[Solved]Problem connecting to some Chinese websites from Fremont, CA

Hi,

I set up OpenVPN in Debian 9 on a CA server, but I couldn't connect to some Chinese websites from Canada via this VPN connection, such as:

baidu.com, and many of its subdomains such as maps.baidu.com;

http://www.douban.com;

jd.com and many of its subdomains;

etc.

However, any websites outside of China can be visited just fine. I can also connect to some other Chinese websites, just not all of them.

Troubleshooting:

1. iptable was flushed, and the problem remained.

2. I thought perhaps I mis-configured OpenVPN, so I installed Shadowsocks-libev (another type of VPN), and the problem was the same;

3. To remove VPN from the equation, I rebuilt Debian 9, only installed links ( a terminal web browser) so I could try connecting from the Linode server directly, and links couldn't visit those websites either (as it would be "making connection" forever).

4. Perhaps it was Debian, so I set up Arch and Centos with links only, and it still couldn't connect.

5. Perhaps it was links, so I tried lynx, and still the same.

6. Then I set up another Linode (JP2) with Debian 8, and everything was fine: I could visit all those websites in China.

I know it might have something to do with China's GFW, but is this a known issue with Linode CA servers?

P.S.

Edit: MTR reports show packets were lost at the last hop.

[email protected]:~# mtr -rw baidu.com
Start: Sun Jun 18 20:56:55 2017
HOST: debian                        Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 23.92.24.2                     0.0%    10    0.6   0.7   0.6   0.9   0.0
  2.|-- 173.230.159.14                 0.0%    10    0.9   0.9   0.8   1.1   0.0
  3.|-- 173.230.159.8                  0.0%    10    0.8   0.8   0.8   0.9   0.0
  4.|-- ae9.cr0-sjc2.ip4.gtt.net       0.0%    10   15.0   2.7   1.3  15.0   4.3
  5.|-- xe-1-3-3.cr4-sjc1.ip4.gtt.net  0.0%    10    1.6   5.4   1.6  36.4  10.9
  6.|-- as4134.sjc10.ip4.gtt.net       0.0%    10    5.8   3.9   2.2   5.8   0.9
  7.|-- 202.97.50.53                   0.0%    10    3.1   3.7   2.2   5.3   0.8
  8.|-- 202.97.52.145                  0.0%    10  166.0 167.1 165.2 169.0   1.0
  9.|-- 202.97.58.109                  0.0%    10  163.9 165.1 163.9 166.4   0.6
 10.|-- ???                           100.0    10    0.0   0.0   0.0   0.0   0.0
[email protected]:~# mtr --report www.douban.com
Start: Sun Jun 18 20:54:05 2017
HOST: debian                      Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 23.92.24.3                 0.0%    10    0.7   0.8   0.6   1.5   0.0
  2.|-- 173.230.159.12             0.0%    10    0.8   0.9   0.7   1.5   0.0
  3.|-- ae9.cr0-sjc2.ip4.gtt.net   0.0%    10    1.4   4.5   1.3  26.4   7.9
  4.|-- xe-2-1-2.cr4-sjc1.ip4.gtt  0.0%    10    1.8   1.7   1.6   2.6   0.0
  5.|-- 218.30.54.69               0.0%    10    6.3   4.7   3.1   6.3   0.9
  6.|-- 202.97.50.69               0.0%    10    5.1   5.5   2.2   9.2   2.1
  7.|-- 202.97.52.185              0.0%    10  188.3 160.9 151.6 188.3  11.5
  8.|-- 202.97.85.61               0.0%    10  181.8 156.4 151.1 181.8   9.7
  9.|-- ???                       100.0    10    0.0   0.0   0.0   0.0   0.0

4 Replies

Opened a ticket and customer service helps swap a new IP. Thanks!

@AnnoymousLinode:

I know it might have something to do with China's GFW, but is this a known issue with Linode CA servers?

Since I don't think anyone here really knows how the GFW works, the best we can do is guess that some IP was previously used by some website or VPN or something and a range got blocked (or maybe just one IP if you kept getting the same IP). New IP or new IP block would fix that. Don't be surprised if you get blocked again though if you're in China or providing VPN services to China. It'll be a bit of a cat and mouse game…

Thanks for the explanation.

I've been using OpenVPN and Wireguard when I'm in Canada, and when I do visit China once or twice a year I'd use shadowsocks-libev, as I understand OpenVPN could get one banned in 5 minutes.

I understand even with shadowsocks, the more people using the same server, the riskier it is to be detected by GFW. So I will restrict it to myself only.

Can you please elaborate which Chinese Websites are you trying to access? Furthermore, I am pretty sure China VPN apps would certainly help. I am myself using Tunnel Bear and Cyberghost to watch beIN sports in the US, which is originally a middle east channel. So, I am pretty sure any Chinese website can easily be accessed too by using the VPN software. So, give it a try and then let me know because if it's working for me, I am sure it'll work for you too.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct