I’m trying to convince my team to use Tailscale over Cisco, but we were curious if Tailscale works reliably in mainland China. This is going to be especially important once the pandemic winds down and business travel resumes.
As I understand, WireGuard doesn’t obfuscate itself by design and will get choked by the GFW. Furthermore the dependence on Tailscale’s centralized authentication poses a single DNS failure point, if not already outright blocked. Thus both the ‘control plane’ and ‘data plane’ are confronted by various mechanisms that might render them useless in China.
I’m a big fan of TS for personal use and find it much saner than OpenConnect. If there is anybody with experience in this field, please share.
We could be blocked by the great firewall.
This doesn’t quite answer the question.
I’m in the early phases of a project that I hope will accommodate one or more nodes in China, though with the vast majority of them in USA. What problems, technical and legal, should I anticipate encountering?
I find a 2017 article, “China tightens Great Firewall by declaring unauthorised VPN services illegal,” by a reporter with the South China Morning Post, that states:
A notice released by the Ministry of Industry and Information Technology on Sunday said that all special cable and VPN services on the mainland needed to obtain prior government approval – a move making most VPN service providers illegal.
I’ve also heard or read interviews with Tailscale staff indicating that they do not really consider Tailscale to be a VPN, and that eventually they somewhat reluctantly started referring to it as such after concluding that this is the term that potential users likely need to hear in order to get it.