TL;DR
This guide shows you how to bypass China’s Great Firewall (GFW) using IPv6 connectivity and proxying all your IPv4 traffic through a server outside of mainland China. This method works because the GFW often has less strict filtering on IPv6, and by routing everything through an external proxy, you avoid direct IPv4 censorship.
Prerequisites
- A VPS (Virtual Private Server) located *outside* of mainland China. Popular providers include DigitalOcean, Vultr, Linode, etc.
- Root access to your VPS.
- Basic command-line knowledge.
- An IPv6 connection on your client machine (most modern networks support this). You can check at https://test-ipv6.com
Step 1: Set up the Proxy Server
We’ll use Shadowsocks as our proxy server. It’s lightweight and effective.
1.1 Install Shadowsocks
sudo apt update && sudo apt install shadowsocks-libev -y # Debian/Ubuntusudo yum update && sudo yum install shadowsocks-libev -y # CentOS/RHEL1.2 Configure Shadowsocks
Edit the configuration file:
sudo nano /etc/shadowsocks-libev/config.jsonReplace the contents with something like this (change values as needed):
{
"server":"your_vps_ip",
"server_port":8388,
"local_address":"127.0.0.1",
"local_port":1080,
"password":"your_strong_password",
"timeout":600,
"method":"aes-256-cfb",
"fast_open":false
}Important: Choose a strong, unique password. Replace your_vps_ip with your server’s IP address.
1.3 Start Shadowsocks
sudo systemctl start shadowsocks-libevsudo systemctl enable shadowsocks-libev # To start on bootStep 2: Configure IPv6 Routing
This is the core of bypassing the GFW. We’ll use `iproute2` to route all IPv4 traffic through your VPS via its IPv6 address.
2.1 Find Your VPS’s IPv6 Address
Use a command like this on your VPS:
ip addr showLook for an address under `inet6`. It will be a long hexadecimal string.
2.2 Add the Route (Client Machine)
This command adds a default route for IPv4 traffic through your VPS’s IPv6 address. Replace your_vps_ipv6 with your actual IPv6 address and eth0 with your network interface name (use `ip addr show` on your client machine to find this). You may need `sudo`.
ip -6 route add default via your_vps_ipv6 dev eth0 table 1002.3 Enable IP Forwarding (VPS)
Edit `/etc/sysctl.conf` and uncomment or add the following line:
net.ipv4.ip_forward=1Then apply the changes:
sudo sysctl -p2.4 Configure NAT (Network Address Translation) on VPS
This allows traffic from your client to appear as if it’s originating from your VPS.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADEReplace eth0 with the correct outgoing interface on your VPS. Save the rules (the method varies by distribution; `iptables-save` is common).
Step 3: Configure Your Client
Configure your applications to use a SOCKS5 proxy at 127.0.0.1:1080.
3.1 Shadowsocks Client
Install a Shadowsocks client for your operating system (e.g., Shadowsocks-libev on Linux, or a GUI client like Shadowrocket on iOS/Android). Configure it with your VPS’s IP address, port, and password.
3.2 Browser Configuration
Most browsers allow you to configure a SOCKS5 proxy in their settings. Set the proxy server to 127.0.0.1 and port 1080.
Step 4: Testing
After completing these steps, test your connection by visiting websites that are blocked in your region. If everything is configured correctly, you should be able to access them through your proxy server.
Important Considerations
- Security: Keep your Shadowsocks password strong and change it regularly.
- Stability: VPS performance can affect connection speed. Choose a reputable provider with good network connectivity.
- Persistence: The `ip route add` command is not persistent across reboots. You’ll need to automate this using a script or systemd service.
- Firewall: Ensure your VPS firewall allows traffic on the Shadowsocks port (8388 in our example).