By Steve Endow
I just returned from a one month vacation (June / July 2016), spending 3 weeks in China and one week in Singapore.
While in China, I traveled over 2,000 km to four different cities and lived in apartments, houses, and several hotels. During my trip, I attempted to monitor my email (hosted in Canada), access all of my usual US web sites, make phone calls to the US and Australia, and connect to my office network in Los Angeles.
I was familiar with The Great Firewall of China that is known to block internet traffic to the rest of the world, so I anticipated that I would have difficulties working remotely. To prepare for this, I signed up for three VPN services that claimed to work in China. I tested the VPN services in the US, but there was no way for me to know how well they would work in China.
There was not a whole lot I could do to anticipate what it would be like to work remotely from China, so I just warned my customers and colleagues that I would have limited internet access and may not be able to respond to emails for several days. I would recommend that you set your own, and your customers' expectations, very low, and assume you will have limited connectivity.
I learned quite a bit about trying to work remotely in China and experienced several challenges and frustrations, so I thought I would share my experiences in case some other poor soul has to work from China.
Here's what I'll cover:
1. Before you go
2. While traveling
3. Using VPNs
4. What worked and what didn't
6. After you returnBefore You GoVPN Service
I'll do a separate post about the VPN services that I used and how well they worked, but here's the short version.
You will want to sign up for at least 2 VPN services before you leave for China. And you will want to have them installed and configured and fully tested on every single device before you leave. Fortunately they are fairly cheap and there are tons of options, and based on my experience, it isn't critical which ones you choose. Technically they do appear to work, but set your expectations very, very low.
If you're old enough to have used a 56k (or 28.8k) modem, you might remember the days when it sometimes took 20 minutes of redialing to connect to an ISP (Compuserve, AOL, Prodigy, WorldNet, etc.), and after you were connected for 5 minutes at those blazing fast speeds, the modem would disconnect randomly, and you would start the process all over again. That's exactly what it's like to use a VPN service in China. It is a frustrating, time wasting, and very unproductive process.
In short, do not plan on being productive with any online or internet-dependent resource. Do not plan on having quick access to any foreign internet service. Do not assume that you can connect to foreign internet services daily--it may be 1 or 2 days before you can get connected to even retrieve your email.
And if you anticipate needing to connect to a corporate, work, or customer VPN, then you'll also need to test dual VPN connections. First your need to connect to the VPN service to tunnel out of China, and you'll then attempt to connect to the corporate/client VPN. In some cases, this dual tunnel setup will simply not work. In other cases, the dual tunnel setup may work fine outside of China, but will not work from within China. Be prepared for this.
I had some success in using OpenVPN over a VPN service on my iPhone and iPad to connect to my office network. But while in China, I was unable to use OpenVPN on my Windows laptop to connect over the VPN service. It just wouldn't work from China. This may vary based on the corporate VPN client, but I would recommend assuming that you may be unable to connect to a private / corporate VPN from China using a Windows laptop.
Once I got to Singapore, the VPN services started working again. They were slow and flaky, but they worked much better than in China.Mobile Number and Two Factor Authentication
This is one that I did not prepare for. It applies to any international travel, and being in China just makes it a little more complex.
The third day I was in China, I had to send a wire transfer. I was able to connect to a VPN service, and then connect to the BofA web site. I setup my wire transfer, but when I went to submit it, I realized that I needed to receive a one-time passcode--something I forgot about. The Bank of America web site requires a one-time text message passcode for all wire transfers, and this feature cannot be disabled. But guess what? My account is setup to send the passcodes to my US mobile number, and I did not setup international roaming on my mobile phone, nor did I want to.
I checked to see if I could add a new mobile number to my BofA account, but of course, that also requires me to receive a passcode on my main mobile number to authorize the request. And even if I could add a number, it would have to be a US mobile number, and I didn't have direct access to a US mobile number that could receive text messages in China.
So I had to call BofA customer support, authenticate myself and then have them remove my mobile number completely from my account. I then had to contact my sister in the US and add her cell number to my BofA account. I then had to coordinate with her so that when I submitted my wire transfer request, she could quickly send me the confirmation code that I would then enter in the BofA web site. It was comical.
So before leaving, try and think about any web site or service or login that uses mobile text messages for two-factor authentication. If you need to use any of them, you'll need to either have international roaming on your cell and be sure that roaming will work in China and that you can receive text messages…