Hi all . I'm going to China, I'm taking a router with me, I would like to ask the community what additional programs I need to install to protect my data.
As you know, China is the world leader in the field of Internet censorship.
Wireguard does not work this protocol is easily detected and can be blocked.
You do have to compile your own build with it.
It works for various VPN providers and also between two OpenWRT or DDWRT routers (DDWRT also has it standard )
The serious answer is.
Buy a cheap phone without using your normal logins and router if you really want to and destroy them both and never look back when you get back home.
If you have access to an outside router, you can use an overlay network as a vpn: Tailscale or Zerotier, both also are available as an app for your phone. There’s also SoftEther but not too familiar with it.
Think about whether or not you actually need to risk the worst that could happen happening to you.
Even if the probability is very low, are the potential consequences high enough that it simply is not worth taking any chances getting caught encrypting or circumventing data censorship in some foreign countries?
I've been in CN a couple of times, and so have my brother, me as a tourist, he on business.
But we've never been asked any questions about our electronics, during arrival ...
Might be different if you're going to live there....
Agents looking in your electronic devices is something that is done randomly or if they have specific reasons to check you (suspicion of activism, typically). And by the way, China is not the only country doing so. You can add to the list USA, Canada,...
As for using a VPN, per latest practice, all you were risking was to have all your devices locked until you get to a police station.
I've not been there since 2019, but last time, my friends there (expats, living there for many years) were still using VPNs, it's just that now "legit" VPN operators have to provide the party an unlimited access to all data in and out.
I would do like this:
Buy an openwrt supported router or arm/x86 SBC with the connectivity you need.
Flash openwrt and set up everything you need at home.
Get a trusted VPS in a legit jurisdiction and set up remote SSH access with a good password you can remember. Install an OpenVPN server and set it up to listen to port 443.
Clone the disk of the router to file and upload the diskimage to the VPS.
Factory reset the router after you test it at home.
At your destination you log in with your laptop to the VPS using SSH and retrieve the disk image and optionally also set up SSH key based authentication. Restore the disk image to the router disk. Start it up and connect to the VPS using OpenVPN. It will be hard to see you are using OpenVPN since you are obfuscating the traffic over HTTPS to a unknown server that is not belonging to a commercial VPN provider.
When you go back, factory reset everything and overwrite using a secure erase application.
You can hide your data but you can't hide the fact that you're hiding your data. From the ISP side, it's painfully obvious that all your traffic's redirected through a single IP.
Now, I don't know laws in China, but I wouldn't expect fair treatment nor benefit of the doubt as a foreigner dealing with local authorities.