rope_magic

a suggest for bt sync in china

Recommended Posts

everyone know in china is GFW block a lot of ip address or domain name.

btsync also can't connect to tracker server so it can't work.

but maybe there is a other way to fix it.

a lot of people in china use shadowsocks (socks5 proxy) to cross the GFW. but almost shadowsocks server has traffic limit,so they can't use proxy to download or upload some thing.

so i think maybe btsync can make one option for user. only use socks5 proxy connect to btsync tracker server. but use direction to other peer.

 

Share this post


Link to post
Share on other sites

each person has their own setup and configuration, I cannot give any universal solution. For some - proxy works, for Some - VPN, of others - Predefined hosts. 

Since, from what I know, it's only tracker server that is blocked in China (at least now), you don't need proxy to connect to the peers. You need it to connect to tracker to learn peers' addresses. But even here you can you do without proxy - use known hosts. 

 

Share this post


Link to post
Share on other sites

Currently sync doesn't seem to have any option to only proxy the tracker server. I tried all the options available but it put all the data over the proxy which is incredibly inefficient. A file would be going from Beijing to Japan and back again.

There was someone suggesting the use of proxifier to make the app only proxy certain connections, but as that's another purchase I'd have to justify on top of sync it's not really something I'm looking forward to. I started with a free cloud service, then changed to sync, and on top of that I need to pay for a proxy and an app to make sure only some connections go through the proxy. I really want to make this work but it's not easy. At the same time I know it's not Resilio's fault for getting blocked and it must be a massive hassle for you guys to make workarounds for it.

Predefined hosts doesn't work for me really because my ip changes so often. Is that what you mean by use known hosts?

So far the only thing that works for me is manually going in to each computer every morning and setting them to use the proxy for a while then change back once the hosts file has been updated. It will do for now but it would be soooo nice if the option to only put the hosts through the proxy. Even better, why not work with the company that sells sync for you in China to put up some servers inside the Great Firewall so that we don't need the proxy at all.

Don't mean to come off like a needy child, its just that we liked using sync when it worked and would love to be able to keep using it.

thanks.

 

 

 

 

Share this post


Link to post
Share on other sites

Dear joshofbass, I already contacted company that sells sync in China, and they have already stopped selling sync thanks to the block. And I don't believe they will set up some trackers inside china without being questioned by the Gov. 

I believe the solution is the technology itself. You know bitcoin is hated by nearly every Gov and yet running smoothly, because it is truly P2P. Sync is the closest to be immune to Gov censorship due to its P2P nature. So make it truly P2P, please! 

Share this post


Link to post
Share on other sites

I have done research work on this and hope the following information will be helpful to others.

The current GFW block on resilio and btsync:

1. GFW does not block the initial configuration load (to get a list of trackers for example). DNS resolution and download will all work.

2. GFW does block the subsequent connections to the trackers. This is done at IP packet inspection level. This blocking was initially started in some cities but eventually spread to all. Connections to the trackers are cut-off prematurely (EOF received).

The current workaround (See the limitations) that proven to be working.

1. You can setup predefined hosts in resilio for all shares. In BTSync, you can only setup predefined hosts for each share individually - which is a chore. This method works as the deep packet inspection currently only targets the trackers, not individual connections between btsync/resilio servers.

2. To be practical, you will need to setup a dynamic dns name (DDNS) for each btsync server and use a fixed port number (e.g. host1.blah.com:4444, host2.xyz.com:4444, host3.uvw.com:4444). Because servers are usually behind home routers, NAT is used. Your router must be able to turn on NAT-PMP so that the port 4444 will be opened on the router to your server. uPNP would also work thought NAT-PMP is more secure.

Limitations:

1. If deep inspection targets server to server direct connections, the above workaround will likely to fail. The server-to-server protocol probably contains sufficient unique string for inspection and targeting.

2. Use the next alternative.

An alternative to BTsync/Resilio would work and resist deep packet inspections - syncthing. (Sorry, resilio)

Syncthing is an open source project and it was a little shaky a 2-3 years back but now it's quite stable and mature. Similar to BTSync/resilio, Syncthing also has global discovery servers for servers to discover each other. They are subject to the same blocking in the future. However, Syncthing also has predefined hosts method simliar to BTSync. This direct connection method is resistant to DPI.

Syncthing's protocol is strictly TLS 1.2 with no special customization identifiable before the TLS handshake completes. This makes it very resistant to future deep packet inspection. To be more specific, when 2 servers connect to each other, they will always complete the TLS handshake first. Before the handshake is complete, there is nothing identifiable in the communication than any regular HTTPS traffic. After the handshake completes, when communication is secure, the servers will check each other certificate to determine if they are configured to talk to each other. They drop if they are  not configured to trust each other.

For this reason, syncthing direct server connection will resist future DPI.

-

Good luck everyone!

P.S. I should add that using socks proxy is not a universal solution.  It's not only complicated to setup for a lay user, but the socks proxy itself needs to be in the region unblocked (such as overseas). It also must be a private socks proxy than a public one (or it will be blocked too).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.