I recommend these VPN services for China:
- VPN.AC: This small provider has services has many optimizations for Chinese users (including the ability to make OpenVPN traffic appear as normal SSL traffic). They have three servers in Hong Kong, and one in Singapore. These server have peering with China Telecom and China Unicom.
- The PhillipDi service specializes in VPNs for China. I have not tested the service, however.
- If you don’t mind getting technical you can create your own VPN server using Streisand VPN. Streisand sets up a new server running your choice of Shadowsocks, WireGuard, OpenConnect, OpenSSH, OpenVPN, sslh, Stunnel, and a Tor bridge. It also generates custom instructions for all of these services. I explain more in this article.
- Many people are now using ShadowSocksR instead of a VPN — see my article for more information.
Overview: The Chinese Firewall
The Chinese government uses sophisticated software to block various internet services in China. Some of the blocked services include YouTube, Google services, Facebook, Instagram, Twitter, The New York Times, and Bloomberg.
Note that the blocks change daily. You may have try different servers and protocols until you find one that works. Sometimes you will find that nothing works at all. Unfortunately, this is normal.
You can use a VPN service like ExpressVPN or VPN.AC to avoid the firewall. However, you will probably need to use an OpenVPN client. This application tends to fly “under the radar” and does not get blocked as often by the Chinese government.
Many other VPN services are currently 100% blocked without a single working server.
The Details: The Best VPN For China
The easiest way to bypass Chinese Firewall is to use a VPN service that is focused on China. A VPN or “virtual private network” is a service that encrypts and redirects all your internet connections. The Chinese government has never stated that using a VPN to circumvent the Great Firewall is illegal, and nobody has been prosecuted for using a VPN. Despite this, China blocks the websites of most major VPNs.
When in China, you want to connect to a VPN server in Asia (e.g. in China, Hong Kong, Bangkok). The next best option is to connect to a server on the West Coast of the US (e.g. Los Angeles, San Francisco).
Which VPN Protocols To Use?
- OpenVPN: This is the least reliable client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
- L2TP: This is a fast protocol for China and currently it works quite well
- PPTP: Use only if L2TP doesn’t work for you — slower and less reliable than L2TP
- SSTP: Establishes a connection over secure HTTPS (Port 443) — this allows clients to securely access networks behind NAT routers, firewalls and web proxies, without the concern for typical port blocking issues
For a more details on hiding your VPN connections from Deep Packet Inspection, see my article How To Hide Your VPN Connections In China, Iran, United Arab Emerites, Oman and Pakistan.
ExpressVPN is engineered to be fast and reliable in China. Their servers in Asia are hosted on the fast Next Generation Carrier Network, also known as “CN2”. Your best bet is to use their CN2 servers in Hong Kong and Taiwan. If those servers are blocked you can try the servers in Toyko and Los Angeles.
ExpressVPN has a “no quibble” 30-day money-back offer. They are slightly more expensive than other VPNs, but worth if you need a reliable network. The monthly rate is $12.95.
ExpressVPN allows local payments like Unionpay, Alipay, Webmoney, and CashU. This will help customers in countries like China, where not everyone has an international credit card or a Paypal account.
The ExpressVPN links on this page will give you three months of free service.
VPN.AC has three servers in Hong Kong, one in Singapore, and three on the US West Coast, with peering with China Telecom and China Unicom. They also have a “Secureproxy” extension for Chrome, which works very well in China.
They have optimizations for China, including a recently rolled-out Obfuscation for OpenVPN. Here are the details:
Obfuscating the OpenVPN protocol makes it look like regular SSL traffic — making it harder to be blocked by Firewalls with DPI capabilities relying on protocol signatures to identify known VPN protocols. This is the case in China, where default OpenVPN implementations are blocked almost immediately. While our AES 256-bit implementation is still stealthy and working in China, we added one more protocol-type to bypass the GFW. It runs on several ports including TCP port 443 (HTTPS), replacing an instance of OpenVPN Blowfish 128-bit we used with port TCP/443. With this method, the handshake packets are obfuscated so it’s not possible to identify the traffic as being part of an OpenVPN tunnel. Encryption relies on RSA 4096-bit + ECDHE for key-exchange, AES 128-bit for data channel.
VPN.AC accepts Chinese-friendly payments such as Alipay and Unionpay. They also accept Paypal, BitCoin, CashU, Paysafecard, and UKash.
More Info: Best VPN For China
You must also avoid Chinese DNS servers — your local ISP-provided DNS server. China corrupts DNS and implements a lot of filtering through their DNS servers, returning bad data or no data at all for a lot of requests.
You can check what DNS servers you are using here:
If you’re still using Chinese DNS, change your DNS settings to the servers provided by your VPN. Or use one of the DNS listed on this page (if they are not currently blocked).
If just want to browse the uncensored internet in the short term, you can use the free Tor Browser. Note that, while using Tor, your web page will be somewhat slow to load, and your other internet connections will still be blocked. Also, make sure you use a Tor Bridge.