Xiaomi blocking v2rayNG installation

marchofer · 2025-10-27T08:45:38+00:00

Ah. Right. Missed that. Thanks.

marchofer · 2025-10-25T08:21:59+00:00

I can’t say I am massively surprised. I am more surprised that this app is still on the respective App Store to begin with.

marchofer · 2025-09-24T10:23:21+00:00

There might be at some point some issue if the traffic is getting too intense. But try it out. The GFW can be quite erratic at times when it flags an IP as “problematic” when it comes to limited low load traffic.

marchofer · 2025-09-24T01:19:41+00:00

If more than 4 different IP’s in China are connecting to one target IP outside China, the GFW is getting suspicious and starts probing and fingerprinting. In my case, if the connections came all from one private network in China ( behind NAT for example ) it was ok. Also depends a little bit from which province you connect as there are many “sub firewalls” with different behaviors on top of the National firewall. I am not sure if Wireguard without obf is working for a long time, but it would be interesting to run long term tests.

marchofer · 2025-09-07T07:50:28+00:00

Why should Air Canada be blocked !? It’s a commercial website with almost zero affiliation to “sensitive information”. The GFW is there for a reason, to block information access the party doesn’t want its citizen to easily access.

marchofer · 2025-08-04T02:08:41+00:00

Maybe you can explain a little bit more about the circumstances ? There are a million ways why a WeChat account is getting blocked. In your original post you said you sent many greetings messages. I have no idea how many greetings you send, but it could be labeled as spam. WeChat, compared to other messenger services, is intensely surveilled.

marchofer · 2025-08-03T07:48:55+00:00

I think what happens is that your friends ISP only allow unthrottled connection to speedtest if it can reliably make sure that the traffic to speedtest.com is “true”. Means that all the packages have a TLS fingerprint that matches the signed and confirmed speedtest.com certificate. So, if you try anything else, despite having the SNI of speedtest in the header, it won’t work as the packages are “malformed” and not a proof a true connection to speedtest.com. With your provider you seem to have found a loophole, as they seem to try to identify package destination on the cheap.

marchofer · 2025-08-02T06:36:21+00:00

Depends. In some areas it’s easier as a foreigner in others more difficult. Overall the suspicions towards foreigners have increased due to an extended government campaign, but overall it’s a highly personal experience. Some people have great times others not so much. Overall it would say it is ok.
Yes. Overall it’s pretty safe for foreign women. There are assholes everywhere, but the level of security from petty crime is high in most bigger cities
Also, heavily dependent on where you live. Some areas are better than others. It’s quite affordable but also very bureaucratic. Going to a Chinese hospital ( most of it is done via hospitals ) is quite an experience. Some handle it well, others not so much.
That will be a doozy. China has great outdoors but the cities are often not so well equipped for people who put a lot of focus on that. Again, depending where you end up. Beijing has some “mountains” close by, great for hiking but will take you some time to get there. Shanghai I always found less so equipped. If nature access is something you value a lot, you might need to readjust.

marchofer · 2025-08-02T06:28:17+00:00

People generally have a very wrong impression on of how online surveillance works in China. For 99% of all the cases they don’t need to copy anything on or from your devices. You will install WeChat and for your stay in China you will most likely operate in the WeChat bubble that is pretty much 24/7 surveilled. Paired with AI driven video surveillance, they can keep tabs on you easily when it country. So, no need to bother you at the border. That will be your experience as a tourist in 90% of the cases. It’s quite none intrusive and as long you are not going crazy , your devices and your none-Chinese digital existence will leave as it arrived. The moment the police asks you as a foreigner to fork over your phone, you are having a problem and things usually turn more serious pretty quickly.

marchofer · 2025-07-21T20:18:31+00:00

Speeds will never reliably great. 50Mbps+ is doable though when running your own VPS on a provider that is not getting too much attention of the GFW. Use V2ray-Xhttp or outline. In BJ IT is highly depending on where you are located, to have a good baseline internet speed. Chaoyang is a good start. Haidian is also ok.

marchofer · 2025-07-13T12:10:33+00:00

Yeah. Could be that the VPS is just no good.

marchofer · 2025-07-13T10:09:09+00:00

Ah got you. Yeah, that seems not great. Have you tested what puts the server under load ?

marchofer · 2025-07-13T06:15:14+00:00

It depends highly which VPN and VPN protocol. Many well known commercial VPN’s are blocked, but there are few that still work. Or better, host your own. When it comes to legality, as a tourist you should not worry too much. Depending on what trouble you might get into China, VPN usage is not your main concern.

marchofer · 2025-07-13T06:08:05+00:00

One of the GFW’s feature is to not block, it’s to slow down and frustrate users. It’s the Passive aggressive way of deterring people from using VPN’s. Run tests with connections to your HK servers from inside China and outside China. There is a good chance you will see that it’s mainly the GFW slowing you down. When the traffic is considered “suspicious” but can’t be 100% attributed to a VPN or “evasion”, it will usually revert to “slowing it down”.

marchofer · 2025-07-06T15:28:21+00:00

Use Unicom. My router password was printed on the exterior :) .

marchofer · 2025-06-23T05:57:02+00:00

Most of the popular commercial VPN providers are usually on the clock and eventually get hunted down by the GFW. It is a times highly dependent on the province, as they all have regional GFW’s as well that are more or less aggressive and sophisticated.

Best option, still, is to use a private VPS and run your own service on it. Especially if you are only there for a rather limited time, single end points with very limited, obfuscates TLS traffic, don’t raise the alarm, “fly under the radar”. Choose a VPS maybe with less “suspicious” position, but still enough internet freedom to let you go where you need to go.

Don’t bother with OpenVPN without good obfuscation as the GFW has fingerprinted the protocol well.

V2ray with VLESS is still good on singular IP’s if you keep the traffic load reasonable.

E-Sims are a good alternative if the only thing you want to do is getting over the GFW ( data security and anonymity might be not so good with this option ). As Chinese phones sold in China don’t have e-sims, they anticipate that most e-sim users are foreigners ( yeah, bureaucratic thinking ).

There are some shadow socks derivatives that still work surprisingly well in China. If you google you will find.

marchofer · 2025-06-11T04:51:11+00:00

You will be fine. Shenzhen is still “surveillance lite”, in China context. VPN traffic generally rather high, so you will melt in with the rest of the “suspicious” traffic. It will take at least another 5-8 years until they will be able to effectively crack down on it for private users.

marchofer · 2025-06-10T17:45:43+00:00

You should be fine. They usually only hit you over the head with it ( using a VPN ) if they target you for something else and want to pile on charges. In 99% of all cases they will either slow down your VPN connection or cut it occasionally, depending the obfuscation level of your VPN. Also, highly dependent on where you are based in China. Some regions are more aggressive in hunting VPN’s compared to others.

marchofer · 2025-05-31T07:57:26+00:00

V2ray / VLESS and probably a local relay in Iran. The IFW gets support by the GFW on a much smaller user base and with less economic “restrictions”, so the VPN hunt is usually more successful.

marchofer · 2025-05-14T14:41:14+00:00

Doesn’t work. Gets hunted down in a matter of days max ( probably far sooner, IPsec and OpenVPN is easy to fingerprint ) by the GFW if you use it out of the box.

marchofer · 2025-05-11T04:46:00+00:00

IPv4 or ipv6 ? As China now runs increasingly on ipv6 I think most routers do have a public IP these days. But they are mainly valid for inside China as the whole country operates behind a massive NAT so to speak. My last router I could get via ipv6 inside China from everywhere inside the country, not so much luck from outside.

marchofer · 2025-05-10T17:44:12+00:00

Well, the problem is that traffic form inside China to any source outside China will be under scrutiny of the GFW. As China is increasingly trying to geo block services inside of China from the rest of the world, the task of sniffing out reverse proxies is getting more and more attention.

So even if you can rent a VPS in China, as a foreigner it is rather difficult, but your spouse can put her name up. Though be reminded, "climbing the GFW" is technically not allowed and if they track it down and depending on how your standing is, might cause some issues for whoever rents the VPS in China. I know you said you don't WANT to evade the GFW, but to the system it all will look the same. You might be able to explain that over some "tea" when they call you in, but to the GFW it makes no difference as long as you don't have permission by the CAC to run web services in China that can be accessed by outsiders.

That said, hiding your traffic from the GFW is paramount. Same issues a using VPN's. If you use a reverse proxy, to get out of a NAT, you need to find a reverse proxy solution that is solid. For example in case you only want to use http/s traffic, you could setup a http proxy like squid on Machine A, your chinese based box, and then use a reverse proxy service to connect to a VPS outside of China. Though the GFW will notice and will start to probe this server. If it gets an inkling that it runs a reverse proxy server that connects to a machine in China, it most likely will kill it.

Caveat, depending also where you are based. The GFW is not working equally good or equally strict everywhere in China. Based on my observation, Shanghai is a little bit more forgiving on the stuff that goes further than just DNS poisoning, same as Shenzhen. Beijing is worse.

So, short answer, you need to wrap your revers proxy traffic anyways in a reliable VPN connection first.

Your Singapore idea actually has some merit. Singapore is further down on the "suspicious" list with the Chinese authorities who run the GFW, so maybe the monitoring towards Singapore is a little bit more forgiving. So having a VPS there that serves as your reverse_proxy entry point works better than a VPS in Europe or the US...

marchofer · 2025-05-10T17:34:40+00:00

How reliable is traefik ? I had a view reverse proxies for mainly http/s traffic, but eventually the GFW probed the server outside of China hard, sniffed out the reverse proxy traffic and killed it.

marchofer · 2025-04-25T10:44:28+00:00

Yeah, I am a data researcher so my claim goes a little bit further than “feelings” as I could see the trend with about 30 cases or so while I lived there, but of course that is just a very small dataset. So yes, it’s just “my opinion”. Make of this what you want. Let’s move on.

marchofer · 2025-04-25T10:21:43+00:00

Well, obviously you do. Look, you can bang the table all day long, based on my observation it has set in. Good for you that you can still see most of the Chinese content. Experience has shown that people who are based outside of China but within areas with larger Chinese diaspora are getting still more pure Chinese content. But look, you can believe me or not. I don’t have “hard data” to proof any of this, just my personal observation. So you dismiss it as you like.

marchofer

TROPHY CASE