Ask HN: The government of my country blocked VPN access. What should I use?

I lived in China for a while and there were several waves of VPN blocks. Also very few VPN services even try to actively support VPN-blocking nations anymore. Any commercial offering will be blocked eventually.

What I settled on for decent reliability and speeds was a free-tier EC2 hosted in an international region. I then setup a SOCKS5 server and connected my devices to it. You mentioned Cloudflare so whatever their VM service is might also work.

It's very low profile as it's just your traffic and the state can't easily differentiate your host from the millions of others in that cloud region.

LPT for surviving the unfree internet: GitHub won't be blocked and you'll find all the resources and downloads you need for this method and others posted by Chinese engineers.

Edit: If you're worried about being too identifiable because of your static IP, well it's just a computer, you can use a VPN on there too if you want to!

The VM instance is good for setting up a VPN tunnel, but it's not good in terms of bandwidth if it's hosted in. Because of DPI capacity, China has a very limited amount of "real internet" bandwidth. A more capable setup is to have one VM on each side of the firewall on an hosting service with peering between inside and outside - Aliyun (Alibaba Cloud) is an example. The "inside" VM could be just "socat UDP4-RECVFROM:<port>,fork UDP4-SENDTO:<remote>:<port>" or something done using netfilter.

Like others commented in this thread, having an obfuscator is a good idea to ensure the traffic is not dropped by DPI.

When the inevitable ban comes and your VPN stops working, rotate the IP of the external VPN and update the firewall/socat config to reflect it. Usually, the internal VM's IP doesn't need to be updated.

How easy is it to get a VPS in China.

Could HK work?

HK "outside" the firewall, for now. It's where you would place the outside VM.