I just finished telling the whole story of me dealing with the censorship problem from the inside of the Great Firewall of China to two of my new friends that I just met.
“Hey you should write it down and share it, put it on medium,” said one of them.
“You know I had thought about it before,” I replied and paused.
“Alright you know what, I’ll do it.”
It was around 2:00 in the morning, at least 3 days into the hectic 12-days China tour with Yellow Claw — a dutch DJ/producer duo that I got to work with as a VJ. We were all on our way back to the hotel after our show in a city that I could hardly remember the name of when I notice something wrong with my VPN. It’s not working. I tried doing speedtest and checking my messages on WhatsApp and LINE but nothing showed up and I couldn’t send any messages. It didn’t bother me too much as the VPN connection between my phone and the server does usually freak out whenever my phone reception went bad. So I assumed it was just a normal disconnection.
Until I checked my “premium” VPN app and it told me that they couldn’t bill my PayPal so they couldn’t give me access to their servers.
Quick side note on this “premium” VPN thing: before I left for China, I read some stuff about what kind of VPN protocol that would still work in China and apparently a good majority of VPN protocol are mostly banned in China including OpenVPN, L2TP, and IPsec through deep packet inspection (DPI). This premium VPN thing that I subscribed to claim to use a proprietary protocol that was built upon OpenVPN 256-bit and they claimed to work flawlessly against DPI. So I figured it’d be a good idea to use their service for the time I’m in China.
It’s now 3 AM and I barely had any sleep on that day and the day before. But I gotta fix this because I’d be dead without free internet. Soon as I hit my room in the hotel, I pulled both of my laptop and trying to connect to the VPN server just in case it’s just something had happen to my phone (though of course it’s not. dumb izzy.)
Few days before, I stumbled upon AlgoVPN through InfoSec Taylor Swift twitter account. A VPN server solution that you can easily deploy on virtually any kind of server ranging from cloud servers to Raspberry Pi that you would just put next to your home router.
—before I continue, please bear in mind that I’m in no way trained or formally went to school for computer science whatsoever. Pardon me if I use the wrong term for things or do stupid things that could’ve been easily solved. Now, onto the main show.
I think to myself that I should just go to the github page of Algo, clone it, get it up and running, and go to bed. Well fuck that, I can’t access github from China. I can’t access stackexchange, too. I also can’t use Google as my search engine. Not even duckduckgo. So I had to go with Bing. And by the way, anytime I put a term that is remotely related to VPN, censorship, etc. the search would return zero results. ZERO. Like it’s not even trying to lie a little better to the Chinese citizens, it’d just straight up lying by saying “oh your search has returned zero results, please don’t search for VPN or we’re going to SWAT your hotel room.”
So I was like, let’s go a little backward by looking for the blog that I read earlier. The blog said I could easily set up Algo on a cloud server in fairly short steps. Apparently Algo works on IKEv2, which means it should work just fine against the Chinese DPI. Cool. Now let’s find a cloud server that I can access from China. So I tried accessing DigitalOcean and it opened just fine. Great. I tried to login and it said that I have never activated my DigitalOcean account.
So, activate the account? Duh. Why are you such a simpleton, izzy?
Well yeah unless I signed up on Yahoo or Outlook (or better yet, QQ) then I wouldn’t have to worry about activating my account from China. The problem is, I have no access to my gmail inbox.
Miraculously, the hotel wifi somehow lets WhatsApp messages to go through. I still cannot access WhatsApp desktop from my laptop but the mobile app works just fine. So I went over to my bros group and ask them for help. One of them was still up and offered to help.
I sent him my gmail credentials in a private manner and I can already tell that we’re about to hit another wall.
“I need two-step verification,” my bud said.
“Crap. Does it say anything about Google App?”
“Fuck no I have no way to access my Google App it’s just a complete white screen when I open it.”
“Does it have any button that might say something like ‘other method’?” I asked him.
“Yeah yeah, I can choose between text message and Authenticator.”
“AUTHENTICATOR. Go for that one.”
So I fired up Authenticator on my phone and gave the number he needed.
After he gained access to my gmail inbox and verified my DigitalOcean account, I continued my long journey to the free internet.
I made a new droplet in Singapore since that’s the only place that I can logically think of with reliable internet speed and also the closest one to China. I cloned Algo to the droplet and start setting it up, following the guide made by that blog that I will link down below in a minute.
After a few trial and error, in an hour — Algo was finally up and running on my cloud server based in Singapore. I was so happy but then I realize that setting up an IKEv2 VPN connection on the client side would require a private key copied locally to the client machine.
Now that’s another challenge for me: to move the private keys from the server on Singapore into my machines which currently reside in China.
I searched some subreddit for a way to transfer files with scp. (yes, for some fucking reason they don’t block reddit it’s fucking weird cuz you’d get a lot weirder shit from reddit compared to gmail)
And well, setting up scp transfer was just way too lengthy and complex for my amateur hacking skill to execute. I need an easier way to get those files.
So I remember about ftp — except; I have no idea how to use ftp in a terminal. I’m so fucking dumb I hated myself at that time. I tried reading some docs on using ftp and those stuff but it was just too much for me for that time being.
I braved myself and pulled a search on Chinese Bing for FileZilla and good lord I have a download link. I downloaded FileZilla, got it up and running, connected it to my DigitalOcean server and start downloading the keys I needed to setup the VPN connection.
I was so happy when I finally gained access to the free internet world after my laptop gained its strength by installing a new VPN connection that’s fast and reliable as fuck and bypassing the Great Firewall of China from the inside.
Next problem: my phone is an iPhone and both my laptop are Windows. I need those keys in my phone too, goddamn.
Okay if I had a MacBook laying around, things would have been a lot easier. The other tour members are all using MacBook but it’s 4:30 in the morning and we just had a show and everyone are just so tired. I wouldn’t bother them cuz I’m not a monster.
So I tried to see if I can somehow send those keys over from my computer to my phone. The only reliable way to do it between a PC and an iPhone might probably be an email. An email that is sent to the iPhone and opened in the iPhone’s own Mail app. Since that’s the only way for the phone to detect and have the permission to install the .mobileconfig VPN configuration file in the email attachment.
Remember that Google is blocked thing in China? Yes, that thing has become a problem even after this story is real close to finish.
I can’t just send these files through gmail from my laptop to the phone.
So you know what I did? I signed up for a new Yahoo mail account.
I logged in to the Yahoo mail on my phone, connect it to my accounts & sync and get the Mail app running on Yahoo as well.
Sent the files over Yahoo mail and install the keys on my iPhone.
EVERYTHING WORKS. Real fast. Stable. No random disconnect or lag whatsofuckingever for the rest of the China tour.
I got myself a stable VPN server for all my devices, all set up from the inside of the Great Firewall of China. I am proud of my achievement of fundamentally breaking the Chinese law and resisting against the tyranny for the sake of free internet.
Hey there, izzy here. I’m writing this as I’m downloading TensorFlow to try a new model of DeepLab that I think would help me in my creative work.
This story was possible with the help of free information in the free internet. Imagine a world without Google, Wikipedia, Twitter, github, Instagram, etc. — It wouldn’t be nice. If you live in a country that tries to forbid you as a citizen from having the rights to free internet, fight for it. Fight against the evil corporations and government agencies. Free internet should be accessible for everyone.