I’m currently at home in the USA but my family will go to China soon. We will need to access our USA financial institutions for trading and such while we’re in China, and we’re a bit paranoid about using well-known paid VPNs for our financial transactions.
I’m a Linux and networking newbie, but was wondering how feasible is it to buy a Raspberry Pi and run that off of our home internet here in USA as a VPN server to reliably and securely bypass the GFW.
That way we can directly connect into our home network in the USA and access our financial institutions from there.
Has anyone managed to do it here? What’s your configuration like?
6 years ago I left an old laptop (c. 2004) running Ubuntu server in my mom’s network cabinet. I didn’t really expect it, but 6 years later it’s still running fine.
I use it as my backup VPN (though for a couple years I just used it alone), and also route Netflix through there since I use my mom’s account.
As far as I know it’s never gotten blocked. Only downtime has been some power/internet outages.
I have a wireguard set up and it works like a dream. It runs in a docker container on a rpi at a friend’s house. It’s so nice because Netflix, all the banks, and everything else just think I’m a house in the US. I can flow about 20Mb/sec which is extremely fast for anything I need, including voice.
What you need is to setup a v2ray vpn with vmess protocole. It works pretty well as long as you have good bandwidth in china you can stream youtube for example.
Most standard vpn will either be blocked after 2-3 connections or be slow af.
Wireguard will be blocked after a few use (as well as tailscale).
Are you able to connect to WireGuard with a Chinese SIM card / wifi? I’m heading to Shenzhen soon and I will need to connect to my Synology via WireGuard back home in California. I’m concerned I won’t be able to.
The setup works abroad and I use it a lot but never tested it in China.
Tailscale the service is blocked in China at a DNS level. You can however use another VPN to access tailscale (such as shadowsocks) and then start tailscale successfully.
That, I don’t know. If you are able to use a VPN getting around GFW then Tailscale could too? Tailscale is based on Wireguard and it is fully encrypted.
Edit: I will also add that Tailscale is veeeeery easy to setup on a Pi, all my computers and mobile devices.
There’s not really a guide that I followed, maybe there’s one, but not sure. If you’re not familiar with Linux and Docker, it’s probably not the right move for you. There’s no way to “walk you through it” without knowing your comfort of Linux and Docker (and iptables is good to know too).
I use the wg-easy docker image and put it on Host networking mode. I wouldn’t use a DNS service. Usually with Comcast or Spectrum, your IP probably doesn’t change in a year or more.
If you have an iPhone, make sure to install the wireguard client with either home-brew or while you’re still outside of China.
Thank you, appreciate the explanation. I unfortunately don’t have any experience with Linux, Docker, or iptables. I’ll probably end up just using this shadowsocks thing I’ve seen around here or Astrill. I do have comcast and I wonder how easy would it be to do the wg-easy docker image setup you mentioned. I’ll try youtubing it on my off day.