1

I'm working on a project that utilizes embedded Linux devices which are communicating home via a OpenVPN session which is initiated by the embedded device.

This set up is obviously not working in China. Several debugging sessions showed that the session stayed open for a short period and was then closed by a man in the middle. Both server and client were logging that the connection was reset by the other party.

I now wonder if there's any way, to bypass the Great Chines Firewall. Encryption's not crucial and I'm aware of the possibility to run OpenVPN without encryption but I have to find an appointment for another debugging session with my local partner and don't want to bother him if my idea doesn't work anyway.

Any ideas how to solve that issue?

snafoo
  • 11
  • 1
  • I think you have a wrong impression on Chinese internet policies. Actually China doesn't block VPNs as of now. This would be very damaging to its economy since any foreign company would be outraged if forced to send unencrypted data. What makes you think this is a man in the middle attack? Be aware that a connection between China and any site outside might be pretty slow depending on from where in China you send data, maybe it's just a timeout issue. Try to send data from site to site without VPN and check how stable the connection is just to verify that it is not an issue with VPN. – Broco Sep 07 '16 at 13:32
  • 1
    Well, I read lot's of stuff about how their DPI infrastructure is intercepting traffic and I have some evidence that it's happening here too. 1) As long as the connection was open, the ping was decent 2) Monitoring the OpenVPN logs on both side didn't show any time outs. Client and server claimed, that the other side closed the connection 3) We tried port 443 instead of 1194 which suddenly showed invalid certificates on both sides... so someone with a different certificate actually sneaked on the line. – snafoo Sep 07 '16 at 14:59

0 Answers0