In A Nutshell
Update Jan 25 2015: A new round of blocking by China has targeted many new websites such as Gmail — this website shows which sites are currently blocked in China. Also, all VPNs have been blocked at the protocol level (including corporate VPNs). However, the VPN providers listed here use stealth techniques to hide their VPN traffic.
The internet blocks that the Chinese government implements seems to change daily. Even if you use the VPNs listed below, you may find that your connections are blocked in some circumstances.
We currently recommend these providers as the best VPNs for China:
- ExpressVPN: Servers in Hong Kong and the US West Coast. Many apps available. They have a 30 days “no quibble” money-back offer. Accepts Unionpay, Alipay, Webmoney, Paysafecard, CashU and others.
- VPN.AC: They have many optimization for Chinese users (including the ability to make OpenVPN traffic appear as normal SSL traffic), and they have three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
- 12VPN: Headquartered in Hong Kong, and they have experience with the Great Firewall, many Chinese customers. 7 day money back policy. But no P2P downloading/torrenting.
If you need a very robust connection in China, and don’t mind getting technical see this article How To Hide OpenVPN Connections In China.
The Details: The Best VPN For China
The easiest way to bypass Chinese Firewall is to use a VPN that serves China. A VPN or “virtual private network” is a service that encrypts and redirects all your internet connections. The Chinese government has never stated that using a VPN to circumvent the Great Firewall is illegal, and nobody has been prosecuted for using a VPN. Despite this, China blocks the websites of most major VPNs.
When in China, you want to connect to a VPN server in Asia (e.g. in China, Hong Kong, Bangkok). The next best option is to connect to a server on the West Coast of the US (e.g. Los Angeles, San Francisco).
Which VPN Protocols To Use?
- OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
- L2TP: This is a fast protocol for China and currently it works quite well
- PPTP: Use only if L2TP doesn’t work for you — slower and less reliable than L2TP
- SSTP: Establishes a connection over secure HTTPS (Port 443) — this allows clients to securely access networks behind NAT routers, firewalls and web proxies, without the concern for typical port blocking issues
For a more details on hiding your VPN connections from Deep Packet Inspection, see my article How To Hide Your VPN Connections In China, Iran, United Arab Emerites, Oman and Pakistan.
Here are more details on the best VPN to use in China:
Note: The ExpressVPN.Com domain was blocked in China on September 22. However, the links to ExpressVPN below are smart links, that will correctly to the ExpressVPN website in China.
ExpressVPN is optimized for China — it has servers in Japan and the US West Coast. They offer a “no quibble” 30-day money back offer. They are slightly more expensive than other VPNs, but worth if you need a reliable network. The monthly rate is $12.95.
ExpressVPN recently launched Paymentwall as a new payment method. It allows local payments like Unionpay, Alipay, Webmoney, Paysafecard, CashU and others. This will help customers in countries like China, where not everyone has an international credit card or a Paypal account.
VPN.AC has three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
They have optimizations for China, including a recently rolled out Obfuscation for OpenVPN. Here are the details:
Obfuscating the OpenVPN protocol makes it look like regular SSL traffic — making it harder to be blocked by Firewalls with DPI capabilities relying on protocol signatures to identify known VPN protocols. This is the case in China, where default OpenVPN implementations are blocked almost immediately. While our AES 256-bit implementation is still stealthy and working in China, we added one more protocol-type to bypass the GFW. It runs on several ports including TCP port 443 (HTTPS), replacing an instance of OpenVPN Blowfish 128-bit we used with port TCP/443. With this method, the handshake packets are obfuscated so it’s not possible to identify the traffic as being part of an OpenVPN tunnel. Encryption relies on RSA 4096-bit + ECDHE for key-exchange, AES 128-bit for data channel.
VPN.AC accepts Chinese-friendly payments such as Alipay and Unionpay. They also accept Paypal, BitCoin, CashU, Paysafecard and UKash.
Update: The Chinese DNS is now blocking the domain name “12vpn.net”, if you are in China you can use “twelve.today” instead.
12VPN are headquartered in Hong Kong, and they have experience with the Great Firewall. They also have a huge Chinese user-base. 12VPN gives you the choice of four server locations for OpenVPN, all of them based in the UK and US. The West Coast of the US is the best choice if your are in China, due its (relative) proximity to Asia. 12VPN provides you with a file of pre-configured settings for the to use with the OpenVPN app (Windows), or the Tunnelblick app (Mac OS X). You simply drop these in the correct location (as 12VPN’s site wiki explains very clearly) on your computer.
12VPN‘s service cost $9.95 per month or $79 per year. They accept Credit cards, Bitcoin, Paypal, CashU, AliPay, PerfectMoney, Skrill.
More Info: Best VPN For China
Just as a side note, whatever VPN service you’re using, you’ll still have problems if you’re using a Chinese DNS server (ie, your local ISP provided DNS server). China love to mess with DNS and implements a lot of filtering through their DNS servers, returning bad data or no data at all for a lot of requests. If your computer is using Chinese DNS servers, you’re gonna have a bad time.
You can check what DNS servers you are using here:
If you’re still using a Chinese DNS, change your DNS settings to use either the servers provided by your VPN, or one of the many public DNS servers. I recommend the following:
If just want to browse the uncensored internet in the short term, you can use the free Tor Browser. Note that, while using Tor, your web page will be somewhat slow to load, and your other internet connections will still be blocked. Also, make sure you use a Tor Bridge.