“Great Firewall of China” – VPN to China

The “Great Firewall of China” (GFC/GFW) is operated by the Chinese Ministry of Information Technology (MIIT) and therefore comes directly from the Chinese government. It specifies which websites and so-called “keywords” must be blocked or filtered, and only a VPN to China has allowed data traffic to date. The firewall not only prevents access to services such as YouTube, Twitter, Facebook, Goggle and many other platforms from abroad in China, but also makes it difficult for companies to communicate with their branches there.

What solution has there been so far to circumvent the “Great Firewall of China”?

In the past, there have always been ways and means of circumventing the whole thing with the help of a VPN to China. Various VPN software was installed on a local computer and a remote server and established an encrypted tunnel (IP Sec) between them. The data from the local computer in China was sent through the encrypted VPN tunnel to the server located abroad. This server then established the connection to YouTube & Co. and sent the data back in encrypted form. The “GFC” was unable to recognize the encrypted data as “forbidden” and did not block it accordingly. Companies have used the same method for their communication.

Does the VPN to China still work today?

With the new regulation of 22.01.2017, the Chinese government has declared war on precisely this “VPN tunnel loophole”. The aim of the new regulation is to shut down all VPNs to China that make it possible to access the “free internet”. The measures were to be implemented by 31.03.2018. However, the government has extended the deadline this year to 31.03.2019. Of course, this does not mean that nothing will be done in this time. The GFC is already filtering out “bad IP addresses” and blocking them forever. All it takes is a simple “Google search” by any employee for Facebook, Instagram & Co. and a valuable IP address from your database is blocked and unusable forever. You can literally watch as IP addresses are “cached” one after the other until you have no way of establishing a connection at all. At the latest since the announcement of the last deadline, companies that have one or more branches in China and communicate via encrypted VPN tunnels (IPSec) are under pressure to act.

Why bypass the “Great Firewall of China”?

Companies use VPNs to dial into their intranet from their local servers (China Inland) or to protect their communication from third parties. Sensitive data such as

• Payroll accounting
• Building plans
• Strategy discussions
• etc.

can be transmitted without being read.

What solution is now available for companies?

First of all, it must be said that before concrete measures to reduce downtime are implemented, a preliminary analysis should first be carried out to determine which company data is particularly important in terms of availability and quality. Appropriate solutions should only be developed on the basis of this preliminary analysis and a calculation of the existing risk of failure. There are basically two solutions that represent real alternatives for a VPN to China. One of these is the MPLS VPN. However, MPLS connections to China are very cost-intensive. A small dedicated MPLS bandwidth to China can easily cost a five-figure sum per month. A real and more cost-effective alternative to MPLS VPN is SD-WAN. The SD-WAN solution for China can be set up on the basis of local internet lines or internet lines that are already on site. Encryption takes place within the SD-WAN. In addition, a further, separate encryption can be used. Without the key having to be deposited with a Chinese authority! SD-WAN is not just a stand-alone solution. SD-WAN solutions are often also flexible solutions for expanding MPLS networks! The experts at Savecall will be happy to advise you on modernizing your VPN to China or worldwide. We help you from the analysis to the implementation of your MPLS VPN or your SD-WAN solution.