Use Sonic VPN from China?

Advanced feature discussion, beta programs and unsupported "Labs" features.
5 posts Page 1 of 1
by oddhack » Thu Jan 18, 2018 11:57 pm
I'll be travelling to Shanghai soon and would like to be able to use Dropbox, FB, etc.

Has anyone successfully used the Sonic VPN from Shanghai, or other parts of China? Getting around the GFC appears to be a moving target and I see recommendations of e.g. ExpressVPN, but if Sonic's service will work, that seems simpler for my needs.
by sysops » Fri Jan 19, 2018 3:05 pm
I recall some discussion about it in the past but don't remember if anyone was able to do it successfully.

One could almost assume that OpenVPN's UDP port (1194) would be blocked or heavily monitored so I'd suggest using TCP on port 443.

You'll need to use the open-source OpenVPN Community client and download your user locked OpenVPN profile by logging in at https://ovpn.sonic.net.

In the .ovpn file that downloads, comment all the lines that say "remote ovpn.sonic.net 1194 udp" (there are 7 of them) and leave the one that says "remote ovpn.sonic.net 443 tcp". On top of that, to prevent DNS blocking, change ovpn.sonic.net to whatever it's IP address happens to be before you leave (it shouldn't change and right now points to 209.148.113.36). The line would look like "remote 209.148.113.36 443 tcp".

Doing that will be your best shot at establishing the VPN connection once you arrive.

A backup option would be to lease a $5/month VPS from a hosting company like Linode and giving yourself SSH access on a port higher than 1024 and then using an SSH tunnel as a SOCKS proxy and configuring your supported applications to use that. You could also set up an OpenVPN server on the VPS and tunnel the OpenVPN connection over SSH.

Other services worth looking into are DNSCrypt for encrypting your DNS traffic while there and just making sure you're completely familiar with verifying SSL certificates so that if you access websites over whatever connection is available that you know you're talking to the right service and using strong encryption.
Proud Sonic customer since 1999. Ask me about internet privacy, VPN, anonymity and security.
by moogra » Wed Jan 24, 2018 10:17 am
I stopped over in Shanghai for a few hours and using a Google Fi data-sim and I was able to access all of the usual blocked sites (Facebook, Google, etc) without even using VPN. You appear as a US-based IP while roaming.

The cost is $10/GB up to $80, so it may not work for your Dropboxing needs.
by oddhack » Thu Jan 25, 2018 6:28 am
@sysops thanks, this worked as described in testing in Taipei - hopefully it will in China as well, once I get there.

For anyone else reading who's pretty new at this stuff:

* Remember to run openvpn client as root.
* Block external ports (my laptop happened to have ssh / smb / rpcbind open) + setup firewall.
* openvpn won't update the nameservers, despite the server sending that information, so manually edit resolv.conf to use the Sonic servers (or Google 4.4.4.4/8.8.8.8 also worked).

Performance is nothing to write home about, 1-2 Mbps vs. the Taipei hotel's 150 Mbps delivered to the room, but that will be a lot better than 0 Mbps in China :-)
by oddhack » Fri Jan 26, 2018 7:05 am
Status update: using Sonic VPN *does* work in Shanghai. However, I found it necc. to comment out the TCP port and uncomment one of the UDP ports - the TCP connection kept resetting every few seconds.

Despite flakiness of hotel wifi, I'm getting 3-6 Mbps up and down. Not bad.
5 posts Page 1 of 1

Who is online

In total there are 3 users online :: 1 registered, 0 hidden and 2 guests (based on users active over the past 5 minutes)
Most users ever online was 422 on Sat May 26, 2012 5:28 am

Users browsing this forum: Google [Bot] and 2 guests