this post was submitted on 21 Jul 2025
61 points (96.9% liked)

Selfhosted

49703 readers
302 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

From North America, and I’m going on vacation in china for a few weeks. I wonder if anyone knows if I’ll be able to access any of my self-hosted services over zerotier while I’m abroad?

Edit: To be specific, I’m hoping to ssh into my machine over zerotier in case I need to fix something and back up some photos to my home NAS via rsync or something

top 50 comments
sorted by: hot top controversial new old
[–] zero@feddit.xyz 1 points 6 hours ago

Mobile roaming worked but not while connected to hotel Wi-Fi. I also got a VPN before I went to China, routed through Japan. It was slow as shit.

[–] socsa@piefed.social 10 points 14 hours ago* (last edited 14 hours ago) (1 children)

At first, it will probably work. But you will likely lose access after a few days and your servers will be scanned for exploits, so make sure your shit it up to date.

Source: hosted an XMPP server which was summarily banned after 2 days of access from China and then probed/attacked repeatedly until I took it offline.

[–] GreenKnight23@lemmy.world 1 points 1 hour ago

almost like going to China is a mistake...

[–] Ptsf@lemmy.world 8 points 15 hours ago

Bringing non-disposable technology to China is a mistake in most circumstances.

[–] Treczoks@lemmy.world 1 points 13 hours ago

I would not try to access a server from China. Can't you let someone else take care of the machine in the meantime? It's always a good idea to have some backup admin just in case.

[–] possiblylinux127@lemmy.zip 48 points 1 day ago (1 children)

I wouldn't access anything nor would I take any tech with you.

Don't risk it

[–] Flax_vert@feddit.uk 4 points 16 hours ago (4 children)

What are the risks, if you aren't intending on doing anything illegal?

[–] YiddishMcSquidish@lemmy.today 13 points 16 hours ago* (last edited 16 hours ago) (1 children)

They can load in spyware that follows you outside the country. Also the whole "if you aren't intending to do anything illegal" bit really reads like all the piece of shit bootlicking conservatives after George Floyd.

[–] Flax_vert@feddit.uk -2 points 15 hours ago* (last edited 15 hours ago) (1 children)

They can't do that unless they take your devices, gain admin access and install stuff onto it. You don't just get spyware installed your phone simply by entering a country.

Also the whole "if you aren't intending to do anything illegal" bit really reads like all the piece of shit bootlicking conservatives after George Floyd.

Except that is a whole different context. The argument doesn't work if you're a citizen of a country and granting your government more and more powers. It would apply maybe if you were a Chinese citizen. OP isn't talking about moving to China or installing a similar government in their home country. They are going on holiday. You can behave yourself and cooperate with their requirements for a few weeks. If you are really against a country having powers to check your phone and devices and such as a matter of principle, not because you've got anything to hide, then don't go.

George Floyd was an American citizen murdered in his own country by the powers that were supposed to protect him. Big difference.

Although I did take precautions myself, such as deleting my memes/downloads folder just in case I saved anything that could be offensive. But it didn't matter because they didn't check my phone anyway for simply being there.

China itself cares the most about public disorder and foreign influence. As long as you aren't intending on causing foreign interference in how they do things and are just going for purposes of tourism/adventure/meeting people, then you'll be absolutely fine. They don't really care enough about you to give you special treatment unless you are seen as a threat like that.

[–] BCsven@lemmy.ca 2 points 11 hours ago (1 children)

People have said that is exactly what happens. Some had full phone scan, other requirement is installing a china app and keeping it on your phone for your stay

[–] Flax_vert@feddit.uk 1 points 10 hours ago (2 children)

I have never heard of that happening. surely that'll take ages if they had to stick an app on every foreigner's phone

[–] zero@feddit.xyz 1 points 6 hours ago

Foreigners will most likely have Alipay at least if you want to pay for stuff and use ride share.

[–] YiddishMcSquidish@lemmy.today 1 points 7 hours ago

You have no idea how small these snooping apps can be. Like less than a megabyte and all your traffic goes through a server controlled by the pla and logs everything in and out of your phone whether your on mobile or Wi-Fi.

[–] Vanilla_PuddinFudge@infosec.pub 2 points 15 hours ago

*What aren't

[–] possiblylinux127@lemmy.zip 1 points 14 hours ago* (last edited 14 hours ago) (1 children)

China isn't exactly know for rule of law. They could simply decide you are a criminal. When traveling international it is better to play it safe.

If you really need a service I would either bring a disk drive with you or setup limited remote access for yourself that has minimal access. Remember they can force you to hand over things like passwords.

[–] Flax_vert@feddit.uk 2 points 14 hours ago (2 children)

Doesn't the USA do the exact same thing?

[–] Revan343@lemmy.ca 9 points 13 hours ago (1 children)

I wouldn't recommend travelling to the USA either

[–] Flax_vert@feddit.uk 7 points 12 hours ago (1 children)

I unironically think the USA's security might be worse than China. Everyone in China was quite friendly and patient.

[–] Revan343@lemmy.ca 3 points 12 hours ago (1 children)
[–] Flax_vert@feddit.uk 2 points 10 hours ago

Yep. Pretty efficient most of the time

[–] possiblylinux127@lemmy.zip 0 points 12 hours ago (1 children)

It isn't exactly the same thing but border security can do just about anything.

[–] Flax_vert@feddit.uk 1 points 12 hours ago

They can, but they probably won't in all likelihood. You could get in a car accident on the way to the airport. Your aeroplane could also crash.

[–] BCsven@lemmy.ca -2 points 11 hours ago (1 children)

You have to install an app on your phone and keep it their during your visit. Some people said they had a full phone scan done on entry. Don't bring your regular phone bring a burner and don't login to any of your accounts

[–] Flax_vert@feddit.uk 2 points 10 hours ago

You don't. I went to China a few weeks ago and my phone was never of any suspicion or brought into question.

[–] philpo@feddit.org 29 points 1 day ago

It depends. Very much. And this is the main problem: There isn't "one" solution, you will need a few.

The thing with the PRC is: Their great firewall isn't "one big uniform block". It's fairly "variable".

For example: In Beijing,even 10 years ago, I could access google maps and Facebook without any issues(back then highly blocked) as long as my mobile phone was roaming. The second I was on wifi of course it was blocked. But even the cheapo VPN my colleague had did work out fine. Until the day the police started to prepare for the party convention - then suddenly my colleague couldn't get out, neither could I with our company wifi and even my carefully crafted wire guard over HTTPs didn't work - unless I was in the wifi of the hotel or our host company. There it did. Party congress over? Back to normal operations.

If you travel through the country you will find that in one place solution A works, in another solution B. Generally the more rural (or closer to Tibet/Xinjiang/Myanmar) you get, the more restrictive it seems to be.

Personally I would simply get there different commercial VPNs to make sure you have a choice to get out at all - there are various ones with a good PRC reputation. Most providers have trials as well. And then double tunnel through that if you can't directly reach your usual VPN at home

[–] CCMan1701A@startrek.website 19 points 1 day ago (1 children)

tailscale worked some times, but seemed to depend on the location of the moon relative to the air speed of a nearby sparrow and it was really slow.

[–] MysteriousSophon21@lemmy.world 1 points 7 hours ago

Zerotier is similiar - works sometimes but China's firewall is constantly changing which ports/protocols it blocks, so setup a wireguard server on port 443 as backup (looks like normal https traffic) and test both before you go.

[–] alcasa@lemmy.sdf.org 15 points 1 day ago (1 children)

Look into shadowsocks, or just normal vpn.

Pandafan was quite reliable for me. You might also be able to diy with hk, sg or sk vps instances, but it was a lot of work and a misconfiguration will cut you off.

[–] iopq@lemmy.world 9 points 1 day ago (3 children)

Normal VPN doesn't work because they don't mask themselves. Even Tor bridges don't work because they are blocked.

Shadowsocks is like 2018 advice, go directly to xray and forget about legacy software

[–] alcasa@lemmy.sdf.org 5 points 1 day ago

Yes, xray is better. Forgot about that. I think there had been a couple newer ones.

The thing with gfw circumvention is that even older approaches work surprisingly often, as detection methods change and often detection depends on the amount of suspicious traffic. I had most success with a more conventional setup on a vps, but that was more for testing out stuff. Found commericial providers to be more reliable.

VPNs work surprisingly often from what others tell me. They only block these occasionally. I think astrill and express often work. Just know that the ones that work, probably have chinese govt access.

Yes, tor never works.

load more comments (2 replies)
[–] TehNomad@piefed.social 6 points 1 day ago

As another user posted, how strict the firewall is depends on where you are (and if there are any special events). I heard that Wireguard doesn't work because of deep packet inspeciton, but I was able to use Tailscale to my home network without problems when I was there last year. I also set up a xray vless-reality proxy on a VPS and Outline servers on Google cloud and those worked too.

But the easiest method is to buy an HK eSIM for roaming (I used 3HK). I bought a month of LetsVPN but they booted me from the service for some random reason, so I changed to Mullvad which also worked too.

[–] Flax_vert@feddit.uk 3 points 1 day ago* (last edited 1 day ago)

If you will be using roaming for mobile data in China, you won't face any blocking.

Accessing over cloudflare tunnels or just a normal exposed server works.

VPNs work most of the time. But you can be cut off after like 30 minutes to an hour. I'd recommend only turning it on when you need it.

I've been to China very recently.

You will most likely face speed issues, although this may be due to the physical infrastructure itself connecting China to the outside internet isn't really that stellar. As everything Chinese citizens typically use is hosted in China.

[–] BaroqueInMind@piefed.social 2 points 1 day ago* (last edited 1 day ago) (2 children)

People posting here don't realize that CN gov IDs and allows certain traffic to get rerouted through a certain VLAN so they can do DPI and record every packet through a beefy expensive tap device to analyze the telemetry later, and potentially build a case against you. If they so choose. And they likely have the capability to trivially decrypt TLS.

Don't bring in any tech, don't access your personal net back home, don't expect any level of actual privacy or good intentions. Just do your business and keep your digital digital persona minimal while there.

[–] Flax_vert@feddit.uk -2 points 16 hours ago* (last edited 16 hours ago) (2 children)

Case against you for doing what exactly? Just don't break the law. It's not hard. They're hardly going to care much about an average American going on holiday unless he intends on causing problems, a disruption, or potentially has useful information

[–] BaroqueInMind@piefed.social 5 points 15 hours ago* (last edited 12 hours ago) (1 children)

Extremely privileged of you to think that one can simply live a routine life thinking they are safe, while immigrants in the US aren't breaking the law and still getting rounded up into concentration camps.

China doesn't have laws enshrined in its constitution to protect immigrants like the US does (yet the Executive Branch barely give a fuck about the law), so they (China) can do whatever they fuck they want. Not defending anyone, just illuminating it since I am ignorant af

[–] Flax_vert@feddit.uk 1 points 14 hours ago* (last edited 13 hours ago)

I actually see China and the USA as the same level now. Difference is that the USA doesn't have cool railway infrastructure and whatever the heck is going on in Chongqing.

I don't really think China is going to want to cause an international incident, especially during a tourist drive. Although it can be risky if they want to take hostages.

[–] SheeEttin@lemmy.zip 3 points 15 hours ago (1 children)

Or would be a useful hostage to trade for a Chinese person held in OP's country.

https://en.wikipedia.org/wiki/Detention_of_Michael_Spavor_and_Michael_Kovrig

[–] Flax_vert@feddit.uk 1 points 14 hours ago

Fair enough to be fair. I did make sure the passport I was using to enter China was that of a country with no political drama happening. It did allow visa free entry though as well, so that was nice.

[–] BuoyantCitrus@lemmy.ca 9 points 1 day ago (1 children)

they likely have the capability to trivially decrypt TLS

Whoa. Anywhere to read more about this? Had not been paying close attention, didn't realise that was so starkly the case.

[–] BaroqueInMind@piefed.social 13 points 1 day ago* (last edited 1 day ago) (1 children)

China blocks newer TLS and forces a TLS downgrade of a version they have decryption capabilities of - https://www.f5.com/labs/articles/threat-intelligence/the-2021-tls-telemetry-report

More info - https://gfw.report/publications/usenixsecurity23/en/

More - https://www.scmp.com/news/china/politics/article/2167240/chinese-police-get-power-inspect-internet-service-providers

Chinese cryptography law mandates packet inspection and supervison of all foreign telemetry - https://link.springer.com/chapter/10.1007/978-3-031-11252-2_4
https://en.m.wikipedia.org/wiki/Cryptography_law

If you are truly skeptical of one of the world's largest cyber threat actors with an enormous economy and large population of cyber security experts is or isnt capable of trivially decrypting TLS, I don't know how else I can convince you that they are capable.

[–] _cryptagion@lemmy.dbzer0.com 5 points 20 hours ago (1 children)

Except they didn’t say they were skeptical, and they even asked for more information. I don’t know why you got hostile in your reply to them. Because they didn’t just accept what you said as truth without needing sources?

[–] BaroqueInMind@piefed.social 0 points 20 hours ago* (last edited 20 hours ago)

I like skepticism, it's healthy. I like it when everyone questions and doubts in order to find the truth. It can go too far sometimes and you get anti-vax morons and flat-earth dipshits, so there's a level of curiosity that, once it becomes unhealthy or unusual or the answer is clearly out in the open/conspicuously apparent, should be punished.

load more comments
view more: next ›