These scripts uses country data from APNIC Delegated List to generate scripts to run when you connect to a VPN. With those scripts, a Chinese VPN user can avoid piping his/her domestic connection thru VPN, and save some money and time.
To use this, you need a VPN connection, either PPTP or OpenVPN, running as a network gateway on your computer. This is often the default, and pipes things globally. If you don't have Python to run and generate those things, we have pregenerated things for you.
The effect of the configuration can be tested using domestic IP-displaying sites, like ip.cn.
For using this, you need OpenVPN >= v2.1. Otherwise, read the additional instructions below.
OpenVPN 2.1 added max-routes so we can add more than 100 routing info into
the config. Here is how you should do that (tested on OS X, Windows and Linux):
- Get the
routes.txtlist.
- Download
chnroutes.pyand usepython chnroutes.pyto generate one.
- Append the contents of the list to your OpenVPN configuration.
- Add a line
max-routes NUMto the top of your OpenVPN configuration, where NUM should be no less than the line count ofroutes.txt. Since the server may also push a few routing info to you, you can add 50 to the line count and use it as NUM. - Reconnect your OpenVPN. You can use Chinese sites like ip.cn to test it.
If you don't have access to OpenVPN >= 2.1, consider the Android method.
- We use the
net_gatewayvariable to show the gateway before OpenVPN was connected, but the document says not all systems support that. If you happen to be one example, replacenet_gatewaymanually with your current gateway. - You may need to enable Windows XP compatible mode, and give it administrator
privilege for both the OpenVPN installer and the installed programs. If it
still fails, add those lines to your config:
route-method exe route-delay 2
- Sometimes the network will cause OpenVPN to disconnect, therefore calling the vpndown script. When it tries to reconnect later, it may be unable to find the default routing and fail. You can stop reconnecting and manually reset the routing, and then reconnect.
We haven't tested the method above on Android yet and some people still need legacy compatibility, so we kept this section.
- As usual, download
chnroutes.py. - Enter the download destination from your terminal and run
python chnroutes.py -p android. This generatesvpnup.shandvpndown.sh. - Copy the files somewhere, say,
/sdcard/openvpn/. Add those to OVPN config:
script-security 2
up "/system/bin/sh /sdcard/openvpn/vpnup.sh"
down "/system/bin/sh /sdcard/openvpn/vpndown.sh"
You can modify the path to sh and vpn{up,down}.sh for your own needs.
Here we assume that you have netstat, grep and route. You can get them in
busybox.
Since there is a lot of ip entries,the script runs route a lot of
times and it takes significant time on a phone, so you may not really
want to use it. Maybe not using redirect-gateway mode and add some IP ranges
to route is better.
All those scripts generated in this section are general-purpose. That means you can use it somewhere else, like in other type of connections.
- Download
chnroutes.py. python chnroutes.py -p "$(uname)"; chmod a+x ip-; sudo cp ip- /etc/ppp`.
- If you have other files in
/etc/ppp, you may want to append not overwrite them.
- Done. Reconnect and test.
- Download
chnroutes.py. I am tired of saying this. cdinto the download destination and runpython chnroutes.py -p win. This generatesvpnup.batandvpndown.bat.
Since Windows doesn't provide hook scripts for PPTP dialing, you have to run those manually before connecting and after disconnecting.
Many Linux-based third party router OSes, like OpenWRT, DD-WRT, Tomato, provide OVPN/PPTP functionalities. Dial up the VPN, and all the connected devices can get nice VPN access with chnroutes capabilities.
autoddvpn provides such a solution. Please be aware that using VPN makes devices not suitable for P2P transport like emule and BT.
- The IP data in those generated scripts keeps being updated. Although that not really frequent, but you still want to regenerate them every three months.
- Using VPN may make you unable to use Google Music. This is caused by the fact
that your foreign DNS through your VPN gives you a foreign IP for google.cn.
A simple hack is to add the Chinese google.cn IP into your hosts:
# Google.cn, from Chinese DNS 203.208.39.99 www.google.cn google.cn
The scripts generated by the project is tested in a network environment with a router. If it doesn't work somewhere else, or if you have some other bugs, just write an issue.