Over The Great Firewall of China

I just finished telling the whole story of me dealing with the censorship problem from the inside of the Great Firewall of China to two of my new friends that I just met.

It was around 2:00 in the morning, at least 3 days into the hectic 12-days China tour with Yellow Claw — a dutch DJ/producer duo that I got to work with as a VJ. We were all on our way back to the hotel after our show in a city that I could hardly remember the name of when I notice something wrong with my VPN. It’s not working. I tried doing speedtest and checking my messages on WhatsApp and LINE but nothing showed up and I couldn’t send any messages. It didn’t bother me too much as the VPN connection between my phone and the server does usually freak out whenever my phone reception went bad. So I assumed it was just a normal disconnection.

Until I checked my “premium” VPN app and it told me that they couldn’t bill my PayPal so they couldn’t give me access to their servers.

Fuck.

It’s now 3 AM and I barely had any sleep on that day and the day before. But I gotta fix this because I’d be dead without free internet. Soon as I hit my room in the hotel, I pulled both of my laptop and trying to connect to the VPN server just in case it’s just something had happen to my phone (though of course it’s not. dumb izzy.)

Few days before, I stumbled upon AlgoVPN through InfoSec Taylor Swift twitter account. A VPN server solution that you can easily deploy on virtually any kind of server ranging from cloud servers to Raspberry Pi that you would just put next to your home router.

—before I continue, please bear in mind that I’m in no way trained or formally went to school for computer science whatsoever. Pardon me if I use the wrong term for things or do stupid things that could’ve been easily solved. Now, onto the main show.

I think to myself that I should just go to the github page of Algo, clone it, get it up and running, and go to bed. Well fuck that, I can’t access github from China. I can’t access stackexchange, too. I also can’t use Google as my search engine. Not even duckduckgo. So I had to go with Bing. And by the way, anytime I put a term that is remotely related to VPN, censorship, etc. the search would return zero results. ZERO. Like it’s not even trying to lie a little better to the Chinese citizens, it’d just straight up lying by saying “oh your search has returned zero results, please don’t search for VPN or we’re going to SWAT your hotel room.”

So I was like, let’s go a little backward by looking for the blog that I read earlier. The blog said I could easily set up Algo on a cloud server in fairly short steps. Apparently Algo works on IKEv2, which means it should work just fine against the Chinese DPI. Cool. Now let’s find a cloud server that I can access from China. So I tried accessing DigitalOcean and it opened just fine. Great. I tried to login and it said that I have never activated my DigitalOcean account.

So, activate the account? Duh. Why are you such a simpleton, izzy?

Well yeah unless I signed up on Yahoo or Outlook (or better yet, QQ) then I wouldn’t have to worry about activating my account from China. The problem is, I have no access to my gmail inbox.

Miraculously, the hotel wifi somehow lets WhatsApp messages to go through. I still cannot access WhatsApp desktop from my laptop but the mobile app works just fine. So I went over to my bros group and ask them for help. One of them was still up and offered to help.

I sent him my gmail credentials in a private manner and I can already tell that we’re about to hit another wall.

So I fired up Authenticator on my phone and gave the number he needed.

After he gained access to my gmail inbox and verified my DigitalOcean account, I continued my long journey to the free internet.

I made a new droplet in Singapore since that’s the only place that I can logically think of with reliable internet speed and also the closest one to China. I cloned Algo to the droplet and start setting it up, following the guide made by that blog that I will link down below in a minute.

I’m a big fan of these neon-ish looking films. China does feel like one of those cyberpunk cities.

After a few trial and error, in an hour — Algo was finally up and running on my cloud server based in Singapore. I was so happy but then I realize that setting up an IKEv2 VPN connection on the client side would require a private key copied locally to the client machine.

Now that’s another challenge for me: to move the private keys from the server on Singapore into my machines which currently reside in China.

I searched some subreddit for a way to transfer files with scp. (yes, for some fucking reason they don’t block reddit it’s fucking weird cuz you’d get a lot weirder shit from reddit compared to gmail)

And well, setting up scp transfer was just way too lengthy and complex for my amateur hacking skill to execute. I need an easier way to get those files.

So I remember about ftp — except; I have no idea how to use ftp in a terminal. I’m so fucking dumb I hated myself at that time. I tried reading some docs on using ftp and those stuff but it was just too much for me for that time being.

I braved myself and pulled a search on Chinese Bing for FileZilla and good lord I have a download link. I downloaded FileZilla, got it up and running, connected it to my DigitalOcean server and start downloading the keys I needed to setup the VPN connection.

I was so happy when I finally gained access to the free internet world after my laptop gained its strength by installing a new VPN connection that’s fast and reliable as fuck and bypassing the Great Firewall of China from the inside.

Okay if I had a MacBook laying around, things would have been a lot easier. The other tour members are all using MacBook but it’s 4:30 in the morning and we just had a show and everyone are just so tired. I wouldn’t bother them cuz I’m not a monster.

So I tried to see if I can somehow send those keys over from my computer to my phone. The only reliable way to do it between a PC and an iPhone might probably be an email. An email that is sent to the iPhone and opened in the iPhone’s own Mail app. Since that’s the only way for the phone to detect and have the permission to install the .mobileconfig VPN configuration file in the email attachment.

Remember that Google is blocked thing in China? Yes, that thing has become a problem even after this story is real close to finish.

I can’t just send these files through gmail from my laptop to the phone.

So you know what I did? I signed up for a new Yahoo mail account.

I logged in to the Yahoo mail on my phone, connect it to my accounts & sync and get the Mail app running on Yahoo as well.

Sent the files over Yahoo mail and install the keys on my iPhone.

EVERYTHING WORKS. Real fast. Stable. No random disconnect or lag whatsofuckingever for the rest of the China tour.

I got myself a stable VPN server for all my devices, all set up from the inside of the Great Firewall of China. I am proud of my achievement of fundamentally breaking the Chinese law and resisting against the tyranny for the sake of free internet.

self-taught CG artist with a background in film from indonesia. now busy making art for the digital realm. one byte at a time.