine. Just open a port on your router and maybe get a domain for it and you're ready to go.

    • Re: (Score:3, Informative)

      1. ssh -ND 8080 anyserverwithssh
      2. Direct Firefox to use localhost:8080 as a socks5 proxy

      Confirmed to work in China by a friend who was recently there.

  • if not, do

    ssh -D 9999 my.home.machine

    then use localhost port 9999 as the SOCKS proxy.

  • Screenshare (Score:5, Interesting)

    by bobdotorg ( 598873 ) on Friday July 02, 2010 @11:17AM (#32773686)

    Before leaving, set up a computer with decent upstream bandwidth and VNC / screen share. Pretty simple, and only shows a connection to that one IP address. If you use OSX it's a 30 second setup in sharing preferences, and I'm sure that there are windows and Linux equivalents. You may need to tweak the ports to get under the Great Firewall.

    However, one significant drawback (with the OSX solution) is that audio is not streamed. Another is lag with slow / far connections.

    But it will get you the full net.

    • Re:Screenshare (Score:4, Insightful)

      by ckthorp ( 1255134 ) on Friday July 02, 2010 @11:40AM (#32774126)
      I vote for this strategy because then no contraband will ever be present on your computer in China. Nothing on the computer, nothing for authorities to find in your cache or via deleted file recovery.
    • Re: (Score:3, Interesting)

      by the_one(2) ( 1117139 )

      A friend's friend for whom I set VNC up for it didn't work to well. The connection was heavily throttled and to slow to be useful.

      • Re: (Score:3, Interesting)

        by dintech ( 998802 )

        Yes, when I was in Japan the lag to Europe made logmein and VNC a bit of a chore to use. Some kind of tunnelling will make for a better user experience in my opinion.

  • Anonymous? (Score:5, Funny)

    by Hoi Polloi ( 522990 ) on Friday July 02, 2010 @11:17AM (#32773702) Journal

    Just change your online name to "FreeTibet". They'll never notice.

  • Ummmm... (Score:5, Insightful)

    by Anonymous Coward on Friday July 02, 2010 @11:19AM (#32773722)

    I suggest that you play nice with China's laws if you are going to China. Trying to bypass their firewall as a foreigner traveling there is more likely to attract the sort of attention you don't want than anything else. As you said, you're just going to be there for a few weeks. Do you *really* need to search for the kind of stuff they filter out while you are there?

    My wife travels regularly to China for work. We are very careful about our conversations on the phone when she's there, and about the emails we send when she's there. I sure as hell would never advise her to try to bypass their firewall.

    If you are a Chinese freedom activist, by all means, you know what you're getting into, bypass away. I support the people of China in their efforts to access the whole internet, to speak their minds, to be as free as they care to be.

    If you are a Westerner visiting, I'd suggest you just hold your horses there bucko and deal with the internet you can get from your hotel room and don't make yourself look more suspicious than you actually are. You really, really don't want anybody to think you are doing anything against Chinese interests while you're there. Seriously.

  • Keep your home computer run at home with SSH listening to a non-standard port (80 or 443 are good choices).

    If you're going to be using Windows computers in China take a USB thumbdrive with you with a copy of PuTTY installed.

    Forward ports 53 and 3128 and set your web browser proxy and DNS settings appropriately.

  • remote desktop (Score:3, Interesting)

    by circletimessquare ( 444983 ) <circletimessquare@@@gmail...com> on Friday July 02, 2010 @11:19AM (#32773726) Homepage Journal

    if on windows, set up your home computer to accept incoming rdp requests (and configure your router to pass that port to the right machine), and leave your home computer on the whole time

    login remotely, and surf anywhere you want

  • The best solution may be to set up a private proxy such as CGIProxy on your own web server behind HTTP auth. Then access it via HTTPS only (on slashdot I think I read a story where someone's site was blocked for such a proxy... using HTTPS greatly reduces the chance of that). I think there was speculation on slashdot a while ago that the Chinese government could probably issue signed SSL certs if they wanted to and thus easily perform man-in-the-middle attacks. You should probably check to be sure the ce

  • SSH as a solution (Score:2, Informative)

    by segin ( 883667 )

    This is a really simple problem to solve.

    Keep a box at home, run Linux/*BSD/whatever on it. Have SSH on it. Run SSH on a "common" port that's not 22. 21, 23, 56, 69, 80, and 443 are good candidates. For good measure, keep a small web-based admin util on some other common port (with SSL!) in case you guessed the SSH port wrong.

    Use SSH as a proxy. I forgot exactly how to acomplish this on *nix but on Windows... Use PuTTY. Connection -> SSH -> Tunnels. Set a random source port (which is what port you con

    • This is all good advice.

      As for your port advice, I agree to avoid port 22 -- I have this totally disabled on my FreeBSD system.

      443 is a good alternative since it is the normal HTTPS port, but in my work as a consultant I've run into client networks where HTTPS works fine but SSH through port 443 doesn't work at all. I seldom get to the bottom of it, but usually its a filtering/transparent proxy device that works with normal HTTPS traffic.

      My work around (that hasn't failed yet) has been to run my SSH server

  • by Sleen ( 73855 ) on Friday July 02, 2010 @11:22AM (#32773796)

    So when China asks slashdot how best to catch people circumventing their firewall, how would they do it? They might pretend to be a western touron visiting their fair nation and asking some innocent questions about firewall circumvention. If any of these methods are effective, they are likely to cease being effective now that they are widely published. Either way, the anonymity of the poster prevents direct help and indicates perhaps a clever approach to hardening the firewall.

    • Hey, if all information wants to be free, it will be free for everyone, including the "bad guys".

    • by Thiez ( 1281866 )

      Yes, because the IT experts in China are all complete retards and they have never heard of SSH/Tor/whatever... no only us smart people from the west know and understand about these tools...

      Have you considered that China probably knows about every method mentioned in the responses and probably some more? It's likely that they've decided that things like ssh filtering are too hard, or that they're not really worth the hassle, or that the prototype of their new ssh-block-o-tronic (made from the souls of dead p

      • by rindeee ( 530084 )
        For the most part, they (not just China, but most countries that try to control content) go after low hanging fruit. There are indeed a couple of ME countries that employ high-end Narus filters which, if managed and updated near real time, could pretty well block any means of bypass. The reality of implementation however is that it's just not worth the time investment. Typically with a bit of tweakery one can manage to use SSH, OpenVPN, an SSL proxy or some other form of obfuscation to circumvent the fil
  • Meh, I'd just simply chalk it up to part of the cultural immersion, to experience the internet the same way the locals do. Ask the Chinese at internet cafes, they'll probably be more than happy to point you to the workarounds they use.

    For my part, I'd simply run ssh back to my box and run "links" to do searches from home.

    With a little more effort, you could do SSH+TightVNC or TigerVNC to extend your home desktop... performance is actually pretty decent even with modem-like uplinks.

    With a bit more effort, y

  • You said you'd only be there for a few weeks, and you wouldn't be using the computer that often. Are you sure you can't live without some parts of the internet under those conditions? If it's really that important to you, then perhaps you should restrict your travels to Hong Kong and Taiwan instead of mainland China?

    After all if the firewall is the law, subverting the firewall may be illegal; which could lead to your stay being longer than expected ...
  • by Anonymous Coward

    Sorry, but that's what this is. The internet is regulated by the Chinese government, it's kind of asinine to ask users how to circumvent and break Chinese laws.

    When you're in another country or in someone else's home, you follow and abide by their rules. It's not just being respectful, its good manners.

    The Great Firewall sucks, but that's how they roll. Just suck it up and deal with it.

    • by Darkness404 ( 1287218 ) on Friday July 02, 2010 @11:32AM (#32773962)
      But when the law unfairly restricts your natural rights, then the breaking of that law is completely justified, hell, armed revolution in the case of China is very much justified for the Chinese people.

      That said, I'm not sure if I'd really do it in China as a tourist, not that they'd probably do much (China gets western businessmen all the time) but I just wouldn't want to take the risk unless.

      But really, if a law is unjust and violates natural rights, you have every right to break it, some may say you even have a responsibility to break it because by not breaking it you in essence prop the law up.
      • But when the law unfairly restricts your natural rights, then the breaking of that law is completely justified, hell, armed revolution in the case of China is very much justified for the Chinese people.

        You be sure and tell them that at the Peking police station.

        I have never seen more drivel in my life. If you don't want to follow the laws of the country, then *don't go*. Same with any country including the good old USA. Do otherwise and you a

      • by ElKry ( 1544795 )
        So what you're saying is that accessing every single website on the internet is a natural right?
  • Forget About Speed (Score:4, Informative)

    by malloc ( 30902 ) on Friday July 02, 2010 @11:28AM (#32773878)

    ... while ... enjoying sufficient speed?"

    Unless they've opened a few new trans-pacific pipe connections since I was last there, forget about speed. Maybe it was just my ISP (Great Wall, ha) but within China you can get nice (e.g. 750kb/s) speed but the moment you cross the pacific your latency is killer and you're crawling at 5-10kb/s. This is using corporate VPN or without. I suspect the actual throughput is a result of active throttling by the State. In terms of restricting general information, making something extremely painful is nearly the same as blocking it.

  • by nurb432 ( 527695 ) on Friday July 02, 2010 @11:29AM (#32773900) Homepage Journal

    What you are asking is illegal there. If you get caught bad things will happen to you. Is it really worth the risk for a couple of weeks? Are you THAT addicted?

    • by Anonymous Coward

      "There are just laws and there are unjust laws. I would agree with St. Augustine that an unjust law is no law at all... One who breaks an unjust law must do it openly, lovingly...I submit that an individual who breaks a law that conscience tells him is unjust, and willingly accepts the penalty by staying in jail to arouse the conscience of the community over its injustice, is in reality expressing the very highest respect for law."

      - Martin Luther King, "Letter from the Birmingham Jail," April 16, 1963.

  • I know of large US companies that do not allow executives to take their laptops into China, as they assume that its contents will be read (at the border or elsewhere). So, they get a sanitized laptop for the trip. Sounds extreme, but there have been cases of industrial espionage in the past.

  • ...so the Chinese government can make their Great Firewall better!

    Seriously, does this person believe that /. readers are so gullible that they will lay out their best-kept secrets here? Or how do we know that you aren't a Chinese operative trying to mine the collective wisdom of /.?

    In fact, if you need to ask, you probably don't need the "unadulterated, unfiltered" Internet as much as you think you do. Go, enjoy your trip. The Internet will be there when you return.

  • I advise you to also bring a 'throw-away' computer, unless you keep your current computer with you at all times. Depending on your business, if you leave your computer behind somewhere (hotel room, security) you may return to find it perfectly fine, maybe even with a bit extra hardware or software if you get my meaning.

    At the very least, be prepared to wipe it clean when you get back home.

  • Several options: Setup an SSL proxy on 443. Setup sshd running on a non-standard port. Setup OpenVPN listening on 443. Blah blah blah. I've used all three of these when traveling to countries that heavily filter the 'tubes and met with little issue. I even run VoIP/VTC over them without issue.
  • by mtippett ( 110279 ) on Friday July 02, 2010 @11:37AM (#32774066) Homepage

    If the requirements and restrictions on the Internet in China are enshrined in Law in China, you may be putting your visa at risk.

    It's like a Australian 18 year old coming to the US and drinking alcohol and getting caught. In Australia, there no restriction above 18, in the US, it's 21. You get caught, you may not be able to enter the country again.

    A local law is a local law, no matter what your views are. What you can do freely in your country may be illegal and carry harsh punishments in others.

  • by gpuk ( 712102 ) on Friday July 02, 2010 @11:44AM (#32774174)

    I travel quite frequently and often need to subvert the various restrictions of local ISPs (DNS redirection, throttling, censorship etc.). The method that works for me is:

    1). Rent a cheap 512MB VPS (I use Linode and highly rate them but there are many other providers)
    2). Grab a copy of OpenVPN and set it up in server mode on your VPS (make sure you push "redirect-gateway" to clients so that they send all their internet traffic through the VPN)
    3). Install a copy of OpenVPN on the computer you'll be travelling with (set it up in client mode and configure it to point to your VPS).

    That's it. All your traffic will now flow encrypted to your VPS where it will then break-out on to the open, unfiltered internet.

    Additional tips:
    - If you are using Windows on the computer you're travelling with, you need to make sure your DNS queries are going through the VPN (see: http://openvpn.net/archive/openvpn-users/2006-09/msg00020.html [openvpn.net] for what steps you need to take)

    - To help obscure the fact you are using a VPN, set the server to use TCP rather than UDP (note: this will increase latency a bit) and set it to listen on a port normally associated with something else (e.g. TCP 993 which is normally used for secure imap or TCP 443 which is normally used for https traffic).

    If you haven't got the cash for a VPS (frankly though you should, they are really cheap!), you could always setup the OpenVPN server on your home machine and point your travelling computer to that.....

    Good luck!

  • Fast. Good. Cheap.

    Choose any two.

    I would suggest Tor [torproject.org]. (Good and Cheap.)


  • set up openvpn on a machine at home. use xinit.d to enable two listen ports one on port 53 and another on port 443. be sure to reroute all of your traffic over the tunnel. you will need a dns server internal to your network at home.

    this is an example of an xinit.d/ovpn-file to listen on port 53

    service anon-reader53
    type = UNLISTED
    port = 53

  • It is not THAT bad. The whole nation is NAT'ed. You will not have a proper IP address. almost certainly 10.x.x.x. I use the web a lot, and the vast majority of sites work. Groklaw did not work for me, or BBC. But Tor gets around all of that. BitTorrent is slow due to no inbound connections.

    To me the bigger problem is dumbass companies trying to 'help' me by detecting my location and localizing.. Just because I am in Whereveristan does not mean I can read the language. My http headers specify us-en.

  • Don't go (Score:3, Insightful)

    by Megaport ( 42937 ) on Friday July 02, 2010 @02:48PM (#32777696)

    My daughter is living in Beijing for a year so before she left I got her a notebook and set it up with everything she'd need. For a brief moment I considered installing an SSH tunnel or VPN access back here to home, but then I thought about what my ex-wife's voice would sound like when she said, "they are detaining our daughter because they found military grade encryption software on her computer. How did that get there?" and decided against it.

    Seriously, if you disagree with their policy don't go. In your own country you have the right to civil disobedience against unjust laws. In another country you are a guest and should act appropriately.

    I'm an Aussie, our countries fought together in many wars (some still ongoing) and about as peaceful a partner as the US can get. Despite having travelled to the US about a dozen times and even lived over there for a couple of years, I have refused to return because you want to fingerprint me on entry now.

    If you disagree with a requirement of entry. Don't go. It is astonishing that you would premeditate to break China's laws because of your political views when your own country has a bunch that you have not fought against.



  • by GlL ( 618007 ) <.moc.erutnev-ten. .ta. .lig.> on Friday July 02, 2010 @03:48PM (#32778558)

    I wonder if the AC who posted the question might be a lazy network tech in China trying to close holes?

I've never been canoeing before, but I imagine there must be just a few simple heuristics you have to remember... Yes, don't fall out, and don't hit rocks.