More Great Firewall weirdness

Caution: geekiness.

So I have found recently that there are certain places where certain blocked sites — Facebook and Twitter yes; Blogspot no — are still inaccessible even when I’m logged in through my VPN. This seems to happen most consistently when I’m connecting from cafes in the Jiaodaokou and Jinbao Jie neighborhoods of Beijing, over what I believe is Netcom ADSL, and it happens regardless of which Witopia gateway I’m connected through.

I'm not the techiest person, but from my understanding of the way VPNs work, this should not be happening. What's extra-special weird about it is that when I run traceroute to find out where the connections are failing, it seems that the Great Firewall may not even be involved: I'm seeing connection requests time out at IP addresses that are not within China. (One time it was a FastWeb server in Italy; another time it was Korea Telecom; another time it was a UK service provider.)
This is not a problem with my VPN or my setup, as far as I can tell: these sites work just fine through a VPN on my home connection. It seems to be a problem with one specific Netcom office I could be wrong, but I think it's the same office serving both Jiaodaokou and Jinbao Jie; then again, I believe my home connection runs through the same office.

To be honest, the real effect of this is probably a net gain in productivity, but I would still like to know what’s going on, since I can’t figure out how the GFW — if it is that — is messing with me. Does anyone have any theories?

  1. gregorylent wrote::

    oh, man .. i have about a dozen emails from witopia, they really don’t like it when i complain on twitter about their product .. i have several months of strange internet dramas in the particular neighborhood i live in .. even had one time, about 12 hours of totally open internet without vpn! …

    i think isp’s test lots of stuff, the gfw office is staffed with a bunch of gleeful tech wizard wackos, high fives all around very often .. and logic is of little use ..

    Friday, February 26, 2010 at 7:23 pm #
  2. est wrote::

    ping one of the blogspot domains with your VPN on, if the IP is one of the following

    then congratulations, you have to find another not polluted DNS server.

    Note: Use OpenDNS or Google Public DNS won’t work, because the DNS query are in UDP and still tampered and spoofed by the GFW. Try tunnel DNS queries in TCP or IPv6 or VPN.

    Friday, February 26, 2010 at 7:47 pm #
  3. Max wrote::

    I second that DNS suggestion. For me it sounds like your local DNS at home might resolve the blocked domains, but the others don’t. Most VPN providers give you the address to one of their DNS servers you can use.

    Friday, February 26, 2010 at 8:07 pm #
  4. Kellen Parker wrote::

    Yeah they really don’t like it at all when you complain about their service on Twitter. In my experience it’s the fastest way to get them to respond to you for probably just that reason.

    I’ve had some mixed luck here in Shanghai with being unable to connect even behind Witopia, but I haven’t been paying enough attention to be able to say exactly when and where it happens.

    Friday, February 26, 2010 at 8:44 pm #
  5. ichigo wrote::

    Check your DNS. If you’re not using Witopia DNS, you might want to give it a try.

    Friday, February 26, 2010 at 8:49 pm #
  6. Song wrote::

    Agree to ichigo. Try to use the DNS address provided by your VPN service provider. Or use Google’s public DNS:

    Tuesday, March 2, 2010 at 10:28 pm #
  7. Thanks for the suggestions, all. I’m just back in one of the affected areas now, and changing my DNS to Google’s public DNS option fixed it.

    It’s odd, though; I’ve got my VPN client set up (as far as I can tell, at least) to send DNS requests through Witopia’s servers, but for whatever reason that doesn’t seem to be working here. Anyway, manually changing my DNS settings worked a treat. Thanks!

    Thursday, March 4, 2010 at 5:58 pm #
  8. Carl wrote::

    I found that my last VPN provider wasn’t able to get past the firewall as well, and it depended on where I was too. I think it has something to do with the type of VPN your using, the one I had been using I guess was the cheaper option and was supposidly completely blocked in China even though it had been working for me. Right now I’m using Freedur (won a free 6 months) and it runs on proxy and vpn, the proxy is extremely fast, but I’ve been unable to get the VPN working.

    Friday, March 5, 2010 at 8:25 am #
  9. I live in Guilin and have been having all sorts of trouble with Witopia as of late. Usually it will work for the first few minutes, then the firewall seems to somehow overtake my VPN. Any thoughts/explanations?

    Monday, March 15, 2010 at 11:02 am #
  10. adrian wrote::

    many chinese people faced this problem :(

    Saturday, April 17, 2010 at 12:08 pm #
  11. William wrote::

    Chinese Learner: that’s probably bandwidth throttling. They try it on from time to time. Switching to one of the advanced types of connection (using tun/tap) ought to get round that. Either to the LA or the SF gateway.

    Friday, May 21, 2010 at 2:25 pm #
  12. May wrote::

    I absolutely enjoy your Chinese blog entries! That’s how I have come here. Your blog in Chinese has given me fresh views and fresh feelings for so many Chinese characters. Please please write more in Chinese! Definitely enjoyable. maybe one day you should be awarded the “Modern Chinese Special constribution” award.

    Wednesday, June 16, 2010 at 5:36 am #
  13. May wrote::

    Good luck with fighting the GFW.

    Wednesday, June 16, 2010 at 5:37 am #
  14. Brendan O'Kane wrote::

    Thanks, May. It’s been a long time since I blogged anything in Chinese — or English, for that matter — but I’ll probably get back to it at some point.

    Friday, June 18, 2010 at 12:18 pm #
  15. tw wrote::

    My SSH connection works fine.

    Saturday, July 17, 2010 at 2:28 pm #