In A Nutshell
As of September 2014, a new round of blocking was activated in China, and all Google services have been blocked. We currently recommend these providers as the best VPNs for China:
- ExpressVPN: Servers in Hong Kong and the US West Coast. Many apps available. They have a 30 days “no quibble” money-back offer. Accepts Unionpay, Alipay, Webmoney, Paysafecard, CashU and others.
- VPN.AC: They have many optimization for Chinese users (including the ability to make OpenVPN traffic appear as normal SSL traffic), and they have three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
- Private Internet Access: Servers in Hong Kong and US West Coast — focus on privacy — our top choice for a VPN provider overall.
- 12VPN: Headquartered in Hong Kong, and they have experience with the Great Firewall, many Chinese customers. 7 day money back policy. But no P2P downloading/torrenting.
The easiest way to bypass Chinese Firewall is to use a VPN that serves China. A VPN or “virtual private network” is a service that encrypts and redirects all your internet connections. The Chinese government has never stated that using a VPN to circumvent the Great Firewall is illegal, and nobody has been prosecuted for using a VPN. Despite this, China blocks the websites of most major VPNs.
When in China, you want to connect to a VPN server in Asia (e.g. in China, Hong Kong, Bangkok). The next best option is to connect to a server on the West Coast of the US (e.g. Los Angeles, San Francisco).
Which VPN Protocols To Use?
- OpenVPN: Strangely, this is the least reliable protocol/client to use — you’ll find most ports are currently blocked (connection reset). The main cause appears to be spoofed RST packets.
- L2TP: This is a fast protocol for China and current it works quite well
- PPTP: Use only if L2TP doesn’t work for you — slower and less reliable than L2TP
- SSTP: Establishes a connection over secure HTTPS (Port 443) — this allows clients to securely access networks behind NAT routers, firewalls and web proxies, without the concern for typical port blocking issues
For a more details on hiding your VPN connections from Deep Packet Inspection, see my article How To Hide Your VPN Connections In China, Iran, United Arab Emerites, Oman and Pakistan.
Here are more details on the best VPN to use in China:
Note: The ExpressVPN.Com domain was blocked in China on September 22. However, the links to ExpressVPN below are smart links, that will correctly to the ExpressVPN website in China.
ExpressVPN is optimized for China — it has servers Hong Kong and the US West Coast. They offer a “no quibble” 30-day money back offer. They are slightly more expressive than other VPNs, but worth if you need a reliable network. The monthly rate is $12.95.
ExpressVPN recently launched Paymentwall as a new payment method. It allows local payments like Unionpay, Alipay, Webmoney, Paysafecard, CashU and others. This will help customers in countries like China, where not everyone has an international credit card or a Paypal account.
VPN.AC has three servers in Hong Kong, one in Singapore and three on the US West Coast, with peering with China Telecom and China Unicom.
They have many other optimization for China, including a recently rolled out Obfuscation for OpenVPN. Here are the details:
Obfuscating the OpenVPN protocol makes it look like regular SSL traffic — making it harder to be blocked by Firewalls with DPI capabilities relying on protocol signatures to identify known VPN protocols. This is the case in China, where default OpenVPN implementations are blocked almost immediately. While our AES 256-bit implementation is still stealthy and working in China, we added one more protocol-type to bypass the GFW. It runs on several ports including TCP port 443 (HTTPS), replacing an instance of OpenVPN Blowfish 128-bit we used with port TCP/443. With this method, the handshake packets are obfuscated so it’s not possible to identify the traffic as being part of an OpenVPN tunnel. Encryption relies on RSA 4096-bit + ECDHE for key-exchange, AES 128-bit for data channel.
VPN.AC accepts Chinese-friendly payments such as Alipay and Unionpay. They also accept Paypal, BitCoin, CashU, Paysafecard and UKash.
Private Internet Access
Private Internet Access is a VPN service that is highly regarded by privacy advocates. The company has servers in Hong Kong. They remain our top choice for a privacy-oriented VPN service, and they received a PC Magazine Editor’s Choice Award for VPN services. The service costs $6.95 per month, or $40 per year. They accept Credit cards, Bitcoin, Paypal, Unionpay, Alipay, Webmoney, Paysafecard, CashU, OKPay, Amazon and Ripple.
Link: Private Internet Access
12VPN are headquartered in Hong Kong, and they have experience with the Great Firewall. They also have a huge Chinese user-base. 12VPN gives you the choice of four server locations for OpenVPN, all of them based in the UK and US. The West Coast of the US is the best choice if your are in China, due its (relative) proximity to Asia. 12VPN provides you with a file of pre-configured settings for the to use with the OpenVPN app (Windows), or the Tunnelblick app (Mac OS X). You simply drop these in the correct location (as 12VPN’s site wiki explains very clearly) on your computer.
12VPN‘s service cost $9.95 per month or $79 per year. They accept Credit cards, Bitcoin, Paypal, CashU, AliPay, PerfectMoney, Skrill.
Update: The Chinese DNS is now blocking the domain name “12vpn.net”, if you are in China you can use “twelve.today” instead.
Just as a side note, whatever VPN service you’re using, you’ll still have problems if you’re using a Chinese DNS server (ie, your local ISP provided DNS server). China love to mess with DNS and implements a lot of filtering through their DNS servers, returning bad data or no data at all for a lot of requests. If your computer is using Chinese DNS servers, you’re gonna have a bad time.
You can check what DNS servers you are using here:
If you’re still using a Chinese DNS, change your DNS settings to use either the servers provided by your VPN, or one of the many public DNS servers. I recommend the following:
If just want to browse the uncensored internet in the short term, you can use the free Tor Browser. Note that, while using Tor, your web page will be somewhat slow to load, and your other internet connections will still be blocked. Also, make sure you use a Tor Bridge.
Websites That Currently Blocked
|Website Name||Block Status||Website Address|
|Internet Movie Database||BLOCKED||www.imdb.com|
|Reporters Without Borders||BLOCKED||www.rsf.org|