In A Nutshell
I recommend these VPN services for China:
- ExpressVPN: Engineered to be fast and reliable in China. Servers in Hong Kong, Singapore, Japan and the US West Coast. Many apps available. They have a 30 days “no quibble” money-back offer. They accept many forms of payment — Paypal, major credit cards, Bitcoin, Unionpay, Alipay, Webmoney and CashU.
- VPN.AC: They have many optimization for Chinese users (including the ability to make OpenVPN traffic appear as normal SSL traffic). They have iOS apps though, They have three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
Chinese internet blocks appear to change daily. Even if you use the VPNs listed below, you may find that your connections are blocked in some circumstances. The Great Fire website (English version) lists which sites are currently blocked in China.
If you don’t mind getting technical see this article — How To Hide OpenVPN Connections In China.
The Details: The Best VPN For China
Update: The Chinese government implemented new more sophisticated VPN blocks. The firewall is now using machine learning to block IPSec, PPTP, L2TP protocols.
Basically, they are continuing to blocking all VPNs at the protocol level (including corporate VPNs). However, the VPN providers listed here use stealth techniques to hide their VPN traffic.
The easiest way to bypass Chinese Firewall is to use a VPN that serves China. A VPN or “virtual private network” is a service that encrypts and redirects all your internet connections. The Chinese government has never stated that using a VPN to circumvent the Great Firewall is illegal, and nobody has been prosecuted for using a VPN. Despite this, China blocks the websites of most major VPNs.
When in China, you want to connect to a VPN server in Asia (e.g. in China, Hong Kong, Bangkok). The next best option is to connect to a server on the West Coast of the US (e.g. Los Angeles, San Francisco).
Which VPN Protocols To Use?
- OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
- L2TP: This is a fast protocol for China and currently it works quite well
- PPTP: Use only if L2TP doesn’t work for you — slower and less reliable than L2TP
- SSTP: Establishes a connection over secure HTTPS (Port 443) — this allows clients to securely access networks behind NAT routers, firewalls and web proxies, without the concern for typical port blocking issues
For a more details on hiding your VPN connections from Deep Packet Inspection, see my article How To Hide Your VPN Connections In China, Iran, United Arab Emerites, Oman and Pakistan.
Note: The ExpressVPN.Com domain was blocked in China on September 22 2014. However, the links to ExpressVPN below are smart links, that will correctly to the ExpressVPN website in China.
ExpressVPN is engineered to be fast and reliable in China. They have servers in Japan and the US West Coast. They offer a “no quibble” 30-day money back offer. They are slightly more expensive than other VPNs, but worth if you need a reliable network. The monthly rate is $12.95.
ExpressVPN allows local payments like Unionpay, Alipay, Webmoney and CashU. This will help customers in countries like China, where not everyone has an international credit card or a Paypal account.
VPN.AC has three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom. They also have a “Secureproxy” extension for Chrome, which works very well in China.
They have optimizations for China, including a recently rolled out Obfuscation for OpenVPN. Here are the details:
Obfuscating the OpenVPN protocol makes it look like regular SSL traffic — making it harder to be blocked by Firewalls with DPI capabilities relying on protocol signatures to identify known VPN protocols. This is the case in China, where default OpenVPN implementations are blocked almost immediately. While our AES 256-bit implementation is still stealthy and working in China, we added one more protocol-type to bypass the GFW. It runs on several ports including TCP port 443 (HTTPS), replacing an instance of OpenVPN Blowfish 128-bit we used with port TCP/443. With this method, the handshake packets are obfuscated so it’s not possible to identify the traffic as being part of an OpenVPN tunnel. Encryption relies on RSA 4096-bit + ECDHE for key-exchange, AES 128-bit for data channel.
VPN.AC accepts Chinese-friendly payments such as Alipay and Unionpay. They also accept Paypal, BitCoin, CashU, Paysafecard and UKash.
More Info: Best VPN For China
You must also avoid Chinese DNS servers — your local ISP provided DNS server. China corrupts DNS and implements a lot of filtering through their DNS servers, returning bad data or no data at all for a lot of requests.
You can check what DNS servers you are using here:
If you’re still using a Chinese DNS, change your DNS settings to the servers provided by your VPN. Or use one of the DNS listed on this page (if they are not currently blocked).
If just want to browse the uncensored internet in the short term, you can use the free Tor Browser. Note that, while using Tor, your web page will be somewhat slow to load, and your other internet connections will still be blocked. Also, make sure you use a Tor Bridge.