

Ask HN: Working Securely from China? - gaoshan

I'm familiar with using a VPN but China frequently manages to block, or at least seriously degrade, VPN connections (and currently seems to actually be cracking down on VPNs).<p>I can set up a tunnel over SSH and use that but I don't know how effective China is at messing with/blocking that. Also, TOR is out of the question as it is dog slow from within China. Anyway, I'm not trying to hide my surfing or avoid the police... just need to be able to log into my various work servers without worrying about them being arbitrarily blocked by the Great Firewall or getting sniffed by some bad guys lurking at Starbucks.<p>So, are there any potent methods that the folks here on HN can suggest for working secure from within China? Set up my own instance of OpenVPN (perhaps they block specific providers rather than VPN in general and my home connection would slip by undetected)? Just go with tunneling over SSH? Some other methods? Complex, technically challenging answers are welcome (as long as they are practical)!
======
rdl
I just VPN out using a PPTP vpn; I've never seen it blocked.

The key with the Apple configuration in OSX is to select "send all traffic
over VPN" in the Advanced pane.

~~~
gaoshan
Are you in China now? I'm hearing (like, today) that is specifically being
blocked. Here is a link discussing it:
[http://advocacy.globalvoicesonline.org/2011/03/20/china-
pptp...](http://advocacy.globalvoicesonline.org/2011/03/20/china-pptp-
and-l2tp-vpn-protocols-blocked/)

~~~
rdl
Oh, wow. I was last in China in Q4 2010, when it was possible to use a
commercial PPTP VPN provider with no problems. I've only had to resort to DNS
tunneling of SSH in other countries. I think some people are working on
pluggable circumvention-of-firewall technologies for Tor and other protocols
now, but the increased latency is a huge pain. A paid one-hop solution is
really about the most I'm willing to tolerate; if I want immunity from a
server operator's monitoring, a tor network inside a single colo facility with
lots of gig-e crossconnections between servers or cages run by different
groups would be about all I'd tolerate.

