.-- .. - .... .-.. --- ...- .

home archive about

Routing Settings when Bypassing Internet Censorship via VPN

08 Aug 2011

Various techniques are in use by netizens in China to bypass the severe Internet Censorship the government has made. Among them, Tor, SSH Tunneling and VPN are three of the safest and most popular solutions. I myself run a PPTP VPN service on a VPS in the US.

Normally, a VPN configuration is global. Once a VPN connection is established, all network traffics will go through the VPN device. But we may want to access the IP addresses in China directly, because they are definitely not, and might never be, blocked by the 'Great Firewall'. Direct access will be very much faster than VPN, obviously.

Fortunately, there is an open source project called Chnroutes is designed to do this for us. This project provides a Python script, which will sift IP addresses in China from the file 'country-ipv4.lst' by the APNIC, and generate from these IP addresses two bash scripts, which can be used to set/unset kernel route table before/after a VPN connection is established/disconnected.

Take PPTP VPN for example. First, we can download the Python script chnroutes_ovpn_linux to your Linux box, add execution permission and then fire it:

chmod +x chnroutes_ovpn_linux

This will generate two script, vpnup and vpndown, in the current directory. We then add execution permission to them:

chmod +x vpnup vpndown

Next, we rename them and copy them ppp's configuration directory:

cp vpnup /etc/ppp/ip-pre-up
cp vpndown /etc/ppp/ip-down.local

After that, we have to disconnect and reconnect from VPN. Then all network traffics between you and Chinese local servers will not longer go through the VPN tunnel.

Chnroutes supports both openVPN and PPTP, and it can be used on Mac, Linux and Windows. I am using it on Fedora 14 with PPTP VPN. It works very well.


Creative Commons License

comments powered by Disqus