Hi, Eric Abrahamsen <e...@ericabrahamsen.net> writes:
> Rasmus <ras...@gmx.us> writes: > >> Eric Abrahamsen <e...@ericabrahamsen.net> writes: >> >>> It's not trivial when you live in China :) >>> >>> I can make it work, between alternate IP addresses and ssh tunnels, but >>> it involves a lot of cursing and grinding my teeth. In a hostile network >>> environment any client will face the same problems, but the lack of >>> threading becomes pretty apparent here. >> >> I don't know what the great firewall is like, but for "hostile networks" >> around here (universities blocking git, airports blocking smtp/imap etc), >> I use openvpn. Are commercial openvpn provides blocked in China? > > Both commercial providers, and non-commercial providers! I set up my own > OpenVPN server on a US server, and that worked for a couple of years. > Then they caught it, and I switched to a non-standard port. That worked > for another four months or so, and now it doesn't work on any port. I'm > sure OpenVPN traffic is pretty easily sniffable. But what if you use TCP 443? That should be hard to detect, though speed might not be great... I guess https is OK in China. First link from startpage.com: https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/ > My next project is ipsec (another broken-leg project). But I figure, if > I can google up these solutions, so can they, and the packet signatures > of all these different systems must be quite identifiable. Isn't ipsec as less popular version of Tor? BTW: I tried Tor again in the weekend since a relative was asking about it. Speed seems to have gotten a lot better (I'm in EU). > Using vanilla ssh seems fairly reliable: for the time being, I don't > think they'd go so far as to block ssh across the board. That would > really be declaring war on the internet. So sshuttle, tunnels, and the > built-in ssh SOCKS proxy are serving me well. Using dnscrypt-proxy > actually solves many of the problems -- in years past, it would have > solved everything, but they've started hell-banning IP ranges, and of > course that includes gmail. My own dumb fault for using gmail, I guess. The problem for me with socks is that it doesn't allow arbitrary port connections (I mostly deal with bad network configs, e.g. closed XMPP or git ports). > How off-topic can we get? :) It's interesting. And +30°C. It's fineeee! Thanks for sharing! Rasmus -- May the Force be with you