Automated OpenVPN detection and blocking from china

This forum is to discuss and rate service providers of OpenVPN and similar services. THIS IS NOT A FREE ADVERTISEMENT. All posts have a poll with a rating of 1 to 5, with 5 being best, to rate the quality of service, etc.
Forum rules
1) You must create a poll with 5 options, Do Not Recommend (1), Poor (2), Acceptable (3), Would Recommend (4), Strongly Recommend (5).
2) This is not a free advertisement for providers, but a place to review those providers.
3) Polls which are found to be doctored by providers will be locked to a rating of 1 and the source of the spoofing will be revealed to all, including Google.
Locked
senseless
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 12, 2012 11:50 am

Automated OpenVPN detection and blocking from china

Post by senseless » Wed Dec 12, 2012 12:06 pm

Around November this year China fired up a new detection and blocking technique in china. Typically in the past any website that is banned in china would just have incorrect DNS information given to them by their ISP. Now, They're leaving the DNS information alone instead blocking the ip address and port of any active OpenVPN servers.

I believe this technique to be automated, here's why.

I always left UDP connections for OpenVPN disabled forcing connectivity via TCP port 443. When this became banned I had a client allow me to team viewer into their system within china. I noticed that the DNS information for my server was fine, but that the port was outright blocked by their ISP. I could still connect to other ports on the server, just not OpenVPN ports. Figuring this out, I thought "I'll just changed the port or enable alternative ports". So, I enabled the UDP OpenVPN connectivity which runs over UDP 1194. Within 48 hours of enabling this and only allowing 1 client to connect this new port was banned. Either the client was a government shill, or they're doing some sort of automated packet scanning technique. I then changed the port once more, and again within 48 hours it was banned.

There has to be some sort of identifying information within the packet or the port that they're able to detect. If any hacker on here would be willing to dissect the OpenVPN packets to see if there is any identifying information it would be greatly appreciated. There has to be something that can be changed within OpenVPN to make it once again undetectable or look like SSL data; so it cannot be blocked.

IPSec based vpns still seem to be working fine from china. Also, I'm using the Access Server version, but many people are reporting the same issue on the community version.

User avatar
maikcat
Forum Team
Posts: 4202
Joined: Wed Jan 12, 2011 9:23 am
Location: Athens,Greece
Contact:

Re: Automated OpenVPN detection and blocking from china

Post by maikcat » Wed Dec 12, 2012 1:26 pm

Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)

Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)

"objects in mirror are losing"

frankunblock
OpenVpn Newbie
Posts: 1
Joined: Mon Dec 17, 2012 12:46 pm

Re: Automated OpenVPN detection and blocking from china

Post by frankunblock » Mon Dec 17, 2012 12:49 pm

Hi,
I am inside China. And I am experiencing the same issue. I think they have developed the new technique of automatic detection and blocking.
When we were first blocked in Nov., all of us stopped using UDP and shifted to TCP. Nowadays, it is very unstable and even cut off after a few hours of successful connection when changing port.
Do you have any idea? Or, I can offer help from inside.

marcel
OpenVpn Newbie
Posts: 1
Joined: Fri Dec 21, 2012 9:11 am

Re: Automated OpenVPN detection and blocking from china

Post by marcel » Fri Dec 21, 2012 9:15 am

Hi,

we also got the same problem with our OpenVPN server which is included in an IPCop. We already tried to change the port of the server. This works for some time but then the connections failed again. Is there any change for a stable VPN connection from China to Europe (Germany)?
Would a change from OpenVPN to IPSec for example solve this?
I cannot find any information for this problem on the internet. But I don't think that we are the only one who have this issue. Would be great if anybody can help us here.
Thanks
Marcel

senseless
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 12, 2012 11:50 am

Re: Automated OpenVPN detection and blocking from china

Post by senseless » Fri Dec 28, 2012 7:03 pm

I saw this today on google news and thought I would share

http://www.nytimes.com/2012/12/29/world ... ted=2&_r=0
The Chinese government has been experimenting over the past two years with ways to identify and block VPNs, said Xiao Qiang, the leader of a team of Chinese Internet researchers at the University of California, Berkeley. But the government did not begin deploying that capability on a considerable scale until September, and it has stepped up its use of blocking since then, particularly in the weeks leading up to the Communist Party’s National Congress in early November, he said.

Although many had expected the blocking of Web sites and VPNs to recede after the party congress, that has not happened. Mr. Xiao said that the Chinese blocking of VPNs was “technically savvy and politically self-destructive,” in that it may allow the authorities to more effectively monitor communications and interfere with the dissemination of politically sensitive information, but at a high price in terms of antagonizing computer users across China.

senseless
OpenVpn Newbie
Posts: 4
Joined: Wed Dec 12, 2012 11:50 am

Re: Automated OpenVPN detection and blocking from china

Post by senseless » Fri Dec 28, 2012 7:04 pm

marcel wrote:Hi,

we also got the same problem with our OpenVPN server which is included in an IPCop. We already tried to change the port of the server. This works for some time but then the connections failed again. Is there any change for a stable VPN connection from China to Europe (Germany)?
Would a change from OpenVPN to IPSec for example solve this?
I cannot find any information for this problem on the internet. But I don't think that we are the only one who have this issue. Would be great if anybody can help us here.
Thanks
Marcel
I've been having my customers use L2TP/IPSec which seems to still be functioning from inside china at this time. I don't think they will break the IPSec protocol, at least not at this time, there are to many businesses that rely on it. SSTP may work, but runs on SSL, so may also be targeted along with OpenVPN.

chinali
OpenVpn Newbie
Posts: 1
Joined: Sat Dec 29, 2012 6:08 am

Re: Automated OpenVPN detection and blocking from china

Post by chinali » Sat Dec 29, 2012 6:27 am

I am also in China and have experienced exactly the same pattern.

We have been using a VPN service through OpenVPN running on our office's servers in France.
Seemingly through DPI techniques, VPN connections are accepted the first time, then within 24 the IP:PORT pattern is blacklisted nation-wide on all internet providers. Since the ban is not "per IP", changing the port helps restoring the connectivity, but only for one more time.

Noteworthy, this affects also VPN servers with very limited user-base. For instance only 2 people in our office have used it at any time. Let me also point out that our purpose is accessing our office's intranet remotely, not browsing otherwise blocked websites.

Since early this year the Obfsproxy project has been started: https://github.com/isislovecruft/obfsproxy whose goal is to conceal traffic from DPI systems. However, so far Obfsproxy is only bundled with TOR (which is not a solution for our company given the exposure of the exit node).

I would like to hear from OpenVPN devs on ways to use obfsproxy with OpenVPN. Or any other ideas on how to restore a VPN in China.

Please let me know if I can provide you with more supporting documentation or testing logs.

zstarman
OpenVPN User
Posts: 11
Joined: Mon Dec 10, 2012 9:11 pm

Re: Automated OpenVPN detection and blocking from china

Post by zstarman » Thu Jan 03, 2013 9:51 pm

Man..All of us over in NA thought SOPA was going to be rough.... I couldn't imagine having to deal with restraints like that.. Screwed up.

dinaomarafifi
OpenVpn Newbie
Posts: 1
Joined: Thu Jan 16, 2014 11:31 pm

Re: Automated OpenVPN detection and blocking from china

Post by dinaomarafifi » Thu Jan 16, 2014 11:37 pm

I've been able to bypass any blocked websites using this OpenVPN software freely https://www.iwasel.com/en/ . It is the best way to open blocked websites everywhere.

linda.carter
OpenVpn Newbie
Posts: 1
Joined: Mon Jul 07, 2014 2:56 pm

Re: Automated OpenVPN detection and blocking from china

Post by linda.carter » Mon Jul 07, 2014 2:57 pm

I have tried many ways, free and paid ways to open blocked websites, I think vpn works better than others, this is what I can recommend,try the service before you pay for it!
I ordered my account from http://saturnvpn.com the price is great. 1Months $3.3 , 3Months $7 and 12 Months $16
It has free test account and you can try the service for free.
http://saturnvpn.com/free-test-account/
It supports all protocols(PPTP, L2TP, OpenVPN), And you don't have to buy different accounts for different devices(use 1 account to connect on your computer and your mobile at the same time)

Lindaawilsoon
OpenVpn Newbie
Posts: 4
Joined: Tue Feb 20, 2018 6:13 am

Re: Automated OpenVPN detection and blocking from china

Post by Lindaawilsoon » Wed Aug 29, 2018 6:46 am

dinaomarafifi wrote:
Thu Jan 16, 2014 11:37 pm
I've been able to bypass any blocked websites using this OpenVPN software freely. It is the best way to open blocked websites everywhere.
Yes this is the best way to unblock GEO-Restriction sites and social network as well using this OpenVPN software freely.
https://www.bestvpn.co/best-vpn-for-china/

Locked