VPN prohibition - even for business solutions? (eg 4 remote workers)

Hello,

I could not find confirmed information about this subject.
In the German News it is said, that VPN connections will not be allowed even more - a strict prohibition even for companies.

My  Digital Workplace solutions depend on a secure VPN connection - else, no content with strategic or r&d relation can be transmitted.
International cooperation of knowledge-workers is no longer possible then - I really do not think, that this can be a target of the Chinese authorities ...

I could modify my own CYBR CSCW-SUITE to work via i2p, but
a) such workarounds are most likely at least depreciated now - and
b) will be forbidden later.
c) other tools like the resource-planning with Primavera P6 still need a secure VPN connection.

Is somebody has reliable information about this subject,
I'd be happy for getting some feedback!

Thanx in advance,

Florian

The American Chamber of Commerce in Shanghai reports on this VPN issue periodically. Most recently, they have said there is still no confirmation about what will happen from the government. They have a newsletter you can subscribe to (I don't think you need to be an American to subscribe!). The newsletters are sent to your email.

Hello RayFlow,

My company is in Zhuhai, China.  We have been using a VPN for the last few years since Google was kicked out of China.  We use gmail, and it cannot be used at all unless you have a VPN.

Over the last six months we have been having an increasingly difficult time accessing our gmail account.  We have gone through, perhaps, seven VPNs. The Chinese government utilizes a complex system for blocking non-approved Internet content.  Most VPN's are unsuccessful.

We are currently using a temporary work around.  However it is unknown how long this temp system will hold up.

The staff wants to switch to a Chinese equivalent system such as 163 or something similar.  However, our sales force and key owners are reluctant to change. This is not something that will go away.  This is the way business needs to be accomplished in China.  Get with the program or get off the boat.

I understand your frustration, but you are forgetting that you are making arguments from a position of weakness.  If you won't conduct business using Chinese approved methods, then you can go elsewhere. No one is forcing you to do business in China.  You can do business in France, Guiana, Turkey or Zambia instead.

And that's the big rub.  For a solid decade the EU and the Western media has been complaining about Chinese pollution.  So China has done something about it. There are now roving EPA inspections, with armed Corruption Police.  Factories are not only being shut down but Management is getting arrested and going to prison.

So to meet the Chinese EPA requirements, requirements I must add that COME from the EU and which China agreed to, you will have to pay higher prices.  higher prices for steel.  Higher prices for aluminum.  Higher prices for glass.  Higher rices for paper.

Not only that, but the trash for the West is no longer being accepted. What that means is that the Western nations will need to find a way to deal with it.  This will occur at the same time that China is putting pressure on the West using the strength of the RMB and gold reserves.

For now, I am dealing with all kinds of Western clients who want their cake and to eat it as well.  Sorry guys.  If you want the low wages, and the EPA requirements, and all the red tape that the huge armies of bureaucrats concoct up, then you had best play the game.  The big boy in the school yard is China and if you don't like it, you can leave.

So, yes you are in the same boat as I am.  My clients dont like it.  They don't like the prices rising up.  They don't like that at all.  But they do like the better environmental laws.  Like I said, you can't get both.  It is always one or the other.  Now China is calling the shots.  You want to work in China.  Fine.  Forget about Google.  Forget about Facebook. Forget about you-tube. Forget about Instagram. Board the China-train or don't.

Sorry. I cannot help you.  I would advise you to work with a wholly Chinese server and email system. Forget about Western migration. It will not happen.  Best of luck.

OK, thanks for sharing your view.

...was your workaround:
1) setting up your own OpenVPN server
2) use SSL or SSH tunneling against DPI (deep packet inspection)?
The via SSH hidden OpenVPN protocol in my case is only used for connecting the clients to the server for enabling a protected intranet access.
It's not about reconnecting to some Facebook or Alphabet.Inc services or any other visible internet pages.
The problem is: the Chinese government cannot be sure about this restricted usage - if a user slips through the great wall using these techniques and has access to our server in Germany, a redirect outgoing from this server could be performed without any problem..

However: as long as the legal situation is unclear in China, I simply strike it off from the list.
I am really not interested in running into conflict with the Chinese authorities...
(even if I believe, that cutting-off the klowledge-workers from the rest of the world is not a good idea and is reducing their competitiveness on a long-term basis...)

For a while we were using SSL tunneling. Then we switched to remote desktops to servers in HK. Now we have a workaround using our own VPN. I really don't know how long any of this will last.

I have my IT working on ways to keep our servers online. For now things are holding on fine.  The staff are instructed only to use the system for gmail communication and NOTHING ELSE. That seems to work. As the traps set up to shut down tunnels are out looking for website traffic.  I think.

The writing is on the wall.

Unfortunately, the sales staff, management and clients seem to think that this current situation is temporary and that eventually it will dissipate. I hold a contrary opinion.

Legally speaking, they are not allowed to all (to my knowledge) but as long as a VPN is used properly, most of the time it lasts longer. The moment your connection starts messing with restricted accesses, your VPN starts failing. With packet inspection, I suspect even VPNs are monitored (i.e. they know that such VPN connections are being made and probably attracting more interest on what's going on such VPN from the authorities)

There might be another way but I doubt it is so legal, and probably traceable and so I am not hinting more about this.

as [at]VANNROX said, the best way is to adapt. If you are using Gmail as mail you can set up forwarding on that account. Have a server available outside the country to allow you to configure them, but then why don't you host your services straight away?
If you're dealing with sensitive R&D, you are probably conducting it into the wrong place (IMO). Probably it is gold for China and it sounds like setting up a bank inside a prison. If location is not questionable I wonder if anyone ever requested permissions from authorities to be granted such access and get it the legal way by probably complying with strict reporting and rules

Hi Florian;

I believe you misunderstood the banning of VPN's in China. What that was in reference to was that China prohibited Apple from offering the VPN apps on their Apple Store website in China. Any other service that allowed you to download VPN apps no doubt would also have to told they can't do it if they wish to do business in China.

The whole point of a VPN is to prevent someone from knowing you have full web access. So China can ban/prohibit/forbid, all they want but the VPN's are operating outside of China and customers are completely hidden from the authorities. The government does "attack" VPN's from time to time and on occasion there are disruptions to the service, but more often than not, the poor internet infrastructure is a more frequent cause for problems in service.

Make sure you have at least two VPN's active and ready to go before you come here. There are plenty to choose from. Read reviews of VPN's in China. I wouldn't use a free one. You get what you pay for. A year's subscription usually ends up costing less than ten dollars (US) a month. I currently use VYPR VPN (pay a little extra for their Chameleon connection). I signed up for and downloaded this service  two months ago while living here in China, after the authorities announced the ban, because I was having problems with Express VPN which is also good but for some reason, it didn't mesh well with my Macbook.

Bottomline: It's "Business as usual."
Cheers!
Brian

I wouldn’t worry about it.  Been using one for 4 years.  The IP address constantly changes and this isn’t a James Bond movie.  No one cares really it’s all rhetoric

you were right. here we are in summer 2018 and my vpn still works.

New topic