Comment by _ncyj
3 years ago
Used to be a customer of ExpressVPN but after the acquisition, it no longer worked properly in China. Mullvad somehow survives despite their server IP ranges being public
3 years ago
Used to be a customer of ExpressVPN but after the acquisition, it no longer worked properly in China. Mullvad somehow survives despite their server IP ranges being public
Contrary to popular belief, IP blocking isn't the most common way VPNs are blocked these days. Additionally, GFW isn't the same in all of China. Different networks, different cities, have different filtering policies and rule sets. Same as in Russia now.
I'm surprised Mullvad works in China. Do you have to use obfuscation software (shadowsocks, etc)? The GFW blocks WireGuard, right?
> The GFW blocks WireGuard, right?
The GFW is extremely sophisticated in what it blocks and how it blocks it. I have seen it block otherwise random traffic based on packet sizes, packet patterns, stream concurrency, stream duration. It will allow connections, then probe the remote endpoint and disconnect if the probe detects banned services. It will track relationships between endpoints (e.g. blocking one resulting in traffic to another). Traffic that looks off /looks off/ and the GFW will block it -- and looking off may not be the kind of encryption or protocol, but simply how many people are using it from where and for how long.
The toughest part about working around the GFW is its consistency. Its effectiveness can vary by hour, day, political wind, etc. It can vary by what network you are on or the route your traffic takes to leave the country. The GFW isn't perfect, but it is just good enough that you give up trying.
And then every once in a while you get a news report about some VPN user getting arrested, so you get that level of paranoia, too.
I used to find it worked here and there for me (Shanghai Telecom, 4/5G was OK. Home didn't work). Shadowsocks worked well for me but then got janky - ended up using a local VPN for gaming and Windscribe for general browsing. For 3 sweet months I could run a AWS node and relay through that with awesome speeds but then that broke too. Ended up just with a residential IP and that solved everything til I left.
There is of course times like when the Two Sessions are in order and nothing worked.
> Windscribe for general browsing.
Do you work for / are affiliated with Windscribe?
1 reply →
>> Ended up just with a residential IP and that solved everything til I left.
What does that mean? You installed a proxy/vpn server at someone's house in the US and GFW didn't block it?
1 reply →
>The GFW blocks WireGuard, right?
~1-2 years ago: yes Currently: I don't know.
I worked for a web company and we were getting reports that our websites looked wrong/bad/messed up from within China.
So we needed an IP within China to confirm.
1st attempt: SOCKS proxy = worked, and confirmed that GFW or something was screwing up our content. (simple SSH tunnel)
2nd attempt: Wireguard = could not establish a connection to wireguard server hosted on same ISP/co-lo in China as the socks proxy.
3rd attempt: Windows RDS = worked
We ended up using RDS as that was easier for our testers to use. (despite the training I offered)
I’m currently connecting directly to the Singapore server via WireGuard. Not even from the app, just from network manager on Linux. I do have xray and Trojan set up just in case
> surprised Mullvad works in China.
It doesn’t. At least on few tests I did