Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is nothing new. They have added more IPs to the VPN blocklist. I have no idea why this is news. This happens several times per year. This cat and mouse game has been going on for years.

Every time this happens it is just a pain in the ass to find a new VPN that isn't blocked.

If you are technical, it is best to just setup your own VPN on linode or amazon. That way you have less problems with blocked IPs.



This is what they used to do, but they've gotten more sophisticated - I've been running VPNs for China for my family on EC2 for a while. As far as I can tell, they almost never flat out block an IP. Initially they block a DNS hostname from resolving to a specific IP, then they start filtering out various different ports (including the default VPN ones). You can normally change to a random port and get OpenVPN to start working again, but it appears in the last couple weeks they've been able to identify and block OpenVPN activity on random ports. This happens so quickly, now, that it's pretty futile to try to IP hop unless you can come up with a traffic pattern that is less detectable.


Well, that's exactly why I thinked of this (concept only at this point). http://www.sami-lehtinen.net/blog/simple-protocol-obfuscator...


Exactly my experience. I've been running a private OpenVPN instance for a couple of years now -- a month ago they started blocking it. Switching ports works for approximately three hours.


Not exactly. They are auto-identifying the IP addresses based on traffic sniffing. So you can do this and work around things, but your new IP will get identified as such and blocked automatically in a few hours.


Oh wow, this is not good. Is it possible to evade this sniffing? I have my own Linode VPS, and have learnt to use Tinc VPN software. I'm learning Mandarin and plan to travel to China in a year or few, so this censorship makes me sad and hits my motivation.


Many of us on the mainland ("us" being the type of people who would read HN) have switched to SSH proxies over port 443. Sshuttle [1] is highly recommended.

1. https://github.com/apenwarr/sshuttle


Interesting that SSH is getting through still.

I wonder how much longer till Chinese avoidance VPN tech needs to resort to stenography in images to transfer data. Masking data as cat pictures would be slow but not automatically detectable.


China has enough outsourced development teams that blocking SSH would be, I'd think, a measurable drag on that economy. We SSH over 443 as a "just-in-case" since it looks alot like HTTPS.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: