[Solved]Problem connecting to some Chinese websites from Fremont, CA
I set up OpenVPN in Debian 9 on a CA server, but I couldn't connect to some Chinese websites from Canada via this VPN connection, such as:
baidu.com, and many of its subdomains such as maps.baidu.com;
jd.com and many of its subdomains;
etc.
However, any websites outside of China can be visited just fine. I can also connect to some other Chinese websites, just not all of them.
Troubleshooting:
1. iptable was flushed, and the problem remained.
2. I thought perhaps I mis-configured OpenVPN, so I installed Shadowsocks-libev (another type of VPN), and the problem was the same;
3. To remove VPN from the equation, I rebuilt Debian 9, only installed links ( a terminal web browser) so I could try connecting from the Linode server directly, and links couldn't visit those websites either (as it would be "making connection" forever).
4. Perhaps it was Debian, so I set up Arch and Centos with links only, and it still couldn't connect.
5. Perhaps it was links, so I tried lynx, and still the same.
6. Then I set up another Linode (JP2) with Debian 8, and everything was fine: I could visit all those websites in China.
I know it might have something to do with China's GFW, but is this a known issue with Linode CA servers?
P.S.
Edit: MTR reports show packets were lost at the last hop.
root@debian:~# mtr -rw baidu.com
Start: Sun Jun 18 20:56:55 2017
HOST: debian Loss% Snt Last Avg Best Wrst StDev
1.|-- 23.92.24.2 0.0% 10 0.6 0.7 0.6 0.9 0.0
2.|-- 173.230.159.14 0.0% 10 0.9 0.9 0.8 1.1 0.0
3.|-- 173.230.159.8 0.0% 10 0.8 0.8 0.8 0.9 0.0
4.|-- ae9.cr0-sjc2.ip4.gtt.net 0.0% 10 15.0 2.7 1.3 15.0 4.3
5.|-- xe-1-3-3.cr4-sjc1.ip4.gtt.net 0.0% 10 1.6 5.4 1.6 36.4 10.9
6.|-- as4134.sjc10.ip4.gtt.net 0.0% 10 5.8 3.9 2.2 5.8 0.9
7.|-- 202.97.50.53 0.0% 10 3.1 3.7 2.2 5.3 0.8
8.|-- 202.97.52.145 0.0% 10 166.0 167.1 165.2 169.0 1.0
9.|-- 202.97.58.109 0.0% 10 163.9 165.1 163.9 166.4 0.6
10.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
root@debian:~# mtr --report www.douban.com
Start: Sun Jun 18 20:54:05 2017
HOST: debian Loss% Snt Last Avg Best Wrst StDev
1.|-- 23.92.24.3 0.0% 10 0.7 0.8 0.6 1.5 0.0
2.|-- 173.230.159.12 0.0% 10 0.8 0.9 0.7 1.5 0.0
3.|-- ae9.cr0-sjc2.ip4.gtt.net 0.0% 10 1.4 4.5 1.3 26.4 7.9
4.|-- xe-2-1-2.cr4-sjc1.ip4.gtt 0.0% 10 1.8 1.7 1.6 2.6 0.0
5.|-- 218.30.54.69 0.0% 10 6.3 4.7 3.1 6.3 0.9
6.|-- 202.97.50.69 0.0% 10 5.1 5.5 2.2 9.2 2.1
7.|-- 202.97.52.185 0.0% 10 188.3 160.9 151.6 188.3 11.5
8.|-- 202.97.85.61 0.0% 10 181.8 156.4 151.1 181.8 9.7
9.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
4 Replies
@AnnoymousLinode:
I know it might have something to do with China's GFW, but is this a known issue with Linode CA servers?
Since I don't think anyone here really knows how the GFW works, the best we can do is guess that some IP was previously used by some website or VPN or something and a range got blocked (or maybe just one IP if you kept getting the same IP). New IP or new IP block would fix that. Don't be surprised if you get blocked again though if you're in China or providing VPN services to China. It'll be a bit of a cat and mouse game…
I've been using OpenVPN and Wireguard when I'm in Canada, and when I do visit China once or twice a year I'd use shadowsocks-libev, as I understand OpenVPN could get one banned in 5 minutes.
I understand even with shadowsocks, the more people using the same server, the riskier it is to be detected by GFW. So I will restrict it to myself only.
China VPN apps