Among the things that the People’s Republic of China is known for is the Great Wall of China, however, we tech nerds also associate the country with the Great Firewall of China (GFW). The GFW, officially known as the “Golden Shield Project,” is an ever-growing effort by the Chinese government to implement strict censorship of the Internet content accessible to its citizens. Sites that are or have previously been blocked include Google, Facebook, YouTube, and WordPress, plus many more.
Recently, a friend of mine was planning a trip to China in order to teach an ESL course. In addition to his understandable desire for some level of privacy in his internet access, he also needed access to YouTube in order to do some of the segments in his curriculum. When he asked for recommendations on how best to circumvent the GFW, my first thought was to use a VPN, but, after doing some reading, I discovered that the GFW has added technology in recent years to detect and block IPs associated with VPNs (see here and here).
With a true VPN no longer a reliable option, the next best thing I could think of was to use an SSH tunnel as a VPN alternative. Instructions for running an SSH tunnel on a Windows OS using PuTTY are scattered over the web, including here and here. The “gotcha” that you may well run into (as my friend did), is that you must enable remote DNS lookup, otherwise the URLs you are requesting will be visible to the GFW.
In order to do this, you only need to navigate to about:config in your Firefox browser (unfortunately, no other popular browsers currently support SOCKS5, which is required). In config, search for “dns” and double click on the line called “network.proxy.socks_remote_dns.” Once this value is set, Firefox will resolve all queries through your SSH tunnel, returning the encrypted content for your viewing pleasure.
So that was my experience tangling with the GFW. This great technological wonder is ever-evolving and has begun to defend against VPNs, one of the newer forms of secure access to the web. It is possible that the GFW could also detect and block the SOCKS5 protocol in the future, but for now at least SSH tunnels are still a viable option for tunneling through the GFW.