Like 90% of the information on the Interwebz, this document is obsolete. China is currently cut off from (most of?) the UltraVPN servers. I might say more if/when I know more. Meantime, the easiest ways out are SSH tunnel SOCKS proxies and PHProxy.

I live in China. I want to use FaceBook etc. These aspects are mutually exclusive at the moment. On the surface. Like so many things technical it has turned out to be quite easy. But like so many things technical it involves a lot of moving parts, some of which you may not be familiar with so here's the skinny.

The Five Minute Fix

Don't care how it works? Just want out now? This one's for you.

Go to UltraVPN. Get their software. Install it. Running Linux? Install it under Wine. Fix your DNS:
Windows: Start->Settings->Control Panel->Networking->Properties->TCPIP->DNS, add servers and Start 'er up...
Linux: Add the above servers to your /etc/resolv.conf. Modify the config UltraVPN gave you to reference the actual location of the cert it installed. Start your openvpn client referencing the config. Don't know how to do all of that? Sorry, might not get it done in Five Minutes. But this hasn't taken that long, has it? Unless your download was slow. In any case read on and we might still make it...

The Gorey Details

OK, nothing's going right. Why? I dunno. Buy me a ticket and I'll come look at it. But this info might help until I can get there.

Everything you need is on UltraVPN's site. Unless you're a linux user in which case you might need 'apt-get install openvpn' or whatever incantation is appropriate to your distribution. I installed from source because 1) I'm a nut .a) I'm paranoid and want to see what things are doing .b) I'm studying security programming in general and VPNs in particular. You don't have to put yourself through it if a package is available. But the cert, an almost good config and adequate documentation are at UltraVPN. They do seem to expect some understanding of routing and DNS. Various factors in my life are kicking my butt into documenting that stuff but I want you to have what you need now. So you need to understand:
You are VPN tunneling to France
You cannot trust Chinese DNS
It may be more efficient to route some things through your ISP.
Hope that isn't complete gibberish. OTOH even if it is I'm walking you through it. OTOOH if you do understand you can figure out the rest of what I'm going to say in less time than it's going to take me to type it.

I don't have windows. If I'm here another month I may buy another netbook that does. Maybe I'll revise this. But I doubt it. Users at UltraVPN are having success just by fixing the DNS. Heck, stick something on the bulletin board here if it doesn't work for you. I certainly do understand windows. Should work.

Mac users, sorry, I'm not leaving you out. I'm kind of a UNIX head. Anymore I count you as Linux users. Sorry, I know your GUI's infinitely superior. And some of you can't even spell UNIX. But if you have fink and port you have it all. Sorry again, that sure belongs in another article...

Linux users, the command line is your friend. I've read that network-manager can handle openvpn, maybe even UltraVPN, I don't care. I'm staying away from fat. I can't control myself (if you can't tell from this article) and occasionally wind up with 20 apps running in my 1gig of RAM. So I don't need a fancy window manager, I don't need comfy tools. End sermon. Except insofar as if you have problems network-manager (or whatever tool's helping) may or may not tell you what's wrong. Enough, I should go work on something where my coffee induced circumlocution is appropriate, let me just wind up with a synopsis of what worked for me.

I've spent a lot of time looking into nailing up my own VPN. I don't have root on any boxes outside China. Long story in and of itself there, let's leave it as I accept my karma for all the developers I never gave root to. So I gave up, no root no write access to /dev, if I rectify it maybe I'll publish my server's location and cert.

So I looked for public access openvpn servers. I can't say UltraVPN is the best but they're the first one that worked for me and so probably the only one that will because if it ain't broke don't break it unless someone wants to pay me for researching.

I read this article and this article. I adjusted my config to use IP addresses. I fixed my DNS. I strongly suspect that if I'd done that the other way around the IPs would have been unnecessary. I'm using the tunnel now. I'm still playing with my routing because it is a little slow and there are actually some places I can't seem to get to from France. I'll come back and revise this about the IPs vs. DNS and give some more details on routing if the tunnel ever crashes so I have to restart it. Or at my next reboot.


UltraVPN is working at this time. I'm joining so I can mention my thoughts on DNS and ask about their routing. But even more generally, openvpn is the solution. Until China goes stateful inspection (read Firewalls in Theory and Practice). Then we can all try to discern whether ultrasurf is malware or not. Meantime, hope this gets you watching youtube again...