Exposure of Mainland University Firewall Monitoring System Instructions, Expert Analysis

A Chinese state-owned military enterprise recently released a “Cross-Border VPN Identification System Product White Paper” targeted at universities, which has since been deleted after causing a stir. Experts suggest that the Chinese Communist Party (CCP) faces difficulty in completely blocking VPN circumvention methods, and restricting freedom of information itself is a “double-edged sword”.

The article detailing the “Cross-Border VPN Identification System Product White Paper” was originally published on the WeChat public account of “Guo Ji Bei Sheng edu” and has now been removed. However, a copy can still be found on the overseas website “China Digital Era”

(“Link”).

“Guo Ji Bei Sheng edu” is the public account of Guo Ji Bei Sheng (Nanjing) Technology Development Co., Ltd. The company is a subsidiary controlled by Nanjing 55th Institute of Technology Development Co., Ltd., a company under China Electronics Technology Group Corporation (CETC). Established in 2020 with a registered capital of 10 million RMB, it claims to be dedicated to “deepening education, exploring and practicing the integrated innovation model of production-education cooperation”.

The product introduction article indicates that this system is specifically deployed in universities, connecting to the core switch in a bypass manner, mirroring the bidirectional flow of campus network exits, and conducting real-time identification, early warning, evidence collection, and tracing of “VPN circumvention” by faculty and students.

The CCP established the national Great Firewall (GFW) back in the 1990s for network censorship and control. “VPN circumvention” refers to using technical methods (such as VPNs) to bypass network censorship or blocks in order to access restricted websites. In communist China, this is an important way for the public to access free information.

The article on “Guo Ji Bei Sheng edu” mentioned that the phenomenon of accessing overseas websites without permission is becoming increasingly prominent. Currently, there are significant technological bottlenecks facing the detection and identification of VPN circumvention behaviors, with detection methods often accompanied by high false positive rates.

On a technical level, the system claims to identify mainstream protocols such as vless, vmess, ss, ssr, ipsec, Trojan, etc., and reduce false positives by sinking judgments to flow feature matching through a “pre-cached violation feature library” and a so-called multi-dimensional weighted model. It records the host IP, user UID, MAC address, operating system, browser, and even the counterfeit domain name and geolocation of the proxy server used by the VPN circumventer, automatically generating a “violation user profile” and anomaly rating, displaying “Top 5 Violating Hosts” and “Top 5 Violating UIDs” on a visualization screen.

The article also claims that the system supports generating timeline trajectory data analysis corresponding to VPN circumvention traffic behavior. All records are decrypted and stored with encrypted traffic metadata, allowing for timeline generation and periodic automatic production of weekly and monthly reports for submission.

The system categorizes accessed content into three key labels: “political, terrorist, religious”, prioritizing the monitoring of political and religious information.

The responsible person for the Global Quitting Party Center, Xiao Jun, told Epoch Times that the danger of this system lies in linking campus networks, enterprise networks, real-name authentication, alert logs, and enforcement processes together. In the controlled environment of universities, the monitoring effect will be stronger.

He analyzed that according to the description in the document by Guo Ji Bei Sheng, it would be more effective against regular VPN circumvention, common protocols, and known proxy nodes. Its strength lies not in “cracking encrypted content” but rather in attribution and alerting based on flow features, proxy node information, protocol fingerprints, and campus-validated UIDs. While it may not completely “block all VPN circumvention activities,” it is enough to significantly increase the likelihood of regular individuals being discovered circumventing firewalls on campus networks.

Xiao Jun stated that the CCP views freedom of information as a matter of regime security rather than citizen’s rights. Universities are considered ideological battlegrounds that must be controlled by the Party in the eyes of the CCP. This VPN identification system targeted at universities reveals the CCP’s highly insecure ideological monopoly: the more it fears students conducting independent research and exploring the world, the more it will package VPN circumvention as a network security, national security, anti-fraud, and compliance issue.

Australian senior pro-democracy activist and computer expert Zhang Xiaogang told Epoch Times that the development of such a system by the CCP for universities is due to high levels of information demand and active thinking among university students. They are a group that the CCP seeks to monitor. Additionally, universities often have a lot of exchanges with foreign entities for academic purposes, and the universities themselves support so-called “compliant” VPN circumvention. However, the CCP is concerned about vulnerabilities and aims to patch them up and monitor the situation.

However, Zhang Xiaogang believes in the saying “the higher the wall, the taller the ladder”. Shields and spears go hand in hand – for every point added to the shield, a corresponding point is added to the spear. Over the years, the technologies that prevent information exchange and break down networks have advanced. Although the CCP has prevented a lot of information exchange, many netizens still access foreign information through VPN circumvention.

Simultaneously, blocking VPN circumvention in fact cuts off access to a lot of advanced information, including technological information exchange. “This is a double-edged sword; on one hand, it hinders China’s development, and on the other hand, by spending so much money trying to block access to overseas information, it is not likely to be effective in the long term,” he said.

Zhang Xiaogang pointed out that the CCP essentially treats its own people as enemies and views information as a threat. It is not just evil but also very foolish.

In 2026, in addition to implementing the newly revised Cybersecurity Law and preparing to formulate a Cybercrime Prevention and Control Law, the CCP suddenly ramped up measures to crackdown on people’s VPN circumvention activities.

In April this year, several internal CCP documents were leaked on overseas social media platforms, revealing new developments. One of the documents from the Cyberspace Administration of China showed that on April 16, a seminar on the so-called “cyber superpower” was held in Beijing by the CCP’s top leader. Another document from the Ministry of Industry and Information Technology indicated that a special meeting on regulating trans-border data connections was held on April 7.

Recently, it has been reported that several universities have been screening students for VPN circumvention activities. Internet users on the Chinese social media platform Reddit posted that “university classmates have been invited to the police station for tea because of VPN circumvention”.

Previously, in March 2026, a technical solution numbered CN121691088A was exposed. Information disclosed by the National Intellectual Property Administration of China indicates that the patent application filed by Fujian Purple Information Technology Co., Ltd. in October 2025 involves identifying whether a computer has activated VPN functions and has now entered the substantive examination stage.

Xiao Jun mentioned that the policy demanded by the CCP has long been in existence. For example, the Ministry of Industry and Information Technology’s 2017 “Notice on Cleaning up and Regulating the Internet Network Access Service Market” states that without approval from the telecommunications competent authority, the establishment or rental of dedicated lines, including virtual private networks (VPNs) for cross-border operations, is prohibited. Such policies have created demands for so-called “compliance governance products” in various regions.

The development of the VPN monitoring system for universities by Guo Ji Bei Sheng, a subsidiary controlled by Nanjing 55th Institute of Technology Development Co., Ltd. under CETC, is related to military industry activities. Zhang Xiaogang told Epoch Times that research institutions with such code names in mainland China are generally related to military industry and are considered confidential organizations.

“It mainly helps the state security, public security, and political protection agencies to identify individuals circumventing firewalls, and it is a part of the large stability system,” he said. “It has actually become an industry in itself, and many companies can make money from this, including private companies, all vying for stability funds.”

(via Epoch Times International)