Hope to have intergrated anti-censorship funtion in the future



  • I bought a hp microserver gen8 and install pfSense in ESXI host.It works well although … I mean it lacks the feature to bypass government network censorship.I'm not doing any thing unmoral or illegal.I JUST WANT TO GOOGLE WITH GOOGLE,WATCH YOUTUBE AND VIEW TWITTER SOMETIME  :'( pfSense indeed come with VPN function,but most VPN traffic in my country will either be detected and cut off within seconds or suffer from heavy package drop to make it unusable  :-[

    Before I use pfSense,I use shadowsocks to encrypt my traffic, kcptun to work around package drop,and chinadns to avoid dns pollution.Will pfSense support these features in the future?





  • @jahonix:

    https://forum.pfsense.org/index.php?topic=80663.0
    https://forum.pfsense.org/index.php?topic=69238.0

    Thanks jahonix.Openvpn is basically useless in China now as I said above so that does not work.I tried ocserv on my VPS and it works,but due to heavy packet loss,the speed is below 100kb/s which is unacceptable.I'll create a VM and set transparent proxy later,hope that works  :)



  • Have you seen that?

    @karla:

    Using OpenVPN over SSH is the most suitable way to conceal you connection and be able to get free access to any blocked content http://www.vpnfaqs.com/2015/06/openvpn-china-conceal-connection-now/  China Firewall can't detect OpenVPN protocol so you can browse normally as you are located outside China.

    @jimp:

    On pfSense 2.4 with OpenVPN you might have some luck with an SSL/TLS VPN that uses TLS Encryption+Authentication (–tls-crypt). It provides extra privacy and protocol obfuscation. That and moving it to another non-default port might help.



  • Had a colleague in China last year using my OpenVPN.  As a tourist on "public", hotels mostly, hot spots I'm sure it's not the same as for a "subscribed" service.  But even so it seemed connections were restarting quite a bit.  For a mobile device not being heavily/continuously used it was okay.  Can't imagine the poor user experience for heavy computer use though.  We weren't doing any thing to obfuscate though.