[iliketosleep]

totally agree. i'm in china and i can barely have a skype conversation with people abroad - it will randomly cut out or the quality will degrade. i can use google most of the time via VPN, but then there'll be some big political event and even VPN will become intermittent. when my co-founder came to china he couldn't believe how much of a productivity killer the great firewall was.

actually, it is quite interesting that the great firewall can totally block most VPN's when the gov. wants it to, but most of the time they choose not to. they just make it enough of a pain for normal people to give up, yet they leave just enough access for those who really need international internet access to get by with VPN (albeit barely).

[drfritznunkie]

I have friends in Shenzhen who regularly walk across the border to connect to HK LTE just to get important work done.

And their office has 4? different ISPs, so I know it's a bad day on the firewall when they're working from HK.

[eatbitseveryday]

Is there any means to mask packets as being VPN from an observer? I mean, without resorting to complicated scenarios like using SSH tunnels or such.

[yegle]

China's Internet been an Intranet means GFW don't need to be precise in recognizing traffic flows. A little false positive is fine.

Some examples: - Dropping GRE packet so PPTP VPN is not possible - Send TCP RST to both end when a connection to dport=22 generated too much traffic

Also from my understanding, it's not that hard to use some basic machine learning techniques to classify the traffic. That's the reason why Tor project developed obfsproxy to obfuscate the traffic flow.

[heheocoenev]

GFW detects erroneous SSH sessions that contain large data flows. You need to go full protocol obfuscation to untracked destinations.

[walrus01]

google 'obfsproxy'

obfuscation of traffic to make it not look like VPN can be helpful, but traffic flow analysis based on source/origin IPs, timing and kbps/pps can still identify what looks like a VPN.