Great Firewall of China nukes VPNs on sight


13 Responses to “Great Firewall of China nukes VPNs on sight”

  1. awjt says:

    I was in China in September and used VPN (Juniper IPSEC) with NO issues.  I doubt that my organization has “registered” with China.  Can’t prove that one way or another.  But, in any event, I had no issues with VPN.  Poor network at some hotels especially further from Beijing, yes, but no Great Firewall issues.

    • Andrew Singleton says:

      Any chance things changed between then and now?

      • awjt says:

        Sure, possibly.  But the article said May 2011, and I was there Sept 2012.  In Beijing, I was a few doors down from all the gov’t offices, and had no disruptions.

    • rdbms says:

      your company is registered

      you can’t get hardware through customs without disclosing the keys, and you can only choose keys on the approved key list….

      we shipped 40 units to china, they were all returned until such paperwork was sorted out.

  2. angusm says:

    Today China, tomorrow the world. 

  3. Tim Gingrich says:

    Lived in China 7 years. One of the redeeming qualities of the government is that it’s a incompetent and lazy as it is “evil.” Don’t forget greedy: my guess is that this has more to do with the lobbying of one of Astrill’s Chinese competitors to the VPN game or something like that, ha!

    Anyway, I think we always live in fear that “the big one is coming” (i.e. when the Chinese government really does flick the switch… off). Instead we get half-ass attempts like this every year or so. 

    • Andrew Singleton says:

      I suppose the silver lining to this sulfuric acid cloud is the constant fear and ‘training’ means they’ll be ready. I hope.

    • fuzzyfuzzyfungus says:

      While I don’t doubt that laziness and incompetence are part of the picture, and probably some additional element of “Now, make sure to partner with one of our favored domestic firms if you want your VPN to actually work reliably…”, I wouldn’t necessarily say that that is a good thing.

      Incompetent, inconsistent, or just plain idiosyncratic enforcement of a given restriction (while convenient for those trying to slip past) also means restriction that is…flexible… and thus much easier to tailor to the demands of the moment. Well behaved foreign firm has a VPN to HQ? Good for business, don’t bother them. Mr. Fancy Intellectual/whiny college student is doing a bit of light reading abroad? If it isn’t plaintext it isn’t going through… World generally peaceful and unthreatening? Slack off a bit and let the kiddies get to their precious porn, if they really care so much. Party Congress? Turn ALL DIALS TO 11!

      It’s like prohibition: If it had become genuinely impossible for people who wanted a drink to get one, we probably would have told the temperance movement just where they could shove it years before we did. Same now with drugs: a fair percentage of the people who want them can get them, much of the judicial punishment falls on undesirables(celebrities go to rehab, Herr Bloomberg’s stop-and-frisk kiddies, less so) so the official rules weigh less heavily than they otherwise would.

  4. Zach Smith says:

    meh.  living in china right now.  the ‘great firewall’ is laughably easy to get around for anyone with any sort of internet savvy.  good scare piece though.

    • awjt says:

      That was my experience.  I was thinking, if they DO manage to detect VPN traffic and block it, all that’s needed are a synchronized port-generator for both sides (timed to a shared clock), and for the VPN to be able to tx/rx on multiple ports simultaneously.  One goes down, the others take over.  Then they all switch in a few seconds anyways.  It would be extremely hard to listen for and block these packets all over the ever-shifting port range.  Especially if the traffic was disguised as non-vpn packets, to boot.

  5. Digilante says:

    I provide VPN services to thousands of travellers – so far no big disaster from the Chinese side.

  6. Jonathan Roberts says:

    I’m using Astrill now, I had some trouble getting online a couple of weeks ago but things seem to have settled down again. You seem to get different problems each time, such as the connection being very slow or timing out, having cookies put on the computer that block sites even with a vpn (Facebook is blocked but not Youtube), Google searches automatically being converted to Baidu searches, redirection to a webpage linking to lots of Chinese websites and a Baidu search bar with “” (even when you were looking for a different page – they really seem to hate Facebook for some reason) or showing you the page for a few seconds before redirecting you to a different page saying that there is a problem with the site…
    Those of my friends who have been in the country for longer than me say that it’s pretty common to see crackdowns (not just online) around national days and during changes in power such as the one this year. People doing anything illegal tend to lie low for a while and then get back to business when things calm down a bit.

    It’s getting more and more obvious that ideology is definitely a secondary consideration with the GFW – foreign businesses are allowed to operate in China as long as it is massively beneficial to China (50% of the staff must be Chinese, it’s almost impossible to start a business or get a loan as a foreigner and there are big limitations on taking money out of the country). Add that to the fact that many of the national companies have strong ties to the government or to government officials (and to the fact that many Chinese websites are very poor imitations of western ones), and it’s not difficult to see why they want to limit access to foreign sites.

Leave a Reply