The Importance of Bypassing the Great Firewall#
There are too many tutorials on the use of VPN software available on the market, to the point where I have often felt that this is not something worth writing about.
But perhaps on a blockchain platform, this article can last a long time, so I’ll give it a try.
I believe everyone has the equal right to access public information, but unfortunately, mainland China does not share this view, which has led to the need for bypassing the firewall.
For some people, being behind the wall is a good thing, as knowing more can lead to more pain. Whether it’s pure curiosity or a desire to uncover the truth about something, you need more sources of information.
For me, bypassing the firewall has become one of my most basic daily needs; it ranks alongside water, electricity, food, and the internet. Just like the first thing I do when renting a place is to install broadband and connect to Wi-Fi, the first thing I do when I access the internet is to ensure there are no barriers.
I once went to Hong Kong, and it’s hard to imagine that just an hour away from Shenzhen, people here do not need to know so much to have full access to the internet.
With the rise of AI, many foreign AIs provide more accurate answers when asked questions in English. So how do you use foreign AIs instead of the specially provided ones? The answer is also to bypass the firewall.
According to WIKI data, English content accounts for as much as 59.3% of the internet, while Chinese only accounts for 1.3%, so regardless of your reasons, bypassing the firewall is very important.
Therefore, adhering to the idea that teaching someone to fish is better than giving them fish, I will organize my existing knowledge about bypassing the firewall and share it here, though there may be mistakes or omissions, and corrections are welcome.
The Most Common Method of Bypassing the Firewall - VPNs#
Also known as "airports" or proxies, this term may have originated because the icon of the client software Shadowsocks resembles a small airplane. The working principle is forwarding, similar to taking a train; if the direct route is blocked, you transfer at some point.
As shown in the image above, the anonymity of these "airports" is not as good as it seems. In theory, an airport can see which websites you have visited, how long you stayed, what you browsed, and so on.
Due to user volume, client privacy, and various other considerations, most airports do not do this, but some airports are government-operated and are set up for phishing, so caution is definitely the priority. If you want to engage in activities or even shout slogans, using an airport is definitely risky.
VPNs and proxies are not the same; airports are proxies, while VPNs are anonymous encrypted networks. VPNs available on the market are generally more secure than airports. It is said that the most highly rated on Reddit is mullvad. While it is indeed more secure, with usernames randomly generated by the system, it may not be very user-friendly.
When I say user-friendly, I am not referring to anonymity, but rather to fixed IPs, connection speeds, and ease of use, including how quickly you can share it with others. These factors must be considered. My work involves cross-border e-commerce, so considering everything, I still use airports, which are proxies.
It’s like the difference between the anonymous mode of a regular browser and the dark web of the Tor browser. You might say the dark web is more secure and anonymous, but in terms of everyday experience, using the anonymous mode of a browser or enabling anti-tracking is more convenient.
Which Airports to Choose?#
First, eliminate free airports. Firstly, your time is also a cost; free ones often require frequent changes and may not work. Secondly, there’s no such thing as a free lunch; if you find something that seems free, you might just be the cost. Thirdly, paid options are not actually that expensive.
Next, eliminate self-built airports. My suggestion is that if you’re not using several terabytes a month, it’s really unnecessary. I have built my own before, from selecting servers to choosing IPs, but after it was built, the speed was disappointing. Optimizing speed for an airport is quite complex; building it is the easiest part, but maintaining it requires professional knowledge and effort. I still recommend buying a ready-made one; after all, they are not expensive, and self-built servers are not free.
Recommending airports is a very complex matter because mainland China is vast, and there are significant differences based on location, operators, and devices. If you are in the Pearl River Delta, you can try the airports I recommend on Diao Page, where I have marked links for scientific internet access.
Who is my recommendation suitable for? It’s for those who don’t want to know too much and just need an airport for bypassing the firewall that is not expensive and has decent speed, which is what I use daily.
(Note: If you purchase through the link on Diao Page, I will receive some commission. Thank you for your support.)
Fans in other regions can also give it a try; if it works well, use it; if not, switch.
Here are two other content creators I frequently watch and test:
A well-known figure in the industry, he tests speeds for mobile, Unicom, and telecom.
SSR-V2ray Airport Recommendations
Some popular science articles that are very useful for beginners.
Subscription Links for Airports#
I will use Feiniaoyun as an example here, mainly because its tutorial has not been updated, which I think makes it less friendly for beginners.
After entering the homepage, purchase a package, and then the most important thing is the subscription link:
Basically, all airports have various subscription links. For the sake of simplicity, in our subsequent tutorials, we will primarily need one subscription link, which is the universal Clash subscription link. Please understand the others on your own.
After copying, it looks like this:
http://fbapiv1.fbsublink.com/flydsubal/2qdqowukfwdpse1r?clash=1&extend=1
(Note: The link I provided has been reset and is for demonstration purposes only; it will not work.)
It looks like a webpage link, but when you paste it into a browser, it may not yield anything. Sometimes it will automatically download a YAML file, and other times it will give some meaningless letters.
The subscription links for airports have the following characteristics:
- It is something you paid for (the core element).
- It may have 100GB of traffic (depending on the package you purchased).
- It may have an expiration date (reset every 30 days or longer; traffic does not accumulate).
- Anyone who obtains this link can use your traffic.
- (Unless the airport limits the number of simultaneous online clients).
- The airport backend can generally reset the subscription link with one click (to avoid theft).
Choosing a Bypassing Client#
I think the hardest part of writing this tutorial is that many websites can only be accessed after bypassing the firewall, including some airports themselves, which are commonly blocked.
But I am teaching you how to bypass the firewall without having bypassed it, and sharing things on domestic cloud storage can easily lead to reports and various restrictions, making it a thankless task.
The best solution is actually to buy an airport that offers a trial. This is also mentioned on Diao Page.
If you have already bypassed the firewall, you can download the bypassing clients I mention later from this link.
If you have not bypassed the firewall, you can download from this link.
Some airports provide their own customized clients, like the one shown below, which I generally do not use.
It’s not that these clients are necessarily bad, but I tend to trust open-source software more.
At the same time, some airport-specific clients cannot log in with multiple accounts simultaneously.
If you want to use it with colleagues or friends in your office, you need to buy multiple accounts, which is often unnecessary.
I want to thank the article for being a great summary.
Windows, Android, Mac, and iOS Proxy Client Software Recommendations
The clients I use are as follows:
Windows & Mac: Clash Verge Rev
The successor to the original author of Clash for Windows, who stopped updating due to pressure, uses an updated kernel and provides a good experience, replacing the no longer updated original Clash client, and it also has a Chinese interface.
Android: Surfboard
Known as the Surge for Android. (Surge is a very powerful software that is quite expensive on Mac.)
I initially used Clash for Android, but the author stopped updating due to pressure.
I once used Clash meta for android, which updates frequently, and also used Single-box, which I found less user-friendly than Clash, but ultimately I settled on Surfboard. The most annoying thing on mobile is that after enabling the proxy, for example, accessing JD.com becomes very slow, and you have to turn off the proxy to access JD.com, then turn it back on after you’re done, which adds unnecessary steps. Although I can set exceptions in Clash, Surfboard requires no additional operations.
iOS: Shadowrocket
Commonly known as "Little Rocket," it is still quite user-friendly. The inconvenience is that it has been removed from the Chinese App Store, meaning you need a non-Chinese Apple ID to download it. Additionally, it is a paid app, costing $2.99, so the setup on iOS may be slightly more complex. However, given the stability of iOS and the fact that Apple users typically do not change devices frequently, setting it up once for several years is quite good.
Windows Bypassing Client Clash Verge Rev Setup#
Installing Clash Verge#
The version I am demonstrating is 1.6.6, which is maintained relatively frequently, but the interface and principles will not change significantly, so you need not worry even if the version differs.
We need this file. If you downloaded it from 123 Cloud, it may be a compressed package. You need to extract it and then open it.
Open this file, and if it requires administrator permissions, click yes, and you will see this interface.
Then keep clicking next. Some may ask if you want to change the installation location; my suggestion is not to change it for a simple reason: this software is very small and won’t take up much of your hard drive.
Of course, if you want to change the installation location, you can.
And that’s it; the installation is complete.
Importing the Subscription Link#
Open Clash Verge on your desktop.
Then click on the subscription on the left.
Do you remember the subscription link I mentioned earlier? Yes, paste it here and click import.
If you see the image below, it means the import was successful.
(Note: Updating the subscription refers to clicking the gray circular icon in the image below.)
If you encounter an error when importing or there is no response,
please check your subscription link, for example:
Did you copy it as an SSR subscription link?
Is the airport expired?
Is the airport's traffic used up?
Are you running other proxy software that you haven’t closed?
Choosing the Proxy Country#
Click on the proxy on the left. At this point, your interface may look different from mine, which is related to how the airport groups its nodes.
The button I marked with a red circle is for testing latency. Generally, the lower the number, the lower the latency. With the same network speed, theoretically, the experience will be better, but this only applies to individual airport nodes, as different protocols have different latencies.
Enabling System Proxy#
Now click on settings on the left and enable the system proxy.
This generally indicates that the bypass is enabled.
You can now happily access the external network. Enjoy.
As for startup and silent launch, I habitually enable them.
Some Additional Knowledge#
I generally choose Hong Kong nodes because they are fast; Hong Kong is closest to the mainland, with low latency and fast speeds, making image and video loading smoother.
However, during special times, I may use other nodes. For example, if you want to use ChatGPT, Hong Kong is not within OpenAI's service area, so you need to switch to nodes in other countries.
How to check if the bypass is successful: Enter g.cn in your browser, and if you get search results, it means the bypass is successful.
If it is not successful, first test the speed of the node. If the node is red, switch to a green node. If all nodes are red, it may be due to:
- Your airport has expired or the traffic has been used up.
- There is an issue with the airport, such as power outages or attacks on the server.
- During sensitive periods, the subscription link may be polluted and needs to be re-imported.
- Restart the Clash client; it may have encountered a bug.
What is a node? It refers to a country. Different countries have different IP addresses, similar to where the woman in the image above is serving you coconut juice.
Nodes are provided by the airport; some provide many country nodes, while others provide fewer. Generally, the more nodes an airport has, the higher the cost, and the more you need to pay.
What is a fixed IP? If I consistently use this airport's Hong Kong node 3, then my IP address is likely fixed, but only for that specific airport.
If you switch airports daily, even if they are all Hong Kong node 3, you do not have a fixed IP. Some people ask me which node I am using with different airports, and I think, "We are using different airports!"
Also, regarding the previously mentioned VPN, mullvad, it is not a fixed IP either, because fixed IPs are not inherently about anonymity; if you have a fixed IP, I must expose your identity.
Why do we pursue fixed IPs? Because if you show up in the US today and in Egypt tomorrow, while your backend is in Russia, you are very likely to trigger the risk control of social platforms, which can lead to account bans. Therefore, airports are more friendly for cross-border e-commerce.
What are rules, and what is global mode?
The default is rule mode, which means you can already access Google.
What are rules? Simply put, they determine when to use or not use VPN traffic. For example, if you watch YouTube at 3 PM and Bilibili at 4 PM, you can use your proxy traffic for YouTube, which is acceptable. However, if you are watching Bilibili, which does not require a proxy, and you are still using the proxy, that is unnecessary traffic consumption.
Thus, this is what rules are: if it’s a domestic website, do not use the proxy. If it’s a foreign website, enable the proxy.
As for how the software determines domestic and foreign websites and when to use the proxy, that is up to the rule writer to consider.
Once you understand the rules, global mode and direct connection become simple. Global mode means that regardless of the traffic, just use the proxy. Direct connection means turning off the VPN altogether, not using the proxy at all.
What is Tun mode?
In the settings, there are system proxy and Tun mode, and you can choose to enable one or both.
Generally, the system proxy can handle 90% of situations.
Both modes are for bypassing the firewall; Tun mode is just a lower-level option.
For example, UWP applications on your computer, which are downloaded from the Microsoft Store, such as WhatsApp, require Tun mode to function properly.
Additionally, the previously popular Arc browser on Windows 11 also requires Tun mode to run.
I usually only use the system proxy; I generally do not enable Tun mode.
If you are interested, you can read this post on V2ex:
Do I need to enable both System Proxy and TUN Mode for Clash for Windows?
Mac Bypassing Client Clash Verge Rev Setup#
Since I do not have a Mac, I will add this later, but it is actually quite similar to Windows.
Installing Clash Verge#
Importing the Subscription Link#
Choosing the Proxy Country#
Enabling System Proxy#
Android Phone Bypassing Client Surfboard Setup#
Installing Surfboard#
The version I am demonstrating is 2.24.1, which is maintained relatively frequently, but the interface and principles will not change significantly, so you need not worry even if the version differs.
If you downloaded a compressed package, remember to extract the APK file first.
First, you need to find a way to transfer this APK file to your Android phone. Do not use WeChat to transfer it, as it may not install. I recommend using QQ to send it to my Android phone or DingTalk to transfer it to the file assistant, or try cross-platform file transfer with Lightning Vine.
In any case, I will assume you have successfully transferred it to your phone and that it is indeed an APK file, not an APK.1 or similar. You need to handle this step yourself.
Don’t ask me what to do if I have a HarmonyOS system; I don’t know. You can try the following steps; if it works, great; if not, then that’s Huawei’s blessing.
Open the installation package on your phone. If it prompts that a malicious application is detected and won’t install, please disconnect from the internet, meaning turn off Wi-Fi and data connection, and try again.
Also, temporarily disable any so-called security features. I recommend open-source software, which has a very low chance of containing malicious code.
Importing the Subscription Link#
After installation, open the app, and the interface should look like mine.
Click on configuration at the bottom, then the plus sign, select "Import from URL," paste the subscription link, and import.
Due to different protocols of airports, the subscription link you copy may vary, as shown in the image below. Surfboard supports SS/Trojan/Vmess protocols.
The images below show successful imports; the first one indicates something is wrong.
For example, for Feiniaoyun, you need to paste the general SS link of the airport to use it.
The first entry pasted the general Clash link, but this software is not Clash.
If it’s Laomao Cloud, there’s no problem.
But it’s okay; even if it doesn’t work, you can use Clash meta for Android, which supports all protocols. The tutorial is below.
Choosing the Proxy Country#
Click on the proxy at the bottom. The button in the lower right corner is for testing latency, just like in Clash. The lower the latency, the better the experience. Choose the country you need; I prefer Hong Kong.
Enabling System Proxy#
At this point, it’s very simple. Click on the dashboard at the bottom, then click the play button in the lower right corner to enable the bypass. You can now happily access the external network. Enjoy.
Clash Meta for Android Configuration#
Surfboard is still user-friendly. As a tool software, it does not require me to frequently open or close it.
It also has three modes: rules, global, and direct connection, which I have already mentioned for Windows, so I won’t repeat it here.
However, there’s also Clash Meta for Android, which has slightly less user experience but supports all protocols. I will briefly mention it here.
The version I am demonstrating is 2.10.1, which is maintained relatively infrequently, but the interface and principles will not change significantly, so you need not worry even if the version differs.
The first step is also to find a way to transfer this installation package to your phone.
If you downloaded a compressed package, remember to extract the APK file first.
The second step is to import the subscription link.
Click on configuration, click the plus sign in the upper right corner, select "Import from URL," fill in any name, paste the airport's Clash subscription link in the URL field, set the auto-update to 1440 (it’s okay if you don’t set it), and click save in the upper right corner.
The third step is to enable the proxy.
After saving, you should return to the software's homepage, showing that the new configuration is activated. Click on "Stopped" to show "Running," which indicates that the bypass is enabled. You can then click on the proxy to choose the country node, and the lightning button in the lower right corner is for testing latency.
Clicking "Running" again will turn off the bypass.
So it’s all quite simple; it may seem a bit cumbersome the first time you do it.
iOS Apple Phone Bypassing Client Shadowrocket Setup#
Installing Shadowrocket#
Open the APP STORE.
Click on the profile icon in the upper right corner.
Scroll to the bottom and click "Sign Out" of your original country Apple ID. If you are already using a non-Chinese Apple ID, you do not need to sign out.
Enter your non-Chinese Apple ID here, then click "Sign in" below, not "Done" in the upper right corner.
Here are some situations that need clarification:
First, most airports will provide shared US IDs and Shadowrocket. You only need to follow the tutorial provided by the airport step by step; there’s no need to refer to this tutorial.
If you need to install this software for many people, such as for your entire office, friends, or multiple Apple devices, you might consider getting a dedicated one.
We need a non-Chinese Apple ID + the $2.99 Shadowrocket software.
If you have a foreign credit card, you only need a US ID, which you can register on your own. Here’s a tutorial: How to Register a US Apple ID? Latest Free Registration Method for US Apple ID
If you don’t have a US ID and no foreign credit card, you can purchase one.
Little Rocket 8 sells it, which includes a US Apple ID + Shadowrocket for 39.9 RMB.
(Note: If you purchase through this link, I will receive some commission. Thank you for your support.)
If you see the following image when logging in, select "Not XX."
After logging in, find Little Rocket in your purchased items and download it.
If you click on purchased items and find it empty, please restart your phone.
After downloading, you can log out of this Apple ID.
Importing the Subscription Link#
(Note: This app has a Chinese interface; if your system is in Chinese, it should automatically be in Chinese; otherwise, you can change it in the settings.)
Open the little airplane app and allow all permissions.
Click on the configuration in the lower left corner, then click the plus sign in the upper right corner.
Here, enter the airport's subscription link and click download.
Click on the newly added line and select "Use Configuration."
Click on the settings in the lower right corner, scroll down to find subscription settings.
Enable this setting.
Enabling System Proxy#
At this point, the configuration process is complete; just toggle the switch to use it, and you can happily access the external network. Enjoy.
Usage Tips#
At the bottom of the homepage, options like "Hong Kong" allow you to choose different country nodes.
The third row tests connectivity, which tests node latency.
Generally, the smaller the green number, the faster the speed; red indicates it is unavailable and needs to be switched.
Final Thoughts#
How to control a person's thoughts?
In times of material scarcity, the word "poverty" can control your thoughts, making you focus on farming the land without wandering thoughts.
In today's technological development, you either block access, like the current firewall, preventing you from having more sources of information, or you provide mindless entertainment, bombarding you with massive amounts of unnutritious information that exhausts your ability to think.
I believe most people still have the ability to discern information; when faced with both feces and food, most people will likely choose food. However, the problem arises when both options are feces; you have no choice and are unaware that others are eating food.
Thus, one part of what bypassing the firewall can solve is to see whether others are eating food or feces. You certainly have your own judgment, whatever that may be. I cannot deprive you of your right to see the world, but that is precisely what the firewall does.
If escaping the information cocoon is impossible, what I want to do is to make my cocoon a little larger.