China has again opened its censorship Pandora box, and this time the surprise will rob the remaining internet freedom from its citizens. On January 11, VPN and SD-WAN companies with facilities in China will be blocked if they won’t have registered them with the government before the set date. Registering with the government means only one thing, the government will now have an open non-obscured eye in what you do. No more hiding your internet activities. The ban on VPN apps in 2017 seems not to have worked as intended. This blockade has come earlier than expected since earlier reports indicated the policy would take effect by February.
In the 2017 reports, Beijing had ordered state-run telecommunications firms to block VPN usage and other services that circumvent censorship restrictions. The workaround of this services involved rerouting VPN traffic abroad. Some of the firms that were tasked with this responsibility include China Mobile, China Unicom, and China Telecom. Experts had warned this bar would impact the primary way in which both locals and foreigners who visit the country communicate with the rest of the world. In China’s defense, their pervasive censorship is intended to preserve social stability, but there’s always more to that. Since 2017, the Chinese government has been cracking down loopholes around their Great Firewall impacting even social media such as Twitter.
What the experts warned will be imminent and inevitable as of January 11. The policy will impact heavily those individuals and organizations that rely on SD-WAN and VPN access within China. According to a notice, all commercial Chinese ISPs are required to block the following essential VPN and TCP ports, 80, 8080, and 443. VPNs use these ports for secure connections and other encryptions. Ports 80 is a TCP port mainly used by the HTTP traffic. The secure traffic; HTTPS is used by the other ports, 8080 and 443. Clients relying on the above ports such as VPNs will be required to register with the ISPs for the ports to be re-opened again. If not registered, some VPN functions will be rendered useless.
Since 2017, China has been imposing tough censors that also impact other foreign business. For instance, a strict cybersecurity law which took effect in June 2017, greatly impacted one of the biggest nations ISP; China Telecom. Regarding the law, the internet service provider sent a letter to its clients stating that in the future VPNs will only be allowed to connect to its abroad Headquarters.
SD-WAN users who use VPNs will also experience the impact. That’s is, if the business does not re-register with the ISPs, site-to-site VPN implementation will be affected. Site-to-site connectivity for MPLS and private line are unlikely to be affected. In a nutshell, hybrid WANs will work just fines as usual for applications across the network service. Any application that will require the internet or attempt to send traffic via a secure encrypted tunnel will not work. Business with network circuits that need access to their data centers located outside the country will also need to re-register with their ISPs.
The policy will most impact Aryaka and Cato Networks which are SD-WAN service providers. These providers offer services that rely on the provided transport or channel. If they are required to use the internet as a channel, they will definitely be impacted. Luckily, they have their network infrastructure that carries traffic in and out of China. The problem comes when other businesses need to access the service and to do that one needs the internet hence the impact. Although every SD-WAN provider will face the same implications, customers without a managed service provider won’t have a clear insight into tunnel failure due to this regulation.
Although experts have already said what will happen after January 11, it’s not yet clear how the new policy will affect multinational companies which operate in the country. This is because the policy in addition to other laws impose stringent requirements on how the companies will transfer data and they may give China unprecedented access to their technology. Their last resort for now is to use leased lines in order to access the global web. Even with the leased lines, they have to register and log their activities and usage of such services. It’s a tough 2018 for VPNs and SD-WANs in China.