How to access blocked sites from work, while traveling in China or anywhere elsewhere

The Great Firewall, China
It’s a common occurrence that we receive guest post requests that are really just some jerkoff wanting to submit a boring article to hawk a boring product. We always reject these. In this case he wanted to hawk some shady virtual private network (VPN) service in exchange for writing me an article about how to access blocked sites or geo-restricted content (i.e. Netflix). I actually already know how to do that, and without paying for his service.

These methods are well known and can easily be found with a simple Google search, but still I wanted to inform those readers who were not yet aware of how easy this is to do in the interests of saving them money and keeping their internet experience open and free of censorship.

There is certainly a time and place for VPNs but to simply bypass a firewall or access geo-restricted web content, you do not need one in most cases.

Tor Browser

The Tor Browser is probably the easiest way to bypass blocked content and it has the added benefit of adding a layer of anonymity to your communications. The anonymity is not perfect though so don’t feel like you can depend on it. Tor will help you bypass many firewalls such as one you might find at your work place unless someone has gone out of their way to block access to the Tor Network.

Unfortunately, Tor may not work out of the box to bypass China’s great firewall because they’ve taken precautions against it. You will likely need to take some extra steps to get it up and running for use in China if you can make it work there at all. Fortunately there are easy methods to bypass China’s firewall so keep reading.

Tor may or may not work to access geo-restricted web content, it’s just going to be the luck of the draw. With geo-restricted content the content provider is geo-locating your IP address to see where you are physically located in order to determine whether or not they want to allow you access. Tor provides you with a new IP address when you use it but where that IP will be located will be essentially random. You may luck out and get one that happens to be in an allowable locale for the content you want to access or you may not. You can try repeatedly establishing a new “Tor circuit” by clicking on the green onion icon (see below) until you get an exit IP address in a locale that is allowed to access the content you want and you may luck out with a minimal number of tries. You should also be aware that some sites may block known Tor IP addresses, so this can also leave you SOL.

Establish a new Tor circuit

Establish a new Tor circuit

Use an SSH Tunnel

This method is only slightly more difficult to setup but will offer you more flexibility in accessing geo-restricted content and it should work on China’s firewall as well. What you’re going to need is some kind of shell account, webhosting account with shell access, a VPS, cloud server or dedicated server that’s running SSH.

If you’re looking to access specific geo-restricted content then you need to make sure that your server is located in a region where the content can normally be accessed. Something like a $5 per month Digital Ocean VPS will probably do the trick, you have a large selection of data centers to choose from and you can also run your website off it to boot! In any event, it doesn’t really matter what you use as long as you have SSH access and the server’s IP address is in a locale that can access the content you need. If you don’t care about accessing geo-restricted content but rather just bypassing firewalls and perhaps extra privacy then it doesn’t matter where the server is located as long as you have a fast and reliable connection to the server.

Setup Instructions For Mac OS X

  1. If you’re not already running Firefox, download it now.
  2. If you are not sure what your IP address is determine it by typing into Google “What is my IP?” or visiting a site like whatismyip.com. Save it to refer back to later.
  3. Establish an SSH tunnel with your server by opening terminal window and executing the following command:

    ssh -D 8080 -C -N username@XXX.XXX.XXX.XXX

    Where username is your username for your shell account and XXX.XXX.XXX.XXX is the IP address of your server. Enter your password when prompted. Leave this window open for as long as you want to use the connection. (Note: You can use any port you like, it doesn’t have to be 8080, just remember it when you configure Firefox in step 6).

  4. Open Firefox’s preferences (CMD + ,), click on “Advanced,” then “Network,” and finally “Settings” next to “Configure how Firefox connects to the Internet.”
  5. Enter the configuration as shown below and click OK (if you have trouble you can try selecting the SOCKS v4 radio button instead).
  6. Configure Firefox as shown

    Configure Firefox as shown

  7. Repeat step 2 and verify that your IP address has changed. If it hasn’t, review your work and try again.

Setup Instructions for Windows

  1. If you’re not already running Firefox, download it now.
  2. Download PuTTY.
  3. If you are not sure what your IP address is determine it by typing into Google “What is my IP?” or visiting a site like whatismyip.com. Save it to refer back to later.
  4. Open PuTTY and create a connection as shown below and save the connection if you like. You should replace “tup” with your username and replace “192.168.0.60” with the IP address of your server. If your server configuration is standard all other settings should be the same.
  5. Configure PuTTY

    Configure PuTTY as shown

  6. On the left side, go to “Connection->SSH->Tunnels”
    In “Source Port” enter “8080” (this can be configured to be whatever you want, just remember it). Choose the “Dynamic” radio button under “Destination.” Click “Add”, you should then see “D8080” in the box below “Forwarded ports:”. If you want to forward other ports for other applications, you can add as many as you like here. See PuTTY’s documentation for further info.
  7. Configure PuTTY for port fowarding

    Configure PuTTY for port fowarding

  8. Go back to “Session” on the left side and then click “Save” to save the changes.
  9. Open Firefox and click the Firefox menu. Hover over “Options,” then select “Options” from the submenu. Open “Advanced” and then click on the “Network” tab. Click the “Settings” button. This will open the “Connection Settings” window.
  10. The Firefox “Connection Settings” should be identical (or at least nearly so) on Windows and Mac OS X.
  11. Configure Firefox as shown

    Configure Firefox as shown

  12. Repeat step 2 and verify that your IP address has changed. If it hasn’t, review your work and try again.

This should also work with Chrome and the setup process is very similar, however I don’t recommend Chrome because I am not a fan of Big Brother or the unholy alliance of Google and NSA.

Another option are plugins that are purportedly easier and faster to setup. I don’t know how well they work but I know the methods described above do work reliably. If you find a plugin that works well, please report back in the comments.

Although beyond the scope of this article you can use this method to forward the traffic of many other applications besides your web browser through the SOCKS Proxy you’ve just created. Any application that can utilize a proxy should be able to use this connection, just refer to the application’s documentation on how to configure it to use a proxy.

If you have any trouble following the instructions above please let me know in the comments.

UPDATE: Need to know how to do this on Linux? Here is a tutorial and it’s geared specifically for accessing Netflix on Linux.




You may also like...

%d bloggers like this: