Tips and Rumors About Avoiding The Chinese Firewall

I’ve collected these tips and rumors about the Chinese Great Firewall.

A few things to remember overall:

  • Servers in Japan and the U.S. are most frequently blocked, Hong Kong is blocked less, and servers in Canada, Europe and Russia are almost never blocked
  • Firewall restrictions vary from region to region in China
  • Some restrictions vary from carrier to carrier, and from ISP to ISP
  • Methods of obfuscation that work last year will not always work this year

Advice on the Firewall from “Phoebe Cross”:

While a few commercial VPN services that employ OpenVPN with obfuscation continue to work in 2018, even these may be blocked during politically sensitive periods. All the signs are that eventually the Chinese Communist Party (CCP) intends to move to an almost complete blockade of the outside world. Methods once popular often no longer work. VPN Gate, Freegate, and Ultrasurf fall into this category. Common VPN protocols such as PPTP, L2TP/IPsec, and unobfuscated OpenVPN are typically blocked. SSH tunneling is throttled and then blocked. The Tor Project website is blocked, as is the Tor protocol and all public Tor bridges.
In response to these problems, a local developer created Shadowsocks (SS) in 2012. SS is now rumored to be detectable, and IP addresses of SS servers may be blocked after only a few days. IP addresses of popular virtual private server (VPS) vendors in Japan and Los Angeles are particularly vulnerable to rapid and prolonged blocking. Another developer forked SS to produce ShadowsocksR (SSR). This offered a wider range of camouflage techniques (obfuscation and protocols). While SSR with strong obfuscation is reported to still work, the SSR software is no longer maintained.
A more recent development is V2Ray. This allows communication over a WebSocket stream and hiding of the server behind a content distribution network (CDN) and a web server. This is reported to be the most reliable option in 2018.
Some miscellaneous methods that may work include Lantern, Brook, GoFlyWay, Psiphon, and WireGuard. FreeBrowser for Android may work. Editing your computer’s hosts file may still work if simple DNS poisoning is the only issue.
For instant messaging WeChat, known as Weixin (微信) in China, may work between mainland and overseas users. However, communications are monitored and censored by the CCP. For private communications, it is necessary to use a method such as Telegram over an SSR proxy.
Corporate users can bypass the GFW by leasing an international private leased circuit (IPLC) or multi-protocol label switching (MPLS) network. Even here, the CCP has now introduced regulations and restrictions.
In summary, V2Ray with camouflage is likely your most reliable option in 2018. A particularly sophisticated approach is to use V2Ray over WebSocket with Nginx TLS plus CDN.

More websites about avoiding the firewall:

Is Shadowsocks currently banned? Here is what a user in China reports:

The government seems to be trying to intercept but apparently still needs to work hard. They tried to discover these hidden services by using social engineering, traffic detection and analysis, and port proactive detection. However, some service providers of Shadowsocks are also trying to counter these bans. The Shadowsocks protocol is still being maintained, and the protocol has missing a clear communication magic word to be discovered.

Ding Yufeng

Someone in China recommends:

Amazon web services… One year free tier. Use Gmail address with a next year forever free.

Then use streisand

Easy setup, easy new server. No cost as long as your bandwidth stays in the free tier.

Use Singapore or Tokyo or seoul depending on your isp.

Test isp with cloud host


Someone says:

If you’re happy to pirate, try as an alternative to Netflix. Accepts magnet links and uses caching so if somebody downloaded it before it’s instant. Movies & TV stream in the browser. They have HK servers so speed is really good in China (Shanghai and dongbei at least)

This guide is similar to the set-up listed in the article above, but has a few differences:

Keep in mind, BBR doesn’t work with OpenVZ. It works for KVM, I believe. Vultr should be fine since the guide uses Vultr as well.

Let me know if that guide isn’t enough.

For KCP, if you’re familiar with SS/SSR, then it’s basically the same thing.

Basically, instead of going direct SS (client) to SS (server), you go SS (client) -> Kcp (client) -> Kcp (server) -> SS (server).

The git page has enough basics. If you have problems with that, you may need to spend some time familiarizing yourself with Linux command line/vi or vim editor.

1 thought on “Tips and Rumors About Avoiding The Chinese Firewall”

  1. I can confirm this, all of my VPN and tunneling tricks have been blocked in Shenzhen. Brutal… I’m going to have to find something else. PIA, OpenVPN, TOR, and a few others slammed almost immediately, not sure how they are doing this….

Leave a Comment

Your email address will not be published. Required fields are marked *