[118426] in North American Network Operators' Group
Re: ISP/VPN's to China?
daemon@ATHENA.MIT.EDU (Alex Balashov)
Wed Oct 21 19:37:41 2009
Date: Wed, 21 Oct 2009 19:36:40 -0400
From: Alex Balashov <abalashov@evaristesys.com>
To: Robert Boyle <robert@tellurian.com>
In-Reply-To: <1256167734_1961523@mail1.tellurian.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
OpenVPN is ideal. It functions purely over application-level UDP
transport (IP-IP) instead of using GRE/IPSec/other encapsulation
protocols that could potentially be blocked by a protocol filter on a
router. Route that traffic to a server outside of China and NAT it
out to the rest of the Internet.
The default port is UDP 1194, but can easily be changed.
Anyone who wants to block it risks blocking any applications that use
UDP in general, such as online games, Skype, etc.
It is precisely because the traffic has no signature distinguishable
from normal application traffic - aside from the fact that the payload
is encrypted - that it makes a good fit.
It's also open-source and free.
--
Alex Balashov - Principal
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
