Re: [O] [OFF TOPIC] almost giving up on emacs email..looking for advice?

[Eric Abrahamsen]

Rasmus <address@hidden> writes:

> Hi,
>
> Eric Abrahamsen <address@hidden> writes:
>
>> Rasmus <address@hidden> writes:
>>
>>> Eric Abrahamsen <address@hidden> writes:
>>>
>>>> It's not trivial when you live in China :)
>>>>
>>>> I can make it work, between alternate IP addresses and ssh tunnels, but
>>>> it involves a lot of cursing and grinding my teeth. In a hostile network
>>>> environment any client will face the same problems, but the lack of
>>>> threading becomes pretty apparent here.
>>>
>>> I don't know what the great firewall is like, but for "hostile networks"
>>> around here (universities blocking git, airports blocking smtp/imap etc),
>>> I use openvpn.  Are commercial openvpn provides blocked in China?
>>
>> Both commercial providers, and non-commercial providers! I set up my own
>> OpenVPN server on a US server, and that worked for a couple of years.
>> Then they caught it, and I switched to a non-standard port. That worked
>> for another four months or so, and now it doesn't work on any port. I'm
>> sure OpenVPN traffic is pretty easily sniffable.
>
> But what if you use TCP 443?  That should be hard to detect, though speed
> might not be great...  I guess https is OK in China.
>
> First link from startpage.com:
>
>       
> https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/

Oh, interesting! Let me fire up my ssh tunnel so I can open the link...

Okay, that's really useful, I'll try some of these solutions, thank you.
I'll admit I'm often too impatient to sit down and do the research.

startpage.com is nice, but it looks like they've already found that. I'm
using search.disconnect.me, which is great, and so far open.

>> My next project is ipsec (another broken-leg project). But I figure, if
>> I can google up these solutions, so can they, and the packet signatures
>> of all these different systems must be quite identifiable.
>
> Isn't ipsec as less popular version of Tor?  BTW: I tried Tor again in the
> weekend since a relative was asking about it.  Speed seems to have gotten
> a lot better (I'm in EU).

I don't think it's like Tor, as in I don't think it's P2P. I tried Tor a
couple of years ago and it was unusably slow -- maybe it's time again.

>> Using vanilla ssh seems fairly reliable: for the time being, I don't
>> think they'd go so far as to block ssh across the board. That would
>> really be declaring war on the internet. So sshuttle, tunnels, and the
>> built-in ssh SOCKS proxy are serving me well. Using dnscrypt-proxy
>> actually solves many of the problems -- in years past, it would have
>> solved everything, but they've started hell-banning IP ranges, and of
>> course that includes gmail. My own dumb fault for using gmail, I guess.
>
> The problem for me with socks is that it doesn't allow arbitrary port
> connections (I mostly deal with bad network configs, e.g. closed XMPP or
> git ports).

I only use socks for sending email, so it works fine. I've ended up with
multiple concurrent solutions, which doesn't bother me too much. But if
I could get openvpn back online, I'd like to just use that. If I could
set up some sort of selective tunneling, based on a whitelist of hosts,
that would be nice...

>> How off-topic can we get? :)
>
> It's interesting.  And +30°C.  It's fineeee!  Thanks for sharing!

Fun stuff! I'll report back with any surprising news.