Comment by contact9879
3 years ago
I'm surprised Mullvad works in China. Do you have to use obfuscation software (shadowsocks, etc)? The GFW blocks WireGuard, right?
3 years ago
I'm surprised Mullvad works in China. Do you have to use obfuscation software (shadowsocks, etc)? The GFW blocks WireGuard, right?
> The GFW blocks WireGuard, right?
The GFW is extremely sophisticated in what it blocks and how it blocks it. I have seen it block otherwise random traffic based on packet sizes, packet patterns, stream concurrency, stream duration. It will allow connections, then probe the remote endpoint and disconnect if the probe detects banned services. It will track relationships between endpoints (e.g. blocking one resulting in traffic to another). Traffic that looks off /looks off/ and the GFW will block it -- and looking off may not be the kind of encryption or protocol, but simply how many people are using it from where and for how long.
The toughest part about working around the GFW is its consistency. Its effectiveness can vary by hour, day, political wind, etc. It can vary by what network you are on or the route your traffic takes to leave the country. The GFW isn't perfect, but it is just good enough that you give up trying.
And then every once in a while you get a news report about some VPN user getting arrested, so you get that level of paranoia, too.
I used to find it worked here and there for me (Shanghai Telecom, 4/5G was OK. Home didn't work). Shadowsocks worked well for me but then got janky - ended up using a local VPN for gaming and Windscribe for general browsing. For 3 sweet months I could run a AWS node and relay through that with awesome speeds but then that broke too. Ended up just with a residential IP and that solved everything til I left.
There is of course times like when the Two Sessions are in order and nothing worked.
> Windscribe for general browsing.
Do you work for / are affiliated with Windscribe?
Yeah I made the original map and the updated version, updating the suggestions from the thread now so if you have any by all means let me know and I'll add them.
I made this while in China: https://www.reddit.com/r/shanghai/comments/pp39xi/the_2021_c...
Was based there 4 years so got very familiar with the VPN scene over there so if you have any questions let me know! I found for gaming for example you can't beat local VPNs for latency. No western operation can compete with that.
>> Ended up just with a residential IP and that solved everything til I left.
What does that mean? You installed a proxy/vpn server at someone's house in the US and GFW didn't block it?
Nah some VPNs allow you to rent a "residential" I.P which is shared by 5-15 people tops. They're rarely caught up or get flagged. This was in 2021 however so can't comment on the effectiveness rn
>The GFW blocks WireGuard, right?
~1-2 years ago: yes Currently: I don't know.
I worked for a web company and we were getting reports that our websites looked wrong/bad/messed up from within China.
So we needed an IP within China to confirm.
1st attempt: SOCKS proxy = worked, and confirmed that GFW or something was screwing up our content. (simple SSH tunnel)
2nd attempt: Wireguard = could not establish a connection to wireguard server hosted on same ISP/co-lo in China as the socks proxy.
3rd attempt: Windows RDS = worked
We ended up using RDS as that was easier for our testers to use. (despite the training I offered)
I’m currently connecting directly to the Singapore server via WireGuard. Not even from the app, just from network manager on Linux. I do have xray and Trojan set up just in case
> surprised Mullvad works in China.
It doesn’t. At least on few tests I did