Use VPN, Shadowsock to escape from the GFW

Shadowsocks is currently the best choice.

There are excellent instructions for setup.

Companies use VPN to allow their employees to access their computing resources by their employees from outside of their LAN’s.  Foreign companies in China rely on VPN for one more purpose – accessing websites blocked by the GFW. For ordinary people, there are many free VPN services, but they may be blocked by the GFW at any moment without notice.  Setting up a VPN on a Microsoft OS is fairly easy.  For example, one can follow the easy steps here to set up a VPN service on Windows Server 2008 or Windows 7 (If Windows 7 is used for incoming VPN connection,  DHCP IP address range needs to be specified). However, strangely the default setting of the Network Policy Server does not work. One needs to change Connections to Microsoft Routing and Remote Access server policy from the default “Deny Access” to “Grant Access”: Network Policy Server > NPS > Policies > Network Policies…

For diagnosis, one can enable the remote connection logging.

If the the server is behind a router, port 1723 needs to be forwarded to it.  The firewall should allow the traffic between the VPN hosting computer and the router, and uncommon protocol General Routing Encapsulation (GRE).

Configuration on the client site varies from one Windows version to another, but all of them are fairly straightforward and can be done in one or two minutes. Form some versions, one may have to specify the VPN type form automatic to SSTP.

Windows Phone 8.1's VPN may not work with Windows 7 VPN service.

Create an VPN connection on an Android device to use the VPN set up on a Windows computer is easy and simnple.  It can be done in less than a minute.  

The best way to test your VPN while setting it up is using a different LAN (e.g. your neightbor's Wi-Fi) to access the VPN. For example, use a device (a phone or tablet) to connect to your neighbor's Wi-Fi with their permission, and try to access the VPN being set up.

The Chinese regime has been cracking down on VPNs.  Not only does it hurt the people seeking the online freedom, but also the commercial activities in Mainland China.  It has significant negative impact on its economy.

The regime can detect the use of common VPN protocols such as that of Windows VPN, then block the VPN traffic at least for home users.  The largest ISP in Mainland China - China Telecom - does this.  According to their staff, about 30% of their customers are under regular monitoring by the police.  Therefore rigid Windows 10 VPN does not work in China.

SoftEther VPN  appears to be a good solution, but unfortunately, setting it up for users seems to be complicated.  The support from its user community is very limited.  One needs to run its client app on Windows to evade GFW.  Unfortunately, when the client runs, the Wi-Fi is turned off automatically at least on a Windows 10 Dell Tablet.  Using regular Android or Windows VPN client would defeat the purpose of using.

 One can use some tricks to set up open VPN for use in China. 

Set up OpenVPN on Windows 10.

1. Follow the excellent instructions to do all the work on the Windows 10 machine hosting OpenVPN server.
2. Edit the generated .ovpn files for both the server and client
   1. Change "proto udp" to "proto tcp"
   2. Change "remote example.ddns.us 443" to "remote my.ddns.com my_desired_port" where my_desired_port is not a commonly used port such as 443, 1194 (default port for OpenVPN) to avoid GFW blocking.
   3. Comment out "explicit-exit-notify 1" that is not supported by UDP
   4. Add line "tls-cipher "DEFAULT:@SECLEVEL=0" to avoid an OpenSSL error. 
3. Run OpenVPN GUI as an adminstrator, select Connect.  The TAP network connection should show as connected (Control Panel\Network and Internet\Network Connections).
4. On a client Windows 10 machine, follow the instructions starting from "Copying the Server and Client Files to Their Appropriate Directories".
5. Set up Stunnel.
6. Follow the instructions to set up Obfsproxy on both the server and client machines. 
   1. Download and install Python.
   2. Download and install Microsoft Visual C++ Compiler for the Python version
   3. Open cmd and change to directory C:\Users\Username\AppData\Local\Programs\Python\...\Scripts
   4. Run command "pip install obfsproxy" to install obfsproxy, and you may fail because obfsproxy is getting obsolete.