I set up a lightsail aws server (tokyo), but I don’t know if it works in china. I did an ip address test and everything seems to work. Any tweaks I should make to ensure that china doesn’t block my server?
If you search this subreddit a bit you will find mixed opinions. The most common is: it works for a while (around a day) and then it doesn’t work anymore.
It works for me and my staff in China under these settings:
- Do not use a “western” cloud service provider unless you want to keep getting blocked. Use Aliyun (Alibaba Cloud) in Hong Kong (or elsewhere). Limit the number of users and try to choose lower port numbers. Maximum of 5 users, ideally from the same source IP address (like an office building). Digital Ocean is the worst (probably because Outline makes it super easy to setup a $5 droplet), Google Cloud is second worst. AWS and Azure are better if you want to go with them.
- Use a residential IP address (I have one setup in Chicago and I pay half the guy’s internet bill and as a bonus he gave me a user login to Xfinity.com so we can watch local Chicago TV). It’s a simple older Linux HP machine bare bones running Ubuntu. When it gets blocked, I can force reset the IP address with Comcast by spoofing the MAC address and rebooting the modem - this does not work with all providers but it works with Comcast in Chicago. DDNS updates the IP address to the Dynamic IP address.
A couple of notes….
If you use a Cloud services provider, put some web site up on the server that looks pro-China friendly. Copy a random factory website and host that in Chinese. The censors like to see what else is on the server. We use the server as a staging server for development purposes so it loads our website.
Depending on where you are in China (2nd 3rd tier city) they tend to watch more closely than in a 1st tier (SZ, GZ, BJ, SH). Back in my wife’s hometown (village) it seemed to be blocked weekly on the Aliyun cloud server. Recycling the IP address fixed that - adding that web server and other use to that machine also fixed that.
We primarily live in Shenzhen, and the Aliyun cloud to HK Aliyun server is super fast. It does 90% of what I need to do and 99% of what our staff need to do… Sure, we pay for bandwidth and the pipe size, but there are literally no questions asked since it’s Alibaba Cloud. Once or twice a year I change the IP address. All my clients have a DNS alias as their Outline key so it’s seamless to them when the IP changes I update the DNS record.
We only use the residential Chicago IP outline server so my son can watch normal television and not CCP propaganda, and I need a geo-restriction workaround - like filing a tax return, accessing a government website, or watching something content restricted. Many websites complete block foreign sites or sites that are known cloud service providers since they typically are VPN or have no other purpose. TikTok is banned in HK (obviously for CCP reasons) and my wife might need to post something on the US TikTok channel for our company. Sometimes I need to torrent a movie with closed captions since I am deaf and need Closed Captions in English. I frown upon piracy but when I pay for a movie in China and they do not have English captions, I do not feel bad torrenting the film or TV show just to get the Closed Captions.
We are also setting up an Outline server at our office in Shenzhen so my wife can get Chinese content in America. China also has geo-restricted content and that’s annoying for her when she needs to work when we are in America. We’ll see how that works this fall when she comes back. My fallback will be an SSH proxy server in a browser, or worst case, teamviewer still works well when setup remotely.
Sometimes. All protocol aren’t guaranteed, SS, which is the protocol Outline using, even though it is designed for avoid the detection like GFW, but again, not 100% guantee, so you always need the backup methods.
We’ve had several users report that it does work. By default we issue all access keys with a prefix, when we didn’t our Outline servers ended up getting blocked in China.
It has worked well for me. I’ve spent about 1 month in China in the last half a year.
Update: it works for me
Worked for windows laptop and Android phone, but not for iPhone…I’m not sure why
Used the prefix and it haven’t been blocked yet
The latest update added “prefix” function that suppose to improve Outline to evade GFW blockage. There is little feedback on how effective the “prefix” function helps tunneling through GFW.
my most recent server is working fine, has lasted quite a while
that seemed to be the case, however ive had mine for a while now and its still fine. maybe server location specific
Is there any better solution for China?
Will a vps in hk suffice? Seems hard to navigate the aliyun setup and not cheapee than a $5 vps… Lol. I’m only in China for a few weeks.
so something like: ?
ss://@:/?outline=1&prefix=%16%03%01%00%C2%A8%01%01
There are some reports of other kinds of proxies like hysteria working better but I couldn’t know for sure as I don’t live in China.
Correct, and in combination with port 443 seems to be the best option.
For the folks that don’t know how to change the port to 443, there’re detailed instructions here: https://www.reddit.com/r/outlinevpn/comments/aajmif/comment/is4j4bf/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
To summarize, if you know your ways around Linux systems but just don’t know how to do this particular thing,
-
Log in to the VM (on AWS or Google Cloud or whatever) that you created.
-
sudo to root.
-
Edit the file /opt/outline/persisted-state/shadowbox_config.json to replace the randomly assigned port with 443.
-
Run “docker restart shadowbox”
Then on the client side you can change the key string to replace the original port with 443 and add at the end the “&prefx=%16%03%01%00%C2%A8%01%01” as mentioned here https://www.reddit.com/r/outlinevpn/wiki/index/prefixing/
Took me an hour of trial and failures to figure all this out. Hope this helps the folks that are still wondering