I recommend these VPN services for China:
- ExpressVPN: Engineered to be fast and reliable in China. Servers in Hong Kong, Singapore, Japan and the US West Coast. They have a 30 days “no quibble” money-back offer. They accept many forms of payment — Paypal, major credit cards, Bitcoin, Unionpay, Alipay, Webmoney and CashU.
- VPN.AC: This small provider has services has many optimization for Chinese users (including the ability to make OpenVPN traffic appear as normal SSL traffic). They have three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
- This is a promising new service that I have not tested: UnderCurrents (or UCSS) is a Shadowsocks provider – this service works differently that a VPN. It provides traffic obfuscation using Shadowsocks. The provider has a high speed network that connects directly to Chinese internet providers without going through other servers.
The Chinese government uses sophisticated software to block various internet services in China. Some of the blocked services include: YouTube, Google services, Facebook, Instagram, Twitter, The New York Times and Bloomberg.
Note that the blocks change daily. You may have try different servers and protocols until you find one that works. Sometimes you will find that nothing works at all. Unfortunately, this is normal.
You can use a VPN service like ExpressVPN or VPN.AC to avoid the firewall. However, you will probably need to use an OpenVPN client. This application tends to fly “under the radar” and does not get blocked as often by the Chinese government.
Many other VPN services are currently 100% blocked without a single working server.
How To Connect Using ExpressVPN
- Download the latest version of the OpenVPN GUI client and install it
- Go to the ExpressVPN website and log into your account
- After you log into your account, go to the ExpressVPN setup page and choose Manual Config
- Download the “.ovpn” configuration files for the servers that you want to connect to
- Import the “.ovpn” configuration file into the OpenVPN client (right-click on the icon in the taskbar and choose Import file…)
- After importing the file, you should see a new server on the right-click menu
- You will need to enter your username and password the first time you connect
- If you are using Windows 10 you may have issues with DNS leaks and the VPN will not working properly unless you add the “block-outside-dns directive” to the configuration file. See ExpressVPN support for instructions.
- There is no official OpenVPN client for Mac, but you can use the open source Tunnelblick app.
Update June 28th, 2018
I discovered that ExpressVPN administrators have a different take on the advice below, they say:
In general we don’t unblock manual connections when there are China blocks as it is far more complex to do. At the moment, due to the recent blocks, we only guarantee connectivity to HK4, Tokyo 1, LA3, East London. When there are no blocks then also HK1 and Taiwan 1 are very good. And the best way is always to go automatic rather than manual connection. If anything changes, live chat support would know if more clusters are working at any given time.
Someone wrote to me to add this note:
I think it’s also worth mentioning that many universities (in the UK – I’m not so sure about the USA and other countries) offer VPN services to their students that are very difficult for the Chinese authorities to block due to academic policies. If you are a student or a recent graduate who knows someone currently studying at university, you can use their log in credentials to set up a VPN through your university. From my experience, it is the most consistently reliable VPN server, and as a bonus it’s free!
Update For June 27th, 2018
When using ExpressVPN, you can connect to the Taiwan 3 server. You must manually connect using OpenVPN. This server was blocked on the 25th, but it now available again.
If you are having trouble connecting to ExpressVPN, you will need to log out and then re-authenticate using the activation code from your account setup page on the ExpressVPN website. The servers in Hong Kong 4, Los Angeles 2, Los Angeles 3, Tokyo, and Singapore Jurong and a few others should work after you do this.
If you are having trouble with VPN.AC, you will need to restart the app to refresh the server list. Then you should be able to connect to Los Angeles 4, Los Angeles 5, Tokyo 2, Hong Kong 2, and Germany.
12VPN was tested with the Shadowsocks protocol on the China Optimized 2 (HK) and China Optimized 4 (SG) servers. Both were working well.
Other Useful Tools
If you don’t mind getting technical you can try StreisandVPN.
Streisand sets up a new server running your choice of WireGuard, OpenConnect, OpenSSH, OpenVPN, Shadowsocks, sslh, Stunnel, and a Tor bridge. It also generates custom instructions for all of these services. At the end of the run you are given an HTML file with instructions that can be shared with others.
The Details: The Best VPN For China
The easiest way to bypass Chinese Firewall is to use a VPN that serves China. A VPN or “virtual private network” is a service that encrypts and redirects all your internet connections. The Chinese government has never stated that using a VPN to circumvent the Great Firewall is illegal, and nobody has been prosecuted for using a VPN. Despite this, China blocks the websites of most major VPNs.
When in China, you want to connect to a VPN server in Asia (e.g. in China, Hong Kong, Bangkok). The next best option is to connect to a server on the West Coast of the US (e.g. Los Angeles, San Francisco).
Which VPN Protocols To Use?
- OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
- L2TP: This is a fast protocol for China and currently it works quite well
- PPTP: Use only if L2TP doesn’t work for you — slower and less reliable than L2TP
- SSTP: Establishes a connection over secure HTTPS (Port 443) — this allows clients to securely access networks behind NAT routers, firewalls and web proxies, without the concern for typical port blocking issues
For a more details on hiding your VPN connections from Deep Packet Inspection, see my article How To Hide Your VPN Connections In China, Iran, United Arab Emerites, Oman and Pakistan.
ExpressVPN is engineered to be fast and reliable in China. They have servers in Japan and the US West Coast. They offer a “no quibble” 30-day money back offer. They are slightly more expensive than other VPNs, but worth if you need a reliable network. The monthly rate is $12.95.
ExpressVPN allows local payments like Unionpay, Alipay, Webmoney and CashU. This will help customers in countries like China, where not everyone has an international credit card or a Paypal account.
VPN.AC has three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom. They also have a “Secureproxy” extension for Chrome, which works very well in China.
They have optimizations for China, including a recently rolled out Obfuscation for OpenVPN. Here are the details:
Obfuscating the OpenVPN protocol makes it look like regular SSL traffic — making it harder to be blocked by Firewalls with DPI capabilities relying on protocol signatures to identify known VPN protocols. This is the case in China, where default OpenVPN implementations are blocked almost immediately. While our AES 256-bit implementation is still stealthy and working in China, we added one more protocol-type to bypass the GFW. It runs on several ports including TCP port 443 (HTTPS), replacing an instance of OpenVPN Blowfish 128-bit we used with port TCP/443. With this method, the handshake packets are obfuscated so it’s not possible to identify the traffic as being part of an OpenVPN tunnel. Encryption relies on RSA 4096-bit + ECDHE for key-exchange, AES 128-bit for data channel.
VPN.AC accepts Chinese-friendly payments such as Alipay and Unionpay. They also accept Paypal, BitCoin, CashU, Paysafecard and UKash.
More Info: Best VPN For China
You must also avoid Chinese DNS servers — your local ISP provided DNS server. China corrupts DNS and implements a lot of filtering through their DNS servers, returning bad data or no data at all for a lot of requests.
You can check what DNS servers you are using here:
If you’re still using a Chinese DNS, change your DNS settings to the servers provided by your VPN. Or use one of the DNS listed on this page (if they are not currently blocked).
If just want to browse the uncensored internet in the short term, you can use the free Tor Browser. Note that, while using Tor, your web page will be somewhat slow to load, and your other internet connections will still be blocked. Also, make sure you use a Tor Bridge.