I just returned from a one month vacation (June / July 2016), spending 3 weeks in China and one week in Singapore.
While in China, I traveled over 2,000 km to four different cities and lived in apartments, houses, and several hotels. During my trip, I attempted to monitor my email (hosted in Canada), access all of my usual US web sites, make phone calls to the US and Australia, and connect to my office network in Los Angeles.
I was familiar with The Great Firewall of China that is known to block internet traffic to the rest of the world, so I anticipated that I would have difficulties working remotely. To prepare for this, I signed up for three VPN services that claimed to work in China. I tested the VPN services in the US, but there was no way for me to know how well they would work in China.
There was not a whole lot I could do to anticipate what it would be like to work remotely from China, so I just warned my customers and colleagues that I would have limited internet access and may not be able to respond to emails for several days. I would recommend that you set your own, and your customers' expectations, very low, and assume you will have limited connectivity.
I learned quite a bit about trying to work remotely in China and experienced several challenges and frustrations, so I thought I would share my experiences in case some other poor soul has to work from China.
Here's what I'll cover:
1. Before you go
2. While traveling
3. Using VPNs
4. What worked and what didn't
5. Workarounds
6. After you return
Before You Go
VPN Service
I'll do a separate post about the VPN services that I used and how well they worked, but here's the short version.
You will want to sign up for at least 2 VPN services before you leave for China. And you will want to have them installed and configured and fully tested on every single device before you leave. Fortunately they are fairly cheap and there are tons of options, and based on my experience, it isn't critical which ones you choose. Technically they do appear to work, but set your expectations very, very low.
If you're old enough to have used a 56k (or 28.8k) modem, you might remember the days when it sometimes took 20 minutes of redialing to connect to an ISP (Compuserve, AOL, Prodigy, WorldNet, etc.), and after you were connected for 5 minutes at those blazing fast speeds, the modem would disconnect randomly, and you would start the process all over again. That's exactly what it's like to use a VPN service in China. It is a frustrating, time wasting, and very unproductive process.
In short, do not plan on being productive with any online or internet-dependent resource. Do not plan on having quick access to any foreign internet service. Do not assume that you can connect to foreign internet services daily--it may be 1 or 2 days before you can get connected to even retrieve your email.
And if you anticipate needing to connect to a corporate, work, or customer VPN, then you'll also need to test dual VPN connections. First your need to connect to the VPN service to tunnel out of China, and you'll then attempt to connect to the corporate/client VPN. In some cases, this dual tunnel setup will simply not work. In other cases, the dual tunnel setup may work fine outside of China, but will not work from within China. Be prepared for this.
I had some success in using OpenVPN over a VPN service on my iPhone and iPad to connect to my office network. But while in China, I was unable to use OpenVPN on my Windows laptop to connect over the VPN service. It just wouldn't work from China. This may vary based on the corporate VPN client, but I would recommend assuming that you may be unable to connect to a private / corporate VPN from China using a Windows laptop.
Once I got to Singapore, the VPN services started working again. They were slow and flaky, but they worked much better than in China.
Mobile Number and Two Factor Authentication
This is one that I did not prepare for. It applies to any international travel, and being in China just makes it a little more complex.
The third day I was in China, I had to send a wire transfer. I was able to connect to a VPN service, and then connect to the BofA web site. I setup my wire transfer, but when I went to submit it, I realized that I needed to receive a one-time passcode--something I forgot about. The Bank of America web site requires a one-time text message passcode for all wire transfers, and this feature cannot be disabled. But guess what? My account is setup to send the passcodes to my US mobile number, and I did not setup international roaming on my mobile phone, nor did I want to.
I checked to see if I could add a new mobile number to my BofA account, but of course, that also requires me to receive a passcode on my main mobile number to authorize the request. And even if I could add a number, it would have to be a US mobile number, and I didn't have direct access to a US mobile number that could receive text messages in China.
So I had to call BofA customer support, authenticate myself and then have them remove my mobile number completely from my account. I then had to contact my sister in the US and add her cell number to my BofA account. I then had to coordinate with her so that when I submitted my wire transfer request, she could quickly send me the confirmation code that I would then enter in the BofA web site. It was comical.
So before leaving, try and think about any web site or service or login that uses mobile text messages for two-factor authentication. If you need to use any of them, you'll need to either have international roaming on your cell and be sure that roaming will work in China and that you can receive text messages while in China (good luck verifying that before you leave), or you'll need to have a virtual phone number that can receive text messages (preferred). Even if you have roaming, I would strongly recommend also setting up a virtual phone number as a backup and setup that additional virtual number on all of your accounts.
Virtual Phone Numbers and Text Messages
I clearly did not anticipate the need to receive text messages while in China, and that was a gaping hole in my preparation.
After realizing this, I checked to see if my Google Voice number would receive texts. Based on my testing and forum posts on the topic, it will not. Google Voice is unable to receive text messages sent by web sites. Apparently Skype cannot either.
There are virtual phone services, similar to Google Voice, that provide you with a virtual phone number and let you make calls with an app on your mobile device. Some also claim to allow you to receive text messages. I only had time to test one, KeepSolid Phones, and in my limited testing with a trial phone number, the KeepSolid Phones app on my iPhone was unable to receive a text message from a web site. I didn't have time to do more testing, so I gave up on it and didn't try any other such services.
To my surprise, I stumbled across a solution that did work for me. In my office, I use Vonage Business for my VoIP phone service. I realized that as part of my Vonage Business service, I have an iPhone app called Vonage Business Essentials. Through the iPhone mobile app, I found that I was able to send and receive standard SMS text messages using my office phone number.
I also made a few calls using the Vonage Business Essentials iPhone app and was typically able to make and receive calls without having to use a VPN. If I used the VPN, the calls were very choppy and unreliable due to the slow VPN speeds.
However, I was unable to make an international call from the Vonage Business Essentials app, so I was unable to call Chinese phone numbers. I don't know if that is a restriction in the application, or if that option was just disabled or blocked on my account. I instead used Skype to call Chinese phone numbers, and that generally worked fine.
SIM Cards
You can get prepaid SIM cards in China, but because I did not get one, I can't provide any details.
In the Shanghai airport, there were vending machines that dispensed the prepaid SIM cards, but there were many different types, apparently by region and plan type, and I don't know what they required in terms of setup or activation.
If you try and get a prepaid SIM card from a retail store, you'll want to bring a local with you who can translate and potentially provide their contact info and ID on your behalf--I don't know what the current requirements are for foreigners who wish to purchase a SIM card.
If you do plan on using a China SIM card with your mobile phone, try and verify that your phone will work in China. China apparently uses its own unique mobile frequencies, and apparently different carriers use different frequencies, like in the US, so not all phones will work on all Chinese mobile networks.
And you will need to unlock your phone before you go to China. In the case of AT&T, that requires that you own your phone outright with no outstanding contracts or payments, and that you unlock it via the AT&T web site.
I have relatives in China who provided my wife with an extra SIM card from their mobile account, so I can report that an unlocked US AT&T iPhone 5S worked just fine with that particular Chinese carrier--I believe it was China Telecom. While in China, I was able to access the AT&T consumer unlock web site over VPN and unlock my wife's phone successfully. So that step can be done while in China, but I recommend doing it before you leave.
In Singapore, SingTel offered a prepaid SIM card for $30. It is good for 10 days and includes 14gb data. I didn't note how many voice minutes were included.
While Travelling
Public WiFi
If you have layovers at Chinese airports and will be spending a few hours waiting around, I would recommend signing up for a Boingo Wireless hotspot account. I believe that Boingo is available in most Chinese airports. I signed up while waiting in the Shanghai airport and found the Boingo service to work fairly well in the main terminal areas. I did occasionally have issues connecting, and the signal strength was weak in some of the odd gate boarding areas in the Shanghai airport, but overall it was well worth the nominal $9.95 monthly fee, and you can cancel once you return if you no longer need it.
When setting up the Boingo account, choose a simple username and a relatively simple password, as you will need to re-enter it nearly every time you connect using a mobile device, and on my iPhone I was unable to copy and paste the password from my password manager into the Boingo authentication page.
While traveling in China, many businesses and malls claimed to have free WiFi, but most required a Chinese mobile number that could receive a passcode via text message. They then required that you enter the passcode to login to the WiFi service. So I was unable to use most of the free WiFi services.
Singapore was similar, with a fair number of locations offering WiFi, but some requiring registration of some form. Starbucks stores in Singapore offered WiFi, but required you to setup an account with a social media company. I was able to sign up from my phone to get access.
Security
I was concerned about connecting to public WiFi while travelling. I assumed that I would be at risk, but I didn't have much choice.
Other than the standard advice of making sure to have anti-malware type software running on your laptop and being careful about what you access, I did the following:
1. Occasionally cleared all web browser cache, cookies, history, etc. on my laptop and mobile devices
2. Reset (wiped out) the network settings on my iPhone and iPad
3. Regularly shut down and restarted my iPhone and iPad
Here is a good article on securing an iPhone for travel:
https://blog.filippo.io/securing-a-travel-iphone/
You don't necessarily have to do all of the steps, but try and do as many as you can.
Using VPNs
I'll cover VPNs in more detail in a separate post, but as I mentioned earlier, VPNs in China are very unreliable. As in roll-the-dice and pray unreliable.
Next Post: https://dynamicsgpland.blogspot.com/2016/07/using-vpn-service-while-working-in-china.html
Over the course of three weeks, I regularly attempted to use three different VPN services and connected to several dozen residential / private and public WiFi networks in four different cities.
In summary: Sometimes they work. Sometimes they don't. Assume a 50% success rate at best and you might not be disappointed.
They worked fairly well on my iPhone and iPad. They barely worked at all on Windows 10 on my Surface Pro 4, and were painfully slow to connect on Windows.
Trying to use the VPN services and access foreign sites while in China was extremely frustrating, and I would say that I spent more time trying to get the VPNs to connect and get them to work than I did actually using the VPN connection. And that is not an exaggeration.
One day in China I repeatedly attempted to connect to a VPN over the course of 12 hours and was unable to get any of the 3 services to work on two different WiFi networks. I had used the same two residential private WiFi networks a week earlier and the VPN services worked fine. But that day, despite wasting several hours trying on multiple devices, absolutely nothing worked, and I was unable to retrieve a single email or connect to any web sites.
My overall impression was that over the course of my 3 weeks in China, my ability to connect to the VPNs decreased. When I first arrived, the VPNs connected relatively quickly and easily. But the last few days I was there, it seemed like I couldn't connect at all.
Based on this, I speculate that the Chinese firewall may have tracked the MAC addresses of my devices and flagged them as being associated with VPN usage. After 3 weeks in China, it felt like my MAC addresses ended up on a blacklist and the devices would no longer connect most of the time. The issues were inconsistent, so it could be that the blocking occurred at the ISP level, and not centrally at a national level. But it was definitely much harder to connect at the end of 3 weeks.
If this is indeed what occurred, there may be some software that allows you to spoof your MAC address on Windows and Android. I'm assuming that MAC spoofing is not possible on iOS without jail breaking. The alternative might be to have multiple devices and only use them one at a time. When one device stops working, try using the next device. Not very practical, but a potential workaround if you are concerned about the issue and will be in China for several weeks.
What Worked and What Didn't
This is a quick list of things that I tested or used while in China. In Singapore, I don't think I had any significant issues accessing anything.
Worked Without VPN
Skype iPhone app messaging and phone calls
Vonage Business Essentials iPhone app
Did Not Work Without VPN
Just about every major US site or online service
Gmail
Hosted Exchange
Yahoo Mail
YouTube
OpenVPN to my office network
Sometimes Worked Without VPN
iPhone Telegram notifications only (I had to use a VPN to retrieve messages, which was odd)
iPhone WeChat notifications only (I had to use a VPN to retrieve messages, which was very odd, since most people in China use WeChat)
iMessage
Kindle book downloads
Workarounds
When I needed to access a web site that was blocked, or needed to search for something without using Google, I used Baidu.com.
If you perform a search on Baidu, you can sometimes get access to an equivalent site that will have what you need. So for instance, I needed to lookup exchange rates, and was able to find an exchange rate web site via Baidu when I was unable to access Google or use a VPN.
Sadly, despite hours of trying, I was unable to find any workarounds, hacks, or tricks that would allow me to reliably connect to a VPN service or access US sites without a VPN. Zero workarounds in that category.
After You Return
As a result of using my iPhone, iPad, and Surface Pro in China and Singapore on numerous WiFi networks, I'm assuming that all of my devices have been compromised in some manner. I'm also assuming that any logins that I used while travelling are also compromised.
Now that I'm back, I'm planning on resetting the password for every web site, service, or account that I may have accessed. Not my idea of a fun time, but not particularly difficult.
I will also be completely resetting and wiping the iPhones and iPads and setting them up from scratch, not from a backup. I use both iCloud and the Eye-Fi app on my iOS devices to automatically backup my photos and videos, so once I confirm those are backed up, I'll wipe the devices and reinstall the apps. Again, I'm not looking forward to doing it, but it's not rocket science, and I've done it many times before.
My Surface Pro 4 is a little trickier, as Windows is a pain to wipe and reconfigure. I didn't use it much, and it was nearly impossible to get a VPN service to connect on Windows, but in the little time that I used it, my Chrome web browser was somehow hijacked to redirect traffic. Any time I tried to access nytimes.com, Chrome would redirect me to facebook.com. No matter what I tried, I was unable to access nytimes.com from Chrome. The Windows Edge browser did not have the same issue, and using ping on the command line, I confirmed that DNS lookup was not affected.
After poking around, I finally cleared the cache, history, etc. in Chrome, and that resolved the issue. But it was evidence that something had messed with my Surface Pro, so I'm assuming it could be compromised in other ways as well. Definitely not looking forward to wiping it and reinstalling everything.
So that was my experience of trying to stay connected while in China for 3 weeks. I chatted with a friend who happened to be in China at the same time I was there, and he had similar issues and challenges with his VPN service, so it was somewhat reassuring to know that it wasn't just me.
I cannot imagine how people get any significant work done remotely while travelling to China. I know there are thousands and thousands of people who travel to China for business, so I'm wondering if there is some magic secret for staying connected, or if they are as frustrated as I was.
If you have traveled to China recently (2016 or later), I'm interested in hearing if you had similar experiences and if you have any tricks that allowed you to be productive and actually get work done remotely.
Steve Endow is a Microsoft MVP
for Dynamics GP and a Dynamics GP Certified IT Professional in Los Angeles.
He is the owner of Precipio Services, which provides Dynamics GP
integrations, customizations, and automation solutions.
2 comments:
Hello,
I can't seem to find which VPN service you used? Was it paid? Also, I am interested in knowing whether Adobe connect (videoconferencing tool) can be used without VPN. I will mainly use Skype for Business- with business skype credit to call phones in Europe and Adobe Connect. Thanks for your help.
Hi Kate,
Here is my post on the VPN services I used.
https://dynamicsgpland.blogspot.com/2016/07/using-vpn-service-while-working-in-china.html
Based on my experience in 2016, and the news I have read since that China has further restricted VPN use and traffic, I now assume that VPNs will no longer work effectively in China. You may get them to work initially or occasionally, but they will likely be inconsistent and stop working after a while. After 3 weeks in China, none of my VPN services worked.
You may be able to find a large corporation or a 'western' hotel that has a license or authorization to provide greater access to the Internet and US internet services, but I don't know how to find them.
If I travel to China again, I will have to assume that I have zero connectivity to the US.
Steve
Post a Comment