Help me defeat the Great Firewall of China!

  • Hi all, I am the IT admin at an International School in China.

    We are being hurt big time by the Chinese Internet Filtering system. We cannot use Google Apps anymore without a VPN on our system and we can't afford something like GOIP which is tens of thousands of US dollars per year.

    Here is what I would like to do with pfSense but I cannot seem to figure it out on my own and would REALLY appreciate any help.

    I have the latest pfSense installed on a computer which I can use to replace our current hardware router and 4 gigabit ethernet ports inside the computer (not sure if that many needed but just in case).

    Basically what I need is this: 1 internal static IP that is an "always-on VPN" (could be OpenVPN or PPTP, I'll find the service) then I need to route ALL Google traffic through that gateway VPN. Then another gateway for other traffic that will run normally through the Chinese system.

    Does anyone have any tips or places I could look to try and accomplish this? Thanks in advance! ;D ;D ;D


  • Rent a VPS for $10-20 per month and build your own OpenVPN instance on it.  A lot of commercial VPN services are also blocked in China, from what I understand.

  • Using OpenVPN over SSH is the most suitable way to conceal you connection and be able to get free access to any blocked content  China Firewall can't detect OpenVPN protocol so you can browse normally as you are located outside China.

  • Rebel Alliance Developer Netgate

    On pfSense 2.4 with OpenVPN you might have some luck with an SSL/TLS VPN that uses TLS Encryption+Authentication (–tls-crypt). It provides extra privacy and protocol obfuscation. That and moving it to another non-default port might help.