Hi,
Eric Abrahamsen <e...@ericabrahamsen.net> writes:
> Rasmus <ras...@gmx.us> writes:
>
>> Eric Abrahamsen <e...@ericabrahamsen.net> writes:
>>
>>> It's not trivial when you live in China :)
>>>
>>> I can make it work, between alternate IP addresses and ssh tunnels, but
>>> it involves a lot of cursing and grinding my teeth. In a hostile network
>>> environment any client will face the same problems, but the lack of
>>> threading becomes pretty apparent here.
>>
>> I don't know what the great firewall is like, but for "hostile networks"
>> around here (universities blocking git, airports blocking smtp/imap etc),
>> I use openvpn. Are commercial openvpn provides blocked in China?
>
> Both commercial providers, and non-commercial providers! I set up my own
> OpenVPN server on a US server, and that worked for a couple of years.
> Then they caught it, and I switched to a non-standard port. That worked
> for another four months or so, and now it doesn't work on any port. I'm
> sure OpenVPN traffic is pretty easily sniffable.
But what if you use TCP 443? That should be hard to detect, though speed
might not be great... I guess https is OK in China.
First link from startpage.com:
https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/
> My next project is ipsec (another broken-leg project). But I figure, if
> I can google up these solutions, so can they, and the packet signatures
> of all these different systems must be quite identifiable.
Isn't ipsec as less popular version of Tor? BTW: I tried Tor again in the
weekend since a relative was asking about it. Speed seems to have gotten
a lot better (I'm in EU).
> Using vanilla ssh seems fairly reliable: for the time being, I don't
> think they'd go so far as to block ssh across the board. That would
> really be declaring war on the internet. So sshuttle, tunnels, and the
> built-in ssh SOCKS proxy are serving me well. Using dnscrypt-proxy
> actually solves many of the problems -- in years past, it would have
> solved everything, but they've started hell-banning IP ranges, and of
> course that includes gmail. My own dumb fault for using gmail, I guess.
The problem for me with socks is that it doesn't allow arbitrary port
connections (I mostly deal with bad network configs, e.g. closed XMPP or
git ports).
> How off-topic can we get? :)
It's interesting. And +30°C. It's fineeee! Thanks for sharing!
Rasmus
--
May the Force be with you
