Posted: Fri Dec 07, 2012 17:18 Post subject: Is SSTP VPN support anywhere on the DD-WRT dev roadmap?
First of all, thank you all DD-WRT developers, for making this thing happen. I'm a Chinese user, and due to severe internet censorship in place, a "complete" web experience is hard to come by in my country. To solve that problem, I've turned to DD-WRT. Bought a Buffalo WZR-HP-G300NH2 router, flashed it to DD-WRT, installed OpenVPN on it, and it's been working like a charm so far.
However recently the Chinese internet cops have started a massive attack on OpenVPN connections, effectively intercepting and blocking many of them, including my VPN service. I've got this option to switch to a SSTP service. However, DD-WRT doesn't seem to support it yet.
Wondering if SSTP support is coming any time soon to DD-WRT. Just bought this router a couple of months ago, definitely want to get more value out of it. Plus, I've got too many devices needing VPN at home (2 desktops, 2 laptops, 2 tablets, 2 smartphones, a Xbox 360 and a PS3), all of them might need VPN access from time to time (can never be sure what's blocked by the Chinese Great Firewall). Deploying SSTP on every single of them devices isn't possible...
I believe this would be a common problem, with huge potential demand in China alone. Searched the forum and there doesn't seem to be such requests yet. Could anyone kindly bring SSTP to DD-WRT?
OpenVPN is being intercepted by Chinese ISPs and the national Great Firewall. Won't last for very long. My OpenVPN service provider has been cut for over 36 hours already, with no signs of coming back. Asked around. I'm not the lone case. Various OpenVPN services have been going in and out across the country for some days now. A bit too easy to block...
what will prevent the firwall enineers to block other vpn protocols, too? you should use providers which use the https port 443
Thanks man. Switched port, and it's back working again.
Suspecting it will be just matter of time when the new port will be under GFW attack. Won't hurt with more VPN type support though. Surfing the web in China we've got to cycle through OpenVPN/L2TP/SSTP every once in a while in the near future, I guess...
what will prevent the firwall enineers to block other vpn protocols, too? you should use providers which use the https port 443
Sash, I am sorry, but these curt answers are not helpful. As the poster said, China has declared all-out war against OpenVPN connections. Previously, OpenVPN connections were left alone. Saying "just use openvpn" after he reported that OpenVPN is no longer working in China is not very polite.
Status:
- Pretty much all UDP traffic with known OpenVPN providers, among them very established and expensive ones, is BLOCKED in China.
- The workaround is slower TCP. This usually lasts for 12 - 24 hours, then the port in use is BLOCKED, it does not matter whether it is 443, 80, 8080, or whatever.
- Keeping an OpenVPN connection alive in China has turned into an all day affair, which requires constant monitoring of connection attempts, reading of log files, port changes, editing of configs etc. DD-WRT does not provide enough feedback for this, trust me. I had to dedicate a PC sharing a SSTP connection via (uggh) Windows Connection Sharing to provide a halfway stable tunnel.
- Tech support of major OpenVPN vendors such as StrongVPN, who has been doing this for a living for ages, is pretty much stumped. Trust me, they long stopped saying "just use TCP 443, and everything will be fine." It won't. If you are lucky, it works for a day.
- Oddly enough, SSTP appears to be the only thing that seems to work reliably at the moment. Looking for am SSTP client on DD-WRT brought me back to this forum, and I noticed that I had been a member way back. There are working SSTP implementations for Linux. Will the Chinese block SSTP also? They might. Or they might not. Currently, SSTP appears to be the only protocol that appears to work reliably in China. Currently, the only protocol that appears to work reliably in China is not supported by any of the known open source router images.
Disclaimer: The above can be slightly different depending on the Chinese ISP, but it pretty much describes the big picture.
Also, this is no longer just a block of Facebook, Youtube and Twitter. Large swaths of the Internet have been blocked. STFW is impossible, because Google has been rendered useless. Gmail is hit and miss. International phone lines all over China went dead because VOIP providers are being blocked. And the list goes on.
After Spamfaker recommended them, I obtained two Routerboard boxes, which were readily and cheaply available in China. Once the Ciscoish UI was mastered, the boxes established a solid SSTP tunnel.
The need for SSTP support remains pertinent. Chinese blocking has not eased up. SSTP remains the best choice in China as protocols go.
I strongly encourage developers to support the protocol.
Joined: 06 Jun 2006 Posts: 7492 Location: Dresden, Germany
Posted: Mon Jan 06, 2014 22:41 Post subject:
sstp is not free and there is no good solution yet available. and it has finally no advantage over openvpn. _________________ "So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
sstp is not free and there is no good solution yet available. and it has finally no advantage over openvpn.
I'm afraid openvpn is unusable in China now. TCP on port 443 or any other ports results in connection resets. UDP packets get dropped. SSTP's advantage over openvpn is that it's usable in China, and in other countries where firewalls with DPI have rendered openvpn useless.
Honestly, I expect the filtering and firewalls to become ever more aggressive, as other countries look to emulate China's success. There's only going to be an increasing need for this support.
