Hi all . I'm going to China, I'm taking a router with me, I would like to ask the community what additional programs I need to install to protect my data.
As you know, China is the world leader in the field of Internet censorship.
Wireguard does not work this protocol is easily detected and can be blocked.
An example of programs that might be useful:
I have just looked into adding the scramble/obfuscation option to OpenWRT to circumvent the great firewall:
See: Scramble obfuscate in openvpn - #2 by egc
You do have to compile your own build with it.
It works for various VPN providers and also between two OpenWRT or DDWRT routers (DDWRT also has it standard )
See also: https://support.strongvpn.com/hc/en-us/articles/360034090394-About-the-Scramble-feature-in-StrongVPN
The serious answer is.
Buy a cheap phone without using your normal logins and router if you really want to and destroy them both and never look back when you get back home.
There's plenty of xray / x2ray threads on the forum, most complaining about the package size, it can barely fit a router with 16mb flash.
Hello . Thanks for the answer . There is such a solution https://www.gl-inet.com/products/gl-ar750s/, plus you can insert 128 GB Max MicroSD
Hello . Thank you for your answer. This is a good solution after the trip, but I need a solution during the trip
I know the extroot workaround, just making sure you're aware of the issue ...
He probably meant getting a phone in CN, for CN
Thanks for letting me know, I'll keep that in mind when setting it up.
If you have access to an outside router, you can use an overlay network as a vpn: Tailscale or Zerotier, both also are available as an app for your phone. There’s also SoftEther but not too familiar with it.
Think about whether or not you actually need to risk the worst that could happen happening to you.
Even if the probability is very low, are the potential consequences high enough that it simply is not worth taking any chances getting caught encrypting or circumventing data censorship in some foreign countries?
Not clear if your are moving there permanently or just visiting. Typically, a customs agent takes your devices and duplicates/interrogates them
If you are just visiting and need Internet access, there are several live Linux distros that are specifically designed to enable temporary access.
The best known is Tails which was used by Edward Snowden .
The other one is LPS/TENS which was developed by the Air Force/Dept of Defense initially for diplomats. It has not been updated in a while
If I were just visiting, I would not put much effort into a router - access to non-chinese DNS resolution is very likely to be blocked.
I agree this is very likely. Before I understood the first post, I was thinking "why would tom1995 wanna smuggle a router?" lol
Y'all do know what authoritarian regimes do to people that are caught with unapproved encryption and communication technologies, right?
How would getting a phone and computer to use on your trip then destroying them upon your return - be good for after the trip?
Perhaps you misunderstood flygarn12's suggestion was to use one-time throw away devices while in China.
This part.
I helped some Chinese people setting up the scramble option on their router so that they could connect to a VPN service outside China.
They told me it is done a lot.
But I am not an expert on Chinese matters.
I've been in CN a couple of times, and so have my brother, me as a tourist, he on business.
But we've never been asked any questions about our electronics, during arrival ...
Might be different if you're going to live there....
and buy it once you arrive, install Openwrt, bring only the username/password of services which you will then close when you return?
question:
someone who is in China the site https://openwrt.org/ is blocked ?
if you think you need to go even safer, you could try to hide and/or lock out your username and password
"username" > "idrtms,r" (+1 letter on qwerty keyboard)
"password" > "èsddeptf" (+1 letter on qwerty keyboard)
or on different pages/sheets
Agents looking in your electronic devices is something that is done randomly or if they have specific reasons to check you (suspicion of activism, typically). And by the way, China is not the only country doing so. You can add to the list USA, Canada,...
As for using a VPN, per latest practice, all you were risking was to have all your devices locked until you get to a police station.
I've not been there since 2019, but last time, my friends there (expats, living there for many years) were still using VPNs, it's just that now "legit" VPN operators have to provide the party an unlimited access to all data in and out.
That sounds like a VN, not a VPN 
I would do like this:
Buy an openwrt supported router or arm/x86 SBC with the connectivity you need.
Flash openwrt and set up everything you need at home.
Get a trusted VPS in a legit jurisdiction and set up remote SSH access with a good password you can remember. Install an OpenVPN server and set it up to listen to port 443.
Clone the disk of the router to file and upload the diskimage to the VPS.
Factory reset the router after you test it at home.
At your destination you log in with your laptop to the VPS using SSH and retrieve the disk image and optionally also set up SSH key based authentication. Restore the disk image to the router disk. Start it up and connect to the VPS using OpenVPN. It will be hard to see you are using OpenVPN since you are obfuscating the traffic over HTTPS to a unknown server that is not belonging to a commercial VPN provider.
When you go back, factory reset everything and overwrite using a secure erase application.
You can hide your data but you can't hide the fact that you're hiding your data. From the ISP side, it's painfully obvious that all your traffic's redirected through a single IP.
Now, I don't know laws in China, but I wouldn't expect fair treatment nor benefit of the doubt as a foreigner dealing with local authorities.
You can install Ocserv (Open source Cisco) SSL server and install openconnect on your router. It works from everywhere since it is using port 443.