thien k phan

Problems of resources connection from China Mainland


The problems

China blocks outside VPNs for various reasons, including maintaining control over internet access and censorship of certain online content. By blocking outside VPNs, the Chinese government can regulate what information is accessible to its citizens and prevent circumvention of its internet restrictions. Your developers reside in Mainland China may have a hard time connect to your private AWS resources.

Using a VPN with TCP or UDP protocol (commercial or self-hosted)

Using any VPN on the market claimed to bypass China’s the Great Firewall
Self-hosted solution can be OpenVPN Server. Here is my guide how to configure it on AWS EC2 (short and concised)

Shadowsocks proxy:

Shadowsocks is a free and open-source encryption protocol project, widely used in China to circumvent Internet censorship. It was created in 2012 by a Chinese programmer named "clowwindy", and multiple implementations of the protocol have been made available since. Shadowsocks is not a proxy on its own, but (typically) is the client software to help connect to a third-party SOCKS5 proxy, which is similar to a Secure Shell (SSH) tunnel.

Leased line:

notion image
Establish a leased line connect directly China Telco. Your data can reside on AWS data center based in Beijing or Ningxia.
This solution enables customers to connect two VPCs between AWS commercial and China regions using a partner-offered hosted connection. China Telecom and China Unicom, both AWS Direct Connect partners, offer this regulation-compliant solution through AWS Marketplace:
It’s like VPC peering, but the other VPC you managed is in AWS China data center.
notion image
But with its high price which only suitable for medium-size to large size enterprises because its high price. Here is some of the price breakdown if you are AWS Direct Connect for China connection:
notion image