1

I'm in China and using an ssh tunnel to connect via a proxy to servers. It works well for most sites that otherwise would be blocked (e.g. Google, Gmail, some news sites).

However, Facebook, Google+ and Twitter often are not accessible (connection interrupted) even when everything else works through the tunnel. What can be the reason for this?

As I'm absolutely certain the pages are not blocked where my proxy is located, the most likely options I can imagine are that either Facebook and Google+ block access via proxy, or China can still detect what pages/servers are being accessed through the tunnel. Both possibilities still seem rather impossible to me, the first one because I don't think Facebook or Google detect whether I connect via proxy and the second one because I assume all traffic to the proxy would be encrypted and websites not recognizable by any censoring authority, am I wrong?

I'm happy to provide details about my setup if required, but actually I think independent of the ssh configuration, this behavior is strange. I appreciate any hints.

Improve this question

2 Answers 2

Reset to default
2

If your DNS requests are not tunnelled, too, China might have a chance to interfere here.

Improve this answer
1
  • Thanks for your answer, that was actually my first thought too, but if I'm not mistaken, the DNS lookups are done on the proxy side if I set "Do DNS name lookup at proxy end" to yes (I'm using Putty).
    – schluchc
    Commented Oct 23, 2014 at 0:24
2

Thanks to some thoughts of a friend, I found the problem in my case, so for others having similar problems and already doubting ssh tunnels, I will report it here and strengthen faith in ssh tunnels again:

DNS-caching is the issue.

China responds with wrong IPs if requests for sites like facebook are queried on a server that is controlled by China. If facebook is accessed without any tunnel, the DNS lookup is done via China and the wrong IP is stored in the DNS cache. This cache is still used when accessing facebook via tunnel afterwards, so even though the connection is safe, the destination is wrong.

The solution is to not use DNS servers that are controlled by China and if done so, flush the DNS cache. On Windows this can be done by opening command prompt as administrator and run ipconfig /flushdns

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .