.-- .. - .... .-.. --- ...- .

home archive about

Routing Settings when Bypassing Internet Censorship via VPN

07 Aug 2011

Various techniques are in use by netizens in China to bypass the severe Internet Censorship by the government. Among them, Tor, SSH Tunneling, and VPN are three of the safest and most popular solutions. I run a PPTP VPN service on a VPS in the US.

Usually, a VPN configuration is global. Once a VPN connection establishs, all network traffics will go through the VPN device. But we may want to access the IP addresses in China directly, because they are surely not, and might never be, blocked by the Great Firewall. Direct access is certainly faster than a VPN.

Fortunately, there is an open source project called Chnroutes which is designed to solve this problem for us. This project provides a Python script, which sifts IP addresses in China from the file 'country-ipv4.lst' by the APNIC, and generate from these IP addresses two bash scripts, which can be used to set/unset kernel route table before/after a VPN connection is established/disconnected.

Take PPTP VPN for example. First, we can download the Python script chnroutes_ovpn_linux to your Linux box, add execution permission and then fire it:

chmod +x chnroutes_ovpn_linux
./chnroutes_ovpn_linux

This generates two scripts, vpnup and vpndown, in the current directory. We add execution permission to them:

chmod +x vpnup vpndown

Next, we rename them and copy them to ppp's configuration directory:

cp vpnup /etc/ppp/ip-pre-up
cp vpndown /etc/ppp/ip-down.local

After that, we have to disconnect and reconnect from our VPN. And now, all network traffics between you and those Chinese IPs will no longer go into the VPN tunnel.

Chnroutes supports both openVPN and PPTP, and it works on Mac, Linux, and Windows. I am using it on Fedora 14 with PPTP VPN. It works very well.

(本文中文版链接)

Creative Commons License
comments powered by Disqus