Setup a private VPN for family in China?

Note that my information may be outdated, as the last time I really dug into this subject was in 2013 - 3 years ago. I lived there, and experienced all the inns and outs of VPNs and Proxies.


The love-hate affair with VPNs in China

I have family in China. During the past weeks their internet connection was severely limited. VPNs such as Astrill and similar weren't working anymore.

Yeah, this happens during a lot of interesting events, and certain times of the year. The Internet becomes heavily restricted, and most of the VPNs keep getting blocked.

Shortly thereafter, the VPNs are generally unblocked because the ruling party members are using them too. ;) It's mostly just for show. However, they'll sometimes ban entire lists... so it's often a game of cat and mouse.


Homebrew Solutions may not be the best course of action

Is it possible to setup my own VPN (or alternative), either on AWS or at home, in a way that would be more efficient for them than Astrill?

Yes, and this can work, but! It's highly suspicious. And if you're using your own home proxy as a VPN, you'll eventually be banned from connecting to Chinese websites and communication protocols. Do you want to lose contact? Because this is how you lose contact.

Chinese authorities are notoriously paranoid, and think that any kind of communication with foreign entities denotes espionage, especially if you are in any way connected to individuals listed in the data stolen from the OPM breach, and especially if the people you're talking to have appropriate guanxi (关系: "connections," "relationships", etc).

You will not pass under the radar. In most cases, you will only connect to VPNs which are allowed to be connected to. In fact, this will put your family in China under suspicion. "climbing the wall" (翻墙) is not something you want to create a homebrew solution to, as it's suspicious. It's better to get lost in the noise.


PPTP vs. OpenVPN in China

If VPNs all get blocked by some machine-learning chinese wizardry, what about a more custom solution like payload hidden in pictures? (steganography)

It's more like this: if you utilize standard VPN protocols which begin their connections in a standardized way, it will be blocked due to DPI. OpenVPN for example, did not work for me, but PPTP did.

Unfortunately, PPTP with MS-CHAPv2 is quite insecure, and easy to decrypt. PPTP is also vulnerable to man-in-the-middle attacks. Part of the reason why it works is because they're able to redirect traffic.

If you're trying to discuss anything sensitive, do not use PPTP. Do not use anything, actually. There are a lot of reasons for this, but it's beyond the scope of this answer.


Recommended VPNs

My thinking is that if I do it for a few people it would pass under the radar. What would you recommend?

Now here's where our, "questions seeking product recommendations are off-topic as they become obsolete quickly", rule really comes into play: VPNs are extremely volatile in China. One day they're banned, another day they're not. Some times, entire VPN companies become completely inaccessible, and sometimes you need to contact support to get updates, if you're lucky enough to find some way of contacting them.

And even if this was on topic, it's best not to tell you at all. Why? Because the CCP trawls the internet for VPN companies, signing up for them, and downloading the product's entire IP range, and then blocking them.

For things that do work, telling you assists "them" in helping to block more hosts, degrading the experience for everyone else. Find it yourself. Chances are, if you find something that is working, they're using it too. :-p