From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?

Edit: To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or something

    • Flax@feddit.ukEnglish
      21·
      1 hour ago

      What are the risks, if you aren’t intending on doing anything illegal?

      • YiddishMcSquidish@lemmy.todayEnglish
        21·
        1 hour ago

        They can load in spyware that follows you outside the country. Also the whole “if you aren’t intending to do anything illegal” bit really reads like all the piece of shit bootlicking conservatives after George Floyd.

        • Flax@feddit.ukEnglish
          1·
          42 minutes ago

          They can’t do that unless they take your devices, gain admin access and install stuff onto it. You don’t just get spyware installed your phone simply by entering a country.

          Also the whole “if you aren’t intending to do anything illegal” bit really reads like all the piece of shit bootlicking conservatives after George Floyd.

          Except that is a whole different context. The argument doesn’t work if you’re a citizen of a country and granting your government more and more powers. It would apply maybe if you were a Chinese citizen. OP isn’t talking about moving to China or installing a similar government in their home country. They are going on holiday. You can behave yourself and cooperate with their requirements for a few weeks. If you are really against a country having powers to check your phone and devices and such as a matter of principle, not because you’ve got anything to hide, then don’t go.

          George Floyd was an American citizen murdered in his own country by the powers that were supposed to protect him. Big difference.

          Although I did take precautions myself, such as deleting my memes/downloads folder just in case I saved anything that could be offensive. But it didn’t matter because they didn’t check my phone anyway for simply being there.

          China itself cares the most about public disorder and foreign influence. As long as you aren’t intending on causing foreign interference in how they do things and are just going for purposes of tourism/adventure/meeting people, then you’ll be absolutely fine. They don’t really care enough about you to give you special treatment unless you are seen as a threat like that.

  • philpo@feddit.orgEnglish
    27·
    23 hours ago

    It depends. Very much. And this is the main problem: There isn’t “one” solution, you will need a few.

    The thing with the PRC is: Their great firewall isn’t “one big uniform block”. It’s fairly “variable”.

    For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming. The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine. Until the day the police started to prepare for the party convention - then suddenly my colleague couldn’t get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn’t work - unless I was in the wifi of the hotel or our host company. There it did. Party congress over? Back to normal operations.

    If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.

    Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well. And then double tunnel through that if you can’t directly reach your usual VPN at home

  • CCMan1701A@startrek.websiteEnglish
    16·
    22 hours ago

    tailscale worked some times, but seemed to depend on the location of the moon relative to the air speed of a nearby sparrow and it was really slow.

  • alcasa@lemmy.sdf.orgEnglish
    14·
    1 day ago

    Look into shadowsocks, or just normal vpn.

    Pandafan was quite reliable for me. You might also be able to diy with hk, sg or sk vps instances, but it was a lot of work and a misconfiguration will cut you off.

    • iopq@lemmy.worldEnglish
      8·
      23 hours ago

      Normal VPN doesn’t work because they don’t mask themselves. Even Tor bridges don’t work because they are blocked.

      Shadowsocks is like 2018 advice, go directly to xray and forget about legacy software

      • alcasa@lemmy.sdf.orgEnglish
        4·
        22 hours ago

        Yes, xray is better. Forgot about that. I think there had been a couple newer ones.

        The thing with gfw circumvention is that even older approaches work surprisingly often, as detection methods change and often detection depends on the amount of suspicious traffic. I had most success with a more conventional setup on a vps, but that was more for testing out stuff. Found commericial providers to be more reliable.

        VPNs work surprisingly often from what others tell me. They only block these occasionally. I think astrill and express often work. Just know that the ones that work, probably have chinese govt access.

        Yes, tor never works.

      • Flax@feddit.ukEnglish
        1·
        23 hours ago

        They worked for me most of the time. They cut off after like an hour of use. So I just switch between them.

        • iopq@lemmy.worldEnglish
          1·
          18 hours ago

          So why not just use that just works all the time? I don’t want my internet voice call to cut in the middle and have to switch VPNs

  • TehNomad@piefed.socialEnglish
    6·
    23 hours ago

    As another user posted, how strict the firewall is depends on where you are (and if there are any special events). I heard that Wireguard doesn’t work because of deep packet inspeciton, but I was able to use Tailscale to my home network without problems when I was there last year. I also set up a xray vless-reality proxy on a VPS and Outline servers on Google cloud and those worked too.

    But the easiest method is to buy an HK eSIM for roaming (I used 3HK). I bought a month of LetsVPN but they booted me from the service for some random reason, so I changed to Mullvad which also worked too.

  • BaroqueInMind@piefed.socialEnglish
    53·
    21 hours ago

    People posting here don’t realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.

    Don’t bring in any tech, don’t access your personal net back home, don’t expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.

  • Flax@feddit.ukEnglish
    31·
    23 hours ago

    If you will be using roaming for mobile data in China, you won’t face any blocking.

    Accessing over cloudflare tunnels or just a normal exposed server works.

    VPNs work most of the time. But you can be cut off after like 30 minutes to an hour. I’d recommend only turning it on when you need it.

    I’ve been to China very recently.

    You will most likely face speed issues, although this may be due to the physical infrastructure itself connecting China to the outside internet isn’t really that stellar. As everything Chinese citizens typically use is hosted in China.

  • yaroto98@lemmy.orgEnglish
    31·
    1 day ago

    From what I’ve read if you use a VPN it’s pretty simple to get past the great firewall of china. It’s also only technically illegal, and not really punished.

    • iopq@lemmy.worldEnglish
      4·
      24 hours ago

      Well, no, if you open a wireguard connection it well just get dropped in a minute. You need to do a lot more work than that

  • ag10n@lemmy.worldEnglish
    1114·
    1 day ago

    What you’re asking is illegal where you’re going

    Best of luck to you

      • greyfox@lemmy.worldEnglish
        3·
        2 hours ago

        Unauthorized VPNs (non government approved) are illegal in China. If a business needs their own they can get approval but they have to apply for those exceptions.

        It isn’t really enforced, probably especially so for non citizens, but if you do something they don’t like it is something they could use against you.

        You would probably be less breaking the law to just directly open up SSH and access that instead of tunneling through a VPN. Even though SSH can do tunneling of its own.

    • iopq@lemmy.worldEnglish
      2·
      24 hours ago

      You realize not only Google is blocked, but also Brave search, duckduckgo, everything but Russian and Chinese search engines? You can’t find anything on them except scams and SEO spam

      • ag10n@lemmy.worldEnglish
        9·
        23 hours ago

        Yes, I do know and realize that. Why it’s probably not a good idea to try connecting to your homelab lol

        • iopq@lemmy.worldEnglish
          11·
          18 hours ago

          Just connect, they don’t block random IPs for no reason. You need to transfer a lot of traffic to trigger something

      • Flax@feddit.ukEnglish
        23·
        23 hours ago

        I found deepseek was good for using as a search engine. Lol.

    • Flax@feddit.ukEnglish
      32·
      23 hours ago

      Not really. It’s a grey area. They don’t care about foreigners using vpns at all. It’s kind of expected. Foreign SIMs don’t even face blocks on mobile networks. If you’re going to a sensitive province of China, I think they’ll care slightly more, but as long as you’re not using the VPN to do something illegal, you’ll be okay.