Monday, March 14, 2011

China begins blocking VPNs

Over the past few days China has increased its grip on Internet controls and begun blocking VPNs [Virtual Private Networks]. It is the latest in a worrying series of moves at tightening Internet controls in China.

Many Twitter users have complained that access to various VPN services has been shaky or failed entirely recently. One Twitter user, @gudsn, said that GreenVPN failed to connect last Wednesday [March 9] and several users of Witopia, a popular VPN used by many expats, began to state they had problems.

For some VPN users problems began in late January when Freedur, one of the major VPNs used in China, was blocked entirely. The company said that multiple Freedur VPN IP addresses were blocked in China, resulting in service outage for Freedur users using the service from mainland China. Service was eventually restored as the company began the process of changing IP addresses and the updating servers [AP].

But the disruption to VPNs has not stopped at Freedur. In the last two weeks China has intensified its efforts in thwarting people's attempts to jump the Great Firewall of China, the colloquial term for the country's censorship infrastructure. Several users have complained they have been unable to access Witopia, 12VPN's mobile VPN service, Green VPN and Freedur.

In the past, VPN services in China were mostly used by expatriates trying to keep in touch with friends and family via social media, such at Twitter and Facebook. However, such services are becoming more widely used by Chinese citizens and it is this that is of greater concern to China's government.

China's stated stance is that Internet restrictions are applied in order to prevent the dissemination of pornography, terrorist propaganda, and websites which might encourage or create public disorder.

Various theories have been discussed as to why China is beefing up its war on the Internet. In late February, calls for a so-called Jasmine Revolution, inspired by the pro-democracy movements in the Middle East have prompted the Chinese authorities to clamp down hard on social media in China. Sina Weibo, a home-grown micro-blogging website, has tightened censorship and blocked keywords like Jasmine and Wangfujing, the location where protesters were encouraged to gather.

But Internet restriction tighten further still as the 12 National People's Congress began in Beijing. Many VPN users found they could no longer use such services on their mobile device. 12VPN responded to many users' complaints saying that the PPTP and L2TP VPN services had been blocked in China since Wednesday, and were attempting to create new IP addresses. Witopia appeared to be having similar issues by the weekend affecting mobile and PC based network devices. The company was recommending users report problems via e- mail instead of its live support service because of an "extraordinary volume from China shenanigans," according to a Witopia posting on its website. Witopia, located in Reston, Virgina, did not immediately return calls and e-mails to its press office, Bloomberg reported last Friday.

Li Wufeng, chief of the Information Office Internet Affairs Bureau of China's ruling State Council, said services offered in China must be provided by licensed operators and there have never been any issues involving the access of legitimate VPN services that are used by companies to enhance security. It is not known what constitutes a legitimate VPN service however.

Recently the architect of the Great Firewall of China said he had six VPNs which he used to test his creation. Fang Xinbing said more work was needed to bolster China's censorship wall [LA Times / CDT].

For many business users the problems have been compounded as GMail services appeared blocked in many parts of the country. Without a VPN even basic communication was impossible. Google Chat, an online message client has also been unstable lately adding to the problems.

There have been fears that China may also restrict VOIP services such as Skype, because telecom companies are complaining of unfair competition Computerworld reported on a story in the People's Daily which stated that the Chinese regulator had declared Internet phone services other than those provided by China Telecom and China Unicom illegal. However the Ministry of Industry and Information Technology did not give a timetable for when restrictions might come into place. That story was published in late December and as yet there has been no further move against VOIP services. quoted Skype's Chinese partner, TOM Group, as saying, "The operation of Skype in China is compliant with local laws and regulations."

Last month LinkedIn, a business oriented social media website was blocked, if only for around 24 hours. Twitter, which is blocked in China, can be accessed through LinkedIn, and many suspected the block was connected to this.

If Internet restrictions extend to the realms of VPNs, VOIP and business sites, China may be pushing the envelope a little too far for some individuals. While some individuals use VPNs to access blocked sites and watch geographically restricted services such as Hulu LLC's online videos, VPNs are mainly used by companies to give employees secured access to corporate networks.

Without VPNs many businesses would be cut off from secure email and other services. If Skype were to be severed, conference calls might become impossible. China faces a difficult challenge as it tries to appease domestic businesses and hardliners in the party wanting to restrict the Internet, while trying to make a balance as it promotes openness and invites foreign business into the country. By increasing Internet restrictions, it risks throttling that business.

tvnewswatch, Beijing, China


Bill Dan Courtney said...

"Without VPNs many businesses would be cut off from secure email and other services."

After living in China now for six years (I am still able to access your Blogger I just don't think the govt cares about this stuff. For a year or two I have been reading about how the govt here would not restrict VPNs for a variety of reasons, but we now see that those reasons are irrelevant. You can be guaranteed the leaders here have unfettered access to the net and whether or not anyone else does is not an issue to them.

Really disturbing turn of events.

bestbvs said...

Thanks for sharing this such a great information about CHINA VPN
i shared this link to my all facebook and twitter friends

David Warner said...

I was studying in a college and want to open site but I was unable to open any site because every site was blocked at my school but I was able to unblock these sites with this link access any site at school

Willie Ames said...

The issue is not so much blocking VPN but interrupting it, effectively knocking you offline. they don't even need DPI. Just look at the traffic.. If you see someone sending all their data with SSH (or OpenVPN) headers out of a specific port, just kill the connection.
Then when that person gets back online and you see the same thing, do it again.. and again.. and again..
From first-hand experience there's only so much you can take before you really don't care about getting to Facebook anymore.
Luckily they don't seem to focus on all types of packets and all ports at the same time. So one day SSH tunneled OpenVPN packets over port 465 seem to work while the same thing on 443 doesn't work, the next day it might be the opposite..
Source: China VPN Review Site