Great Firewall of China nukes VPNs on sight

A new rev of the Great Firewall of China seeks out VPN connections (including, I assume, connections over The Onion Router) and terminates them. Only companies who register official VPNs with the Chinese government will be able to run them without interference. Registration is only available to Chinese companies, and I'll bet it involves escrowing your keys with the Chinese net-cops so they can spy on it.

Users in China suspected in May 2011 that the government there was trying to disrupt VPN use, and now VPN providers have begun to notice the effects.

Astrill, a VPN provider for users inside and outside China, has emailed its users to warn them that the "Great Firewall" system is blocking at least four of the common protocols used by VPNs, which means that they don't function. "This GFW update makes a lot of harm to business in China," the email says. "We believe [the] China censorship minister is a smart man … and this blockage will be removed and things will go back to normal."

But the company added that trying to stay ahead of the censors is a "cat-and-mouse game" – although it is working on a new system that it hopes will let it stay ahead of the detection system.

China tightens 'Great Firewall' internet control with new technology [Charles Arthur/The Guardian]



  1. I was in China in September and used VPN (Juniper IPSEC) with NO issues.  I doubt that my organization has “registered” with China.  Can’t prove that one way or another.  But, in any event, I had no issues with VPN.  Poor network at some hotels especially further from Beijing, yes, but no Great Firewall issues.

      1. Sure, possibly.  But the article said May 2011, and I was there Sept 2012.  In Beijing, I was a few doors down from all the gov’t offices, and had no disruptions.

        1. These issues have arisen since September .. That said I’m still connected over IPSec reliably in Beijing..

    1. your company is registered

      you can’t get hardware through customs without disclosing the keys, and you can only choose keys on the approved key list….

      we shipped 40 units to china, they were all returned until such paperwork was sorted out.

  2. Lived in China 7 years. One of the redeeming qualities of the government is that it’s a incompetent and lazy as it is “evil.” Don’t forget greedy: my guess is that this has more to do with the lobbying of one of Astrill’s Chinese competitors to the VPN game or something like that, ha!

    Anyway, I think we always live in fear that “the big one is coming” (i.e. when the Chinese government really does flick the switch… off). Instead we get half-ass attempts like this every year or so. 

    1. I suppose the silver lining to this sulfuric acid cloud is the constant fear and ‘training’ means they’ll be ready. I hope.

    2. While I don’t doubt that laziness and incompetence are part of the picture, and probably some additional element of “Now, make sure to partner with one of our favored domestic firms if you want your VPN to actually work reliably…”, I wouldn’t necessarily say that that is a good thing.

      Incompetent, inconsistent, or just plain idiosyncratic enforcement of a given restriction (while convenient for those trying to slip past) also means restriction that is…flexible… and thus much easier to tailor to the demands of the moment. Well behaved foreign firm has a VPN to HQ? Good for business, don’t bother them. Mr. Fancy Intellectual/whiny college student is doing a bit of light reading abroad? If it isn’t plaintext it isn’t going through… World generally peaceful and unthreatening? Slack off a bit and let the kiddies get to their precious porn, if they really care so much. Party Congress? Turn ALL DIALS TO 11!

      It’s like prohibition: If it had become genuinely impossible for people who wanted a drink to get one, we probably would have told the temperance movement just where they could shove it years before we did. Same now with drugs: a fair percentage of the people who want them can get them, much of the judicial punishment falls on undesirables(celebrities go to rehab, Herr Bloomberg’s stop-and-frisk kiddies, less so) so the official rules weigh less heavily than they otherwise would.

  3. meh.  living in china right now.  the ‘great firewall’ is laughably easy to get around for anyone with any sort of internet savvy.  good scare piece though.

    1. That was my experience.  I was thinking, if they DO manage to detect VPN traffic and block it, all that’s needed are a synchronized port-generator for both sides (timed to a shared clock), and for the VPN to be able to tx/rx on multiple ports simultaneously.  One goes down, the others take over.  Then they all switch in a few seconds anyways.  It would be extremely hard to listen for and block these packets all over the ever-shifting port range.  Especially if the traffic was disguised as non-vpn packets, to boot.

  4. I’m using Astrill now, I had some trouble getting online a couple of weeks ago but things seem to have settled down again. You seem to get different problems each time, such as the connection being very slow or timing out, having cookies put on the computer that block sites even with a vpn (Facebook is blocked but not Youtube), Google searches automatically being converted to Baidu searches, redirection to a webpage linking to lots of Chinese websites and a Baidu search bar with “” (even when you were looking for a different page – they really seem to hate Facebook for some reason) or showing you the page for a few seconds before redirecting you to a different page saying that there is a problem with the site…
    Those of my friends who have been in the country for longer than me say that it’s pretty common to see crackdowns (not just online) around national days and during changes in power such as the one this year. People doing anything illegal tend to lie low for a while and then get back to business when things calm down a bit.

    It’s getting more and more obvious that ideology is definitely a secondary consideration with the GFW – foreign businesses are allowed to operate in China as long as it is massively beneficial to China (50% of the staff must be Chinese, it’s almost impossible to start a business or get a loan as a foreigner and there are big limitations on taking money out of the country). Add that to the fact that many of the national companies have strong ties to the government or to government officials (and to the fact that many Chinese websites are very poor imitations of western ones), and it’s not difficult to see why they want to limit access to foreign sites.

Comments are closed.