Streisand DIY VPN: Does it work in China?
Streisand is a free open source DIY VPN project that claims to help netizens overcome censorship. We tested it in China to see how it works.
- Streisand is an open source DIY VPN solution that helps netizens bypass internet censorship
- We tested Streisand in China using a 5$/ month Digital Ocean VPS server (San Francisco)
- Most of the VPN protocols included in Streisand did not work in China.
- However, Streisand worked decently well using the Shadowsocks protocol.
Internet Censorship in China
The internet is heavily censored in China, leaving most popular apps and websites inaccessible from within the mainland. Chinese internet users and foreign expats rely on the use of VPNs (virtual private networks) to bypass the “Great Firewall” internet filter.
Unfortunately, using a commercial VPN app can be costly and potentially a privacy concern for Chinese users as one can never be sure what data a VPN provider might give up to authorities.
DIY VPN Solutions
One way to ensure the privacy and security of your VPN is to self-host a VPN server yourself. This way you can be relatively certain that your traffic is not being logged or your VPN usage reported to governments. (Note: Your server provider could also be monitoring or logging your network behavior. Setting up a Raspberry Pi server at the home of a friend or family might mitigate this risk.)
Streisand: An Open Source DIY VPN Solution
Streisand is an open source DIY VPN solution that sets up a new server running your choice of VPN/ tunneling tools like
- Stunnel, or a Tor bridge.
It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with friends, family members, and fellow activists.
As daily VPN users and VPN connoisseurs based in China, we wanted to test Streisand to see if it could bypass the Great Firewall and its speed performance.
Installation and Setup
To install Streisand you will need either:
- Ubuntu server, + macOS or Windows computer OR
- Two Ubuntu servers.
Your main Ubuntu server (which will act as the VPN server) will need to be located outside of China in order to bypass censorship.
After downloading the package from Github you can follow the instructions on the official Streisand Github page to complete the installation.
During the installation, all the dependencies needed for Streisand to run will be displayed and you will need to run the commands provided to install them as seen below:
If you don’t have the API key for the listed services provided you can select the last option.
To install Streisand on an existing server, you will need to provide the IP address of your sever and make sure you have the SSH key needed to login on the server you provided with the correct name.
Install using Existing Server
Installing Streisand can take a long time. It took me more than an hour to setup with the default options / protocols:
After the installation is complete, you can access an information web page containing the login details to access the Streisand server (access by entering the IP address of your server in a browser URL bar). The files generated can be seen below
Accessing the generated docs which contain the password for the install server :
Testing Streisand Protocols and Clients
Unable to use the Anyconnect iOS app see issue below:
I was able to install the AnyConnect / OpenConnect client on my PC but unable to connect to the server because the password provided in the generated doc didn’t match the password for the server for some reason.
OpenVPN can’t be used in China since OpenVPN traffic is easily detected by the Chinese firewall. You can’t even start it since the handshake between your device and the server always fails. This is why most basic VPN apps don’t work in China.
This protocol uses OpenVPN but tunneled through an extra SSL layer.
I was able to install both OpenVPN and stunnel on windows but I was unable to connect to the openvpn server even after routing the OpenVPN traffic through stunnel. See below:
I was able to install and run OpenVPN (stunnel) on Android. It was able to connect but the connection was not stable enough and the speed was poor.
I was able to connect through SSH and port forward the traffic from my PC through the SSH tunnel.
But I was unable to connect to blocked sites like Google and Youtube. I could access other unblocked sites like Bing and Baidu.
I was able to install Wireguard but unable to use it. I could connect to the server but after connecting I lost the connection or I couldn’t access any sites. Please see links below about Wireguard being easily detected by the Chinese firewall.
I was able to connect using Shadowsock on PC , Android and iOS without any issues. The speed wasn’t the best because Streisand probably uses the default settings for Shadowsocks and doesn’t include BBR updates to improve the network performance.
Streisand is a DIY VPN that offers a lot of different VPN protocols, but unfortunately most do not work in China. The best protocol that we tested was Shadowsocks. But those looking to setup a Shadowsocks VPN would probably be better served by using Outline (by Jigsaw / Google), another DIY open source VPN solution, which is much easier to setup than Streisand.