The ecosystem of secure proxies are pretty advanced in China (Thanks to, you know ...), you can setup a home router that selectively reroute traffic through different proxies automatically and transparently based on latency, target IP and domain etc.

Since Airbnb is international, I guess if someone (assuming it's a small private operation) is offering rental service there, they might as well setup a proxy for foreign guests.

> Some solutions would sort of work, but unreliably, with extremely minimal bandwidth and would suddenly stop working after some time

The sad part is, anti proxy technology is also fairly advanced. Most of well-known VPN protocols such as OpenVPN, AnyConnect, IPSec and Wireguard etc can be identified via traffic analyze, once GFW detects suspicious traffic, it may launch probes to further investigate the service. That's why Chinese people use Shadowsocks, Clan and V2Ray, those proxies are designed to protect itself from these situations.

Shadowsocks and V2Ray require some know-hows to correctly setup. Notably, Shadowsocks requires AEAD ciphers to be relatively safe, and you should never run Tor through it due to flaws in it's transport protocol. As for V2Ray, avoid VMESS protocol since it's is known to be vulnerable to probe attacks.

Your description of the symptom was more or less the same with my personal experience, but the conclusion might be a little bit off IMO. I first tried to deploy proxies to google app engine and use PAC scripts to auto switch between them. It was super fast and worked for ONE day. I really meant one day here, the whole thing stopped working the next day obviously the maneuver was detected and busted. Then I tried both public and commercial VPN services but all of which were either unstable or slow, or even both. At the same time, I almost never had any problems with corporate VPNs but I did not want personal stuff to go through company networks so I hardly used them unless had no choice. Things did not change much until AWS/Azure emerged. I almost immediately deployed an Azure VM dedicated for VPN when it's available to my MSDN subscription. I was pretty comfortable with it as even if my VM got blocked, I could actually redeploy it to a different region in minutes. It turned out I worried too much, I never had any drama with it since I kept very low profile and the VPN was really for myself only.

DNS pollution was for sure only one means of the blocking. Even if the IP address of the site got resolved correctly, the site could not reached as a result of "Connection reset" or "Remote host closed the connection" errors. I thought the blocking was all the time and everywhere until I accidentally realized that I had just access some site without VPN connected and such state could last for from hours to days, as long as I did not access contents deemed sensitive, sites did not seem to matter that much as blocking would not be triggered until I clicked some links. HTTPS did not seem to help at all, so GFW must have the ability to do deep packet analysis. Such behaviors make sense to me as the network traffics in China are enormous even the government would not have enough resource to monitor everything all the time, so the practical approach would be using a little bit of heuristics and commencing blocking only when certain signals were triggered. Also I encountered a couple of times man-in-the-middle attacks as I noticed my browser were not happy with the site's certificates. Such attack might be carried out by the ISP as the certificates were self signed.

Same for me. While I was experimenting I noticed that my ability to connect without blockages was subject to how much attention I've drawn to myself. That part was pretty eerie.

I'm buying a China Mobile Hong Kong SIM. 10 eur for 10 gb, free roaming in mainland. I can access any blocked service in Mainland at full speed. Usually putting a vpn layer on top. no speed impact.

The sim can be purchased in any convince store in hk without identification.

That's the easiest solution in my eyes.

Not for long: https://www.wsj.com/articles/hong-kong-plans-law-to-tie-mobi...

How can you laptop use it? Use the mobile as an hotspot?

yes, i did that

Last I checked, the v2ray project was state of the art for GFW bypass[0].

[0] https://guide.v2fly.org/en_US/basics/vmess.html

That's fascinating -- I'd never heard of it before. How does it compare in effectiveness at evading DPI and FW detection in comparison to, say, tor with the meek-azure obsproxy that reflects traffic off Microsoft's Azure service?

V2ray is a plugin used on top of shadowsocs

I believe Google's outline uses it

I had the same experience, trying to self-host my VPN or other evasion solutions only served to get my server and domains banned for all other purposes from inside the GFW. The symptoms were exactly the same as you described (at first, they "sort of work, but unreliably, with extremely minimal bandwidth and would suddenly stop working after some time").

In the end, I'm not going to try that anymore, I haven't been in China for 2+ years now due to COVID, but next time, I'll hope my server is out of the blacklist again and hope I can access my (self-hosted) emails and other normal services that don't try to evade it.

The student VPN of another Asian university or the employee VPN of a well established company seemed to work last time. Not sure if that can be counted on reliably though...

Selfhosted v2ray and shadowsocks with cloak addon were reliable in 2019.

Japan VPS location worked ok to access European sites, much better than Hongkong based, but I guess thats the peering.

https://www.v2ray.com/en/ https://github.com/cbeuw/Cloak

Did you try any public wifi in that small town? In China, much of GFW circumvention happens at the router level. You can easily buy special routers on taobao with shadowsocks built in. It's possible your AirBNB host simply had their internet set up to bypass the GFW by default as a convenience for their guests.