Tunneling Under the Great Firewall?

An anonymous reader writes "I am traveling to China in the near future, and needless to say as a Slashdot reader I am going to require access to the Internet. The whole, unadulterated, unfiltered Internet. Also needless to say, I am very leery of the government there (my lack of a nickname on this submission being testament to that). I will only be there for a few weeks, and will not be using the computer for much of that time, so I don't want to shell out a lot of money to a VPN service. However I also don't want to be hindered by extremely slow speeds such as those provided by the Tor network. I have experience implementing Web servers and work fairly often with Linux; however, many of my friends who also face the same dilemma don't. What would be the most cost-effective (free is best) method for me to subvert the Great Firewall during my travels while maintaining sufficient anonymity and enjoying sufficient speed?"

Good luck!

[grub]

At my workplace we have people who travel to China. On occasion VPN connections from China just stop for hours or days at at time. No hits at our VPN endpoint from China at all; the traffic is stopped upstream somewhere while everything else that is unencrypted works.

That's the only country we have people visit where the VPN can be problematic.

Re:Good luck!

[Cimexus]

Yep, mod parent up.

Even better, make one yourself. Grab an old box you have lying around, whack a copy of Ubuntu on it (or other Linux distro of your choice), enable SSH server and leave it running on your net connection at home. Then using PuTTY or whatever on your laptop you're taking to China, make SOCKS proxy/SSL tunnel to your home box and you are good to go.

Free software and simple to do. Speeds are limited by the speed of your connection in China, and obviously the upstream speed of your net connection back home. But should be enough for basic browsing.

SSH

[Hatta]

SSH tunneling with SSH -D is trivial to set up. Make sure you forward DNS with network.proxy.socks_remote_dns set to true if you're using Firefox.

I think I read that SSH can even create a virtual network device that forwards all traffic over a tunnel. Haven't had time to play with that though. That would be a great solution for every app, even those that don't support SOCKS proxies.

Re:Really?

[flippy10]

http://en.wikipedia.org/wiki/List_of_websites_blocked_in_the_People's_Republic_of_China Those definitely all sound like sites chock full of state secrets.

Ummmm...

I suggest that you play nice with China's laws if you are going to China. Trying to bypass their firewall as a foreigner traveling there is more likely to attract the sort of attention you don't want than anything else. As you said, you're just going to be there for a few weeks. Do you *really* need to search for the kind of stuff they filter out while you are there?

My wife travels regularly to China for work. We are very careful about our conversations on the phone when she's there, and about the emails we send when she's there. I sure as hell would never advise her to try to bypass their firewall.

If you are a Chinese freedom activist, by all means, you know what you're getting into, bypass away. I support the people of China in their efforts to access the whole internet, to speak their minds, to be as free as they care to be.

If you are a Westerner visiting, I'd suggest you just hold your horses there bucko and deal with the internet you can get from your hotel room and don't make yourself look more suspicious than you actually are. You really, really don't want anybody to think you are doing anything against Chinese interests while you're there. Seriously.

Re:Fear

[grub]

Besides, the Chinese and Asian in general are quite relaxed people.

It isn't the general population causing the VPN problems we have with people travelling in China, it's the government.

Re:Really?

[BobMcD]

While not necessarily the best tone in the world, I actually agree with DJ Jones here.

Here's your decision tree:

1) Is the website you want to see worth defying the laws of your hosting nation?

2) Is absolutely no way you can do without it until you come home?

3) Do you have some kind of diplomatic immunity, wealthy connections, etc that can extract you from a sticky situation?

You get the picture.

Imagine this post on the Arabian Slashdot:

I am getting ready to travel to the United States and don't want it to interrupt my terrorist training. Can you guys recommend a way around the DHS's websniffing protocols, eavesdropping, cellular tracking, etc?

And what would your advice be??

Opportunistically, if you gave advice about methods, would you feel bad if he landed in Gitmo?

Think about the implications. After all, it is only the internet and you don't live there. Think deeply.

Re:Fear

[afabbro]

"Hi, I'm a college student who thinks computers are cool but I don't really get into code or anything. I run Linux because it's L33T and strikes a blow against THE MAN! BTW, I can't get the latest version of Fedora to boot, but that's another question. Anyway, when I get to China I want to connect to some site outside China that the firewall blocks. I will then come back and tell my friends how cool I am! How I am cyberpunk and stuff! Striking a blow for FREEDOM! I mean, yeah, I'd just be doing a search for Falun Gong on Google, even though I'm not really sure who they are, but still, it'd be SO L33T! I know that I'm a dangerous underground revolutionary because I'm posting anonymously on Slashdot out of FEAR OF THE CHINESE GOVERNMENT! Angela Davis ain't got nothing on me. I mean, I'm not crazy - I wouldn't invest $10 for VPN service for this, and your talk of setting up my own VPN gateway is confusing (can I just apt-get that and connect from a kiosk in the Beijing airport?). OK, actually about 95% of the time I dual boot to Windows except when progressive chicks might be walking by my dorm room, and then I switch to Linux with a big tux wallpaper..."