GFW Connectivity Diary
The GFW is not a static wall; it is a dynamic weather system. This diary tracks daily fluctuations in censorship pressure to help you adjust your protocols accordingly.
Escalation: Whitelists & Education Net Blocks
Critical Update: Reports (Jan 27) confirm
GFW "Small Whitelist" testing in select provinces, dropping
all unverified overseas traffic. Additionally, CERNET (Education Net) has deployed specific blocks against TLS record fragmentation.
Regional Alert: Users in Henan Province face a secondary firewall blocking ~4.2M domains (5x national
average).
Also in the Feed:
- CAC "Minor Protection" Rules (Jan 23): New regulations targeting content affecting "minors' values" effective March 1. Expect keyword tightening on social platforms.
- GitHub Degradation (Jan 26): Coinciding with global Actions failures, China-based devs report a 17% block rate for API requests and package registries.
Countermeasure Release:
Xray-core v26.1.23 released with native port-hopping. This is the primary mitigation for China Mobile's 8PM-11PM UDP throttle.
Proactive IP Throttling Detected
As of 18:00 CST, we are seeing a spike in TCP Reset (RST) packets originating from China Telecom's 163 backbone for all UDP traffic on port 443. This appears to be targeting standard WireGuard fingerprints.
Analyst Recommendation:
Switch to VLESS-Reality or Astrill StealthVPN (Port 443). Avoid UDP-based tunnels until further notice.
Unicom AS4837 Resilience
Peering between China Unicom and NTT/GTT backbones remains high-performance. Let'sVPN and VLESS nodes hosted in Tokyo/Hong Kong are reporting < 150ms latency. This is currently the most stable route for international CDN access.
Shadowsocks Entropy Block Wave
Massive wave of Shadowsocks IP bannings reported in Shenzhen (China Mobile). The GFW's entropy analyzer is effectively flagging high-entropy data chunks exceeding 1500 bytes. Users are advised to enable obfs-tls or migrate to VLESS-Reality immediately.