VPN protocols that work in China (Updated in May, 2020)

It is a well-known fact that the Government of China is fighting against censorship circumvention methods and some recent Great Firewall upgrades have made many VPN services essentially useless. Accessing the “free” Internet from China is much difficult that it was a few years ago and many users there are facing a hard time in this battle in order to find VPN protocols and services that would still allow them to get past the Great Firewall blocking. To find out more about how the Internet blocking works in China, check our detailed article: VPNs & Internet in China: Everything you need to know

Strictly speaking of VPN protocols that are still working in China, these are our findings and recommendations:

WireGuard

WireGuard is quite new but it’s being supported by several VPN services. It doesn’t support obfuscation and its handshakes can be recognized by the GFW, but it isn’t blocked yet. In case it’s blocked, that’s most likely because of using its default port 51820. Change port to a different one, if your VPN service provider allows it or if you run it on your own servers.

IPsec (L2TP, IKEv2)

Just like PPTP, it is not entirely blocked in China and it can be used as long as the VPN servers of your provider are not blocked per-IP/hostname basis.

The good thing about both PPTP and IPsec is that they are compatible with most operating systems including those for mobile devices. Setting up a connection is very easy and it’s good to try them if you use a smart phone or tablet in China.

OpenVPN (using obfuscation)

OpenVPN is usually blocked as the initial handshake, required to establish the VPN connection, can be identified by the Great Firewall and blocked instantly. To use OpenVPN in China, obfuscating methods are needed so that the handshake can’t be detected. This is possible by using TLS preshared keys, stunnel or SSH proxying and custom obfuscating methods. There are a few VPN service providers using obfuscating methods to hide the OpenVPN connections, such as: vpn.ac, , ExpressVPN, VyprVPN, Astrill

SSH/SOCKS5

Using a SOCKS5 proxy over SSH still works well in China, and you can setup one on a personal VPS. Instructions: SSH & SOCKS5 tunnel howto. Some VPN services provide support for SSH/SOCKS5 but it’s likely better to use your own, if you are capable of setting it up.

Shadowsocks

Shadowsocks is a secure proxy protocol that works very well in China, but you need to set it up yourself: easy if you are a technical guy, not really an option otherwise. Though you can still find VPN services that provide ShadowSocks support and guides on how to use it.

SSTP

SSTP is a Microsoft VPN protocol that works over port 443 and it’s hard to be blocked by the Great Firewall as “it looks” like normal HTTPS traffic. There are a few VPN services that support SSTP, and if you are a tech savvy able to setup your own server, you should use SoftEther which has built-in support for SSTP among other protocols.

If you are looking for a reliable VPN to use in China, ExpressVPN is rather good. See our recent testing article (February 2017) ExpressVPN in China. Unlike most review sites that recommend it but only list features, we tested it from China directly.

PPTP

While it is an insecure protocol and can be easily compromised by 3rd parties able to snoop on traffic (the Chinese Government in this case), it is still working for many users in China. Considering the fact that it is insecure, don’t use it for sensitive transfer of information or, if you do, make sure that the services you use over PPTP, like webmail, always use HTTPS.

12 thoughts on “VPN protocols that work in China (Updated in May, 2020)”

  1. hi,
    i disagree with you on PPTP being insecure!
    most VPN providers using PPTP is 100% encrypted and traffic can’t be seen,
    did you write your article from a book before the 1990 ????

    Reply
  2. Isn’t PPTP VPN connection completely dependent on having PPTP Pass-through enabled on the client side’s router? so while you are out there in China trying to connect to your VPN server you need to pray that they have enabled PPTP Pass-through!!!

    Reply
  3. I’m currently using pure VPN here in China and currently the only protocol that works here is SSTP. PPTP and L2TP no longer work at all through any of Pure VPNS large list of severs around the world. Even on any given day or time, SSTP protocol can be temperamental. I guess Pure VPN needs to find a way to fix this problem with China’s ever improving upgrade on eliminating VPN use in China. i watch alot of live sports streaming and its so frustrating when you can’t find a good connection.

    Reply
  4. 總之千萬不要使用大陸VPN提供商的VPN客戶端產品和連接。這會非常非常不安全。盡一切可能選用國外VPN提供商的產品,並且最好能獲取免費的客戶端或者應用軟件,再外加通過TOR加密連接。這樣一群安全OK了!

    Reply
  5. Use OpenVPN with Stunnel (on random tcp port), I have been using it in china and I have no problem they passed me through every time.

    Reply
  6. I used Pro VPN Accounts but to access in China I had to use their forwarder at http://directshield.com
    OpenVPN usually worked well but PPTP was more reliable and surprisingly worked at all the hotels and wifi spots I tried, even using China Unicom’s SIM card worked. This was in Shenzhen China but in different areas be warned your experience will vary!

    Reply
  7. The government of Iran has bought a strong intelligent filtering system from China, which works much stronger than China’s filtering
    Help iranian people

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.