Not without admin.

L2TP has nothing to do with OpenVPN. its IPSec.

So, not reliably. Thats the point. And the problem is some programs like skype auto-reconnect when theyre disconnected, which will be unprotected if your VPN resets. They can clearly see that you're using a VPN (hence the resets) and they can clearly kill the connection if they want. The thing is that enforcement varies from area to area, and time to time. See what happens around the Tianenmen Square anniversary-- Im willing to bet you'll be unable to connect.

The OpenVPN devs know its targetted, the Tor project guys know this, and so do a lot of VPN providers.

Its entirely possible your provider is using a form of obfuscated tunnel like Obfs3 or ScrambleSuite or another proprietary mod, like VyprVPN or ExpressVPN offer. Its technically not OpenVPN, but a modified form. Its also up in the air whether those modifications weaken the VPN as the providers often do not disclose the details of what they did to the client.

Because you're installing an operating system, and Microsoft does not make a multi-OS bootloader.

More to the point, people installing an OS have an expectation that it will be virus free. How is Windows supposed to differentiate between a benign non-MS bootloader and a viral one?

Debian isnt changing huge parts of the codebase all at once and calling it a security fix.

1) Google is blocked in china.
2) Thats partly because of the massive police state and strong net censorship they have going on over there-- but I'm sure YOUR data would be safe over there
3) Google is probably the only company formerly doing business in China that wont give your data up to the CPC. As a consequence of that, see #1.

There are maybe a small handful of places better than the US for hosting as regards privacy, and in any of them a court order will compel you to give up customer data.

Why especially? AFAIK Google is the only one of the big 3 webmail providers not currently bending over backwards for the Chinese Government. There was a warrant in this case; even the famed lavabit had to fold when given a warrant.

Its absurd to go after Google for following the terms of a court order; you'd do better to ask whether the order was justified, and if not ask why the courts issued it and who can be held accountable.

>court-issued warrant
>gag order

Do tell, what would you have done in their situation? Told the courts to go stuff themselves? Cause that almost never goes well.

Theres also the problem that if you were to predict that there was a 99% chance that the world blows up today, MAYBE someone will believe you. Predict that for the next 20 years, and youre sort of nuts if you think anyone will take you seriously.

The GFW is many years beyond port-based blocking; they use DPI to identify protocols regardless of the port used. Im glad you have TCP 443 OpenVPN working; I have never been able to get that to work with client/server certs-- only static-key tunnels worked.

At the moment, my experience has been that IPSec/ is the next best contender because its more of a corporatish vpn protocol. Im really surprised that you hear people recommend OpenVPN-- I have NEVER heard anyone recommend that in China because of how heavily it is targetted. Even googling "OpenVPN China GFW" you get stuff like this:
Which VPN Protocols To Use?
  * OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
  * L2TP: This is a fast protocol for China and currently it works quite well

And theres no shortage. OpenVPN may work for a bit, but my understanding is that about 20 minutes into the connection the remote server gets probed a bit, and then the connection gets reset. I wouldnt use PPTP because of its known security issues; it wouldnt surprise me if they had that nut cracked.

OpenVPN is trivially identifiable on port 443, and has been for some time. Im not sure why theyre not blocking you-- perhaps you're using a site-to-site tunnel with static keys. Certificate-based OpenVPN is notoriously unreliable in China because they fingerprint it within about 20 minutes and kill the connection.

Part of the reason I know it can be fingerprinted-- aside from the fact that Im well aware of what works and doesnt behind the GFW-- is that Im good buddies with my employer's security team, and they have on occasion let me know when they see my port 443 OpenVPN shenanigans. I believe it has something to do with the way the certs are exchanged; regardless, SSL and HTTPS are two different things and they have different signatures.

AFAIK its technically illegal to have an encrypted laptop in China. Any guesses as to whether my employer, or federal employees, or other major companies just go "oh gee, better turn off disk encryption"?

Businesses arent going to just sacrifice a market, but theyre also not going to blithely let their secrets be stolen upon entry into China or on net usage.

Not really.

Security is not an all-or-nothing proposition. In the real world, an adversary will NOT attempt to crack your encrypted filesystem. Instead they will do one of a hundred other attacks, like swapping your laptop with one that has a cloned disk and hardware but an embedded keylogger, or add in a shim between the disk and interface, or install an infected MBR that logs the decryption password, or perform a RAM sniffing attack to steal the keys, or simply extort the keys out of you.

Security is a process of analyzing the most common risks, and determining the best way to deal with them. Sometimes this means determining that a particular security action will lower your security by attracting the attention of entities with far more sophistication than you are prepared to deal with; if you are worried about criminals stealing your laptop, and your mitigation ends up attracting the attention of the NSA, you have lost the security battle.

IDS / antivirus have no ability whatsoever to detect a hardware keylogger, by the way. If you attract the attention of someone who can gain physical access to your hardware, you lose-- period.