[songco]

Setup VPN on Cloud VMs for personal usage -> Generally ok, and you may need to stop it if police known it... Share it with others -> Maybe ok if not too many people, and you need to stop it if police known it... Sell it to others -> dangerous if you lived in China.

The GFW have the ability to detect VPN connections and you will got a connection reset...It’s more and more difficult to use blocked service/site in china.

[odiroot]

You're 100% right. Even Shadowsocks is not enough recently. GFW can sort of detect it with heuristics and just throttle your whole connection -- like you said mostly spamming you with RSTs.

This is also quite different from (some?) Islamic states where sites are generally whitelisted. With GFW everything is allowed until it's blacklisted.

[whooshee]

There are no laws against individuals who use VPNs to browse restricted sites, but there are laws(license impossible to get as individuals) to take down those sellers.

VPNs are becoming obsolete, Proxies like ShadowsocksR are still usable.

[odiroot]

Out of curiosity, where do you host your SSR?

AFAIK AWS, DigitalOcean, GCP are regularly blocked. GigsGigs in HK is throttled.

[Canada]

It's fine on those services, just rotate IP addresses and ports regularly. Don't put too many users on the same proxies at once.

[odiroot]

That's a really big hassle when you need to use the tunnel and the IP has been burned. You actually need the same tunnel to manage your servers.

GFW even blacklisted my personal domain because I was running DNS queries against it to establish my SS tunnel. At least it seems like it.

[iforgotpassword]

I got annoyed by this too much a couple years ago, also the fact that they seem to be able to detect most if not all tunnel types and randomly inject packets that will break the connection. So I proceeded to quickly hack up a simple tunnel based on the surprisingly simple to use tun devices. The protocol was UDP based, didn't support any kind of connection reset, was not encrypting but just masking via xor, and contained some simple but cool tricks (as far as I'm concerned ) to deal with the high packet loss across the gfw you'll experience depending on time of day. Sure not ideal if you permanently live there or want to spread sensitive information, but all I want is decent browsing experience when accessing "our" internet. I was happy when 720p videos played without buffering on YouTube.

[Canada]

What? Just ssh elsewhere and manage from there. And don't use DNS for you proxies. Push updates to your crew out of band.