Home›Forums›General Discussion›VPN Connection Problems – Anyone Else?
- This topic has 23 replies, 8 voices, and was last updated 9 years ago by Rick in China.
-
AuthorPosts
-
November 13, 2014 at 12:55 pm #43248Kim DuistermaatParticipant
Since the late night 11-11 we cannot connect to VPN anymore through our router. I’m working on the problem with someone who knows more about it than me, and they suggested it may have to do with the APEC in Beijing and all the fuss around that, that we are actually blocked by gvmt from accessing VPN (hopefully temporarily). Anyone else has the same problem in these days?
November 13, 2014 at 12:59 pm #43251IanParticipantIt’s been a bit slow since Monday, but Astrill seems ok.
November 13, 2014 at 1:10 pm #43252Kim DuistermaatParticipantOur VPN account is also still ok and works from other connections like office or 3G, what I mean is that our home router seems to block access to the ports that we need, whatever vpn company we would try (although I did not try other companies). I did not change the router setup, and it was suggested that this was done by the gvmt…
November 13, 2014 at 2:00 pm #43257CharlieKeymasterNo problems for me, but I wouldn’t be surprised if something changes temporarily due to APEC in Beijing.
November 13, 2014 at 10:17 pm #43266muellParticipantI dont use a VPN at the moment but Fre*gate has been slow for the last couple of days too. Could be like Charlie said. In general the whole internet situation isn’t getting any better and all now that I got fibre… arggggh!
November 13, 2014 at 10:44 pm #43267Kim DuistermaatParticipantHi Muell, our connection also was much slower when we got fibre. We have a modem and two routers. A technician solved it for us, by somehow taking the modem out of the equation. How he did it I don’t know but our speed is now very acceptable.
November 14, 2014 at 1:37 pm #43272BrendanModeratorIt’s more likely a DNS issue. Your VPN provider may or may not provide secure DNS addresses to add to your VPN configuration.
November 14, 2014 at 2:19 pm #43281BenModeratorIt’s more likely a DNS issue. Your VPN provider may or may not provide secure DNS addresses to add to your VPN configuration.
Secure DNS addresses? Please explain
November 14, 2014 at 2:50 pm #43282BrendanModeratorSecure DNS addresses? Please explain
Pretty positive you’re familiar with encrypted DNS Ben. My VPN provider has offered it for some time and it’s improved uptime significantly.
November 14, 2014 at 3:29 pm #43288BenModeratorPretty positive you’re familiar with encrypted DNS Ben. My VPN provider has offered it for some time and it’s improved uptime significantly.
Does it continue to encrypt your DNS resolution requests even after you are connected to the VPN? Encryption within encryption!
November 14, 2014 at 3:44 pm #43291BrendanModeratorDoes it continue to encrypt your DNS resolution requests even after you are connected to the VPN? Encryption within encryption!
Um… No.
Why don’t they just give out IP addresses for their VPN servers?
Um… They do. They also provide secure DNS servers (with IP addresses, wowzers!).
Everyone just cuts and pastes shit these days anyway.
Yeah sorry, I had to in response to trolling. I’m not the most tech savvy on the block when it comes to this, but I have been forced on numerous occasions to subvert poor performing VPN’s. Sorry about that.
If you have something to contribute, please oblige.
November 14, 2014 at 4:13 pm #43294BenModeratorIf you have something to contribute, please oblige.
OpenDNS offers DNSCrypt for free for those who don’t have a provider with this service but want it. It even unblocks some sites which have been lazily blocked through DNS cache poisoning.
There is a fundamental flaw with all VPNs. They are built for security not stealth. All common VPN protocols can be easily identified and fucked with or blocked. I’m no expert but have found that the best results are obtained by using obfsproxy, created for tor, in combination with openvpn. This prevents pattern matching for the purpose of blocking or bandwidth limitation. I have noticed that some providers are now offering this as a service under names like stealthvpn.
November 14, 2014 at 4:28 pm #43295BenModeratorSince the late night 11-11 we cannot connect to VPN anymore through our router.
As Brendan already pointed out, it could be a problem with the DNS. You can use a website based outside china to resolve the DNS then use the IP address to connect. Try:
If this doesn’t work then see if your VPN provider offers a different protocol. It could be that GRE is being blocked, or mismanaged on your router after a firmware update, this would affect PPTP which is the most commonly used protocol. See if your provider offers L2TP over IPSec, assuming you aren’t already using it – IPSec is used by cisco for their corporate VPN products, so is a better bet in general anyway.
November 14, 2014 at 4:34 pm #43296BrendanModeratorSee now we’re talking…
I have noticed that some providers are now offering this as a service under names like stealthvpn.
Yeah this is also a service offered by my provider, TorGuard. I have noticed in the last 10 days or so that even my trusty PPTP configs have started to slow. I’ve just taken a look at their site now and they’ve also removed the secure DNS server addresses they’d previously offered account holders. Looks like I’m in for another head scratching session with customer services…
I’m not familiar with obfsproxy, I’ll look into that for sure.
November 14, 2014 at 4:59 pm #43298BenModeratorI’m not familiar with obfsproxy, I’ll look into that for sure.
You can run it on a Raspberry Pi together with OpenVPN. Then set it as the gateway for specific devices on your network as needed. If you do then make sure you overlock the Raspberry Pi to 1Ghz as it doubles the throughput. You should also add static routes for all Chinese netblocks to point to your normal default gateway – this ensures things like taobao, jd, weixin etc. don’t go through the VPN.
November 14, 2014 at 8:58 pm #43305Kim DuistermaatParticipantwow Ben, that all sounds rather complicated to this internet analfabetic. I really don’t want to try anything, yesterday I pushed a ‘reset’ button somewhere and was out of internet completely for a day…. 🙁
I’m now working with my VPN provider, running tests on their request, and it seems they are not going to give up yet. Let’s see what they come up with.November 15, 2014 at 11:12 am #43313IanParticipantAstrill users
My Astrill stopped working yesterday on OpenWeb setting if you logon to the account page you can enable stealth vpn add on for free for each month by posting an add on your FB page. They will post the add via Astrill.
November 16, 2014 at 6:36 pm #43322muellParticipant@Kim: Thanks for the tip! Did you just get someone from China Telecom to have a look at your setup? Was already suspecting it might have something to do with how i configured the router.
Foreign hosted websites always open much slower than local ones though, so im thinking whatever speed we buy, there’s no way around getting slowed down by the Great Firewall
November 16, 2014 at 6:41 pm #43323Kim DuistermaatParticipantHi, my vpn provider says the cause is not the router but the ‘considerable latency’ on my internet connection. Great. Anyway, that never used to be a problem before, so something is new here. Now back to China Telecom. Hope someone will solve this…
@Muell: no, our real estate office has their own technical contact who came and checked.VPN provider said this about the router settings (if you are able to check that yourself; I’m surely not… :-):
You will need to access your router settings and allow the following port numbers.PPTP:
To allow PPTP tunnel maintenance traffic, open TCP port 1723
To allow PPTP tunneled data to pass through router, open Protocol ID 47.
GRE protocol must be enabled also.(May be called PPTP passthrough.)L2TP:
To allow Internet Key Exchange (IKE), open UDP 500 and 4500
To allow IPSec Network Address Translation (NAT-T) open UDP 5500, 4500
To allow L2TP traffic, open UDP 1701.OpenVPN(160):
UDP Port 1194OpenVPN(256):
UDP Port 443 (Application)Foreign websites are channeled through a separate path so that the bandwidth available for them is always low, you are right. But that has in principle nothing to do with censorship.
November 19, 2014 at 11:59 am #43366Kim DuistermaatParticipantHello,
my problem is solved for now at least, by changing to the ‘Chameleon’ protocol (Vyprvpn) which is a kind of ‘stealth’ idea as far as I understand. The only trouble is that it is not available for iOS. Is any of you aware of a good vpn service that offers a ‘stealth’ connection also working on iOS? -
AuthorPosts
- The forum ‘General Discussion’ is closed to new topics and replies.