How to setup a personal proxy server inside the GFW

How the cross the fucking wall? VPN might be the best choose in the old time. But things are always changing. VPN provider banned by China gov one by one, or under attack, they are not that stable and available as before. They make themselves the targets, they are host spots on the internet like stars in the deep sky easy to trail and to make business  they have to let anyone to know the services they providing. Passive-security is never enough in the tough and dirty fight with China gov.

I have been use TOR for a while long time ago, it is never stable as expect and today it is useless at all against China Great Firewall.

I am using FreeGate for years, I have to say it is a loyalty company. Seem that it has strong enough technical background, always survived from GFW, both side upgraded from time to time, and FG is the winner in the end, for now . Another optional tool is Psiphon3, I been using this tools for the recent years, as a backup of FG. It is working well most time, not as stable but faster than FG, and Psiphon has a good free Android client, set the mobile phone free for Internet.

OK, my focus on this document is not the history, but practice of setup a personal proxy server step by step. Why we need a personal server? A personal server is private, low profile, catch less attention. It is not open to the Internet, just a secret gate for home. That will  keep you  head down, which make it much impossible to get notice by GFW. Surely you can share your server with trusted friends, but not always a good idea. And maybe the most importance is that  your  person proxy sever is available all over the China mainland, as I known, there is not way to break through the Wall in some parts of China, like Tibet, Xinjiang, I think they are unconditionally banned, not by GFW rule, and that is reasonable, there is no rule there, I mean normal rule. Also you could set up a personal cloud base on this infrastructure, with more security add-ins.

To set up a server, there are several parts of works:

1, choose the ladder: As I mentioned above, I choose FreeGate and Psiphon 3, one for major, one for back up. FG provide only HTTP proxy, local port is 8580 by default, Psiphon provide both HTTP and SOCK proxy, port could be setup by your self. You can’t setup the tool to run @ Windows startup.

2, A laptop running Windows 10. most Windows is fine, but sooner or latter it will upgrade to win 10 anyway, so why not switch to 10 by yourself. An importance software is proxy server, it will bind all local network interface and provide proxy function on those interface. A good proxy server is key choose. I choose FreeProxy. It is free though a little old, out of maintenance , not working very well on win10, but I really can’t found a better replacement. FreeProxy actually running in services mode, to configure FreeProxy, you need run the console as administrator, or you may not connect to the services. You need to add several proxy entries, enable them and done. For example, for FreeGate configuration:freeproxy congfigure.png

figure : example proxy entry setting

The last part need to modify the computer is to make it auto logon, that will make freegate  or Psiphon running automatically, may has some security problem here but as I said, it is a  private server, should not contain sensitive information or you have to using a really server level Os like Linux.

3.From now on, you can access to ladder anywhere in you local network, just setup any client software ‘s proxy server, pointing to the computer IP  @ port 9090.  But how to make the server accessible all over the mainland? Here are some sub steps:

  1. you need a router, which support NAT configuration. In China mainland, broadband provider give you  a free router, almost can’t be configured by user, they are managed  remotely by ISP. so you need a router, if it could support DDWRT, that would be much better. Anyway, the requirement is: supporting NAT. Setup NAT entry, mapping outer access to 9090 (as example  show) to you computer local IP port  9090, so that if you try to access 9090 port from outside network, the request will be redirect to computer running the services, port 9090, which is listened by FreeProxy entry “freegate” as the picture above shown. When I have to use ISP provided router, for some reason, it don’t support NAT setting, but at least it supports UPNP, I had wrote a small program which will setup Nat using UPNP, that is the best solution I could figure out before I bought Cisco EA2700. If you need, I could provide help, UPNP is not very stable, but it works in most time.
  2. Now you are on the run, but you external IP is a dynamic (each ISP PPP dialing will acquire a new one), will be changed for some reason like reboot the router, how could you know your current external IP when you are not at home? There  is not easy  way, the best solution is to setup DDNS service. That will bind a domain name to your IP, like a real DNS. You can google for dynamic IP provider, here I choose, it announces for free for good and most importantly, it is not banned by China. DTDNS has a web dash to setup domain name/IP mapping, also it provides a spec of how to update IP programmable.
  3. You should be able to cross the WALL from anywhere, if you correctly setup you client ‘s proxy setting. I had make a little program, running on server computer, it will be ran every 30 minutes(through Windows task scheduler), checking current external IP, if the IP has been changed, it would fire a request to, update the domain with new IP, so that if Ican’t visit my personal server, all I have to do is to sit tight and wait for no more than 40 minutes(some extra minutes needed for DNS cache flesh), and  it will back on line. Actually, DDWRT also has such services, but it is buggy for DTDNS, and to modify that will lead to a hard work to recompile the whole DDWRT, so I choose to make the one myself, just running on Windows, not the router.

4. Everything is set now, for the server side. The last part is about how the make the good use of  what we has built. There are two major clients, browser on PC and mobile device. For PC, I use Firefox, with Aut0Pr0xy extension, the extension subscribes GFW banned list automatically apply proxy setting to those site, quite a smart transparency tool. For Android user, I suggest install an app “ProxyDroid”, excellent proxy management tool, you could setup different proxy set, each on has its own rule. The rule includes, when will the proxy activated, on mobile network or WiFi environment or just all time; how to apply proxy setting, global mode or white-list mode: apps you chose will not apply to proxy, others, include Android system, would be proxied. that is very useful for me. For Apple user, kiss my ass.

Here is what I want to say about this topic today. I wrote this document not just for meno, also I think it as a contribution to the great works of “breaking the Wall down”. It is absolutely an degeneration of building such a technical barrier between China and the rest of the world, and the wall is higher everyday. People inside the wall, getting ignorant day by day, I call these people, the walking dead. Today in China major city, flesh air, green mountain or pure blue sky are so precious, people begin to forget what the real world looks like, feel like, after years of haze, they took what they experience as the real world, losing imagination and the hope for beautiful things, they don’t even has voice, they are the silent generation. Only when you open an outward window, smell flesh freedom air, see the beauty and ugly u self, you can’t wake up.

If anything unclear follow the instructions, please let me know, I have been using this ‘solution’ for years so I may missing some critical steps or leave some parts unclarify. Thanks.

This entry was posted in personal, tech and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s