Best VPN for China

Yes, you definitely need a VPN in China if you want to access popular websites and apps.

That’s because most popular (Western) websites and apps are banned by the Communist Party of China (CPC), which has also started restricting VPN providers.

Additionally, China’s surveillance of its web users is also a problem. If you don’t want the Chinese government to see and record what you’re doing online, then using a VPN is vital.

To use a VPN in China, it’s best to download the VPN app and set it up before you travel there, as many VPN websites are now blocked.

Most VPN apps have now also been removed from the iOS App Store, and the Google Play Store is not available in China either.

You should also ask your VPN provider’s customer support (before you travel) which VPN servers they recommend connecting to from China.

VPNs are not illegal in China, but only government approved VPNs are allowed.

VPN services have to gain strict approval from the Chinese Communist Party before they can operate. They often have to agree to logging and sharing user data with local authorities, making using the VPN for privacy pointless.

Using a VPN “without authorization” can result in fines of up to 15,000 yuan (approximately $2,200), although so far it seems to affect Chinese nationals rather than foreigners.

If you choose a legitimate, trusted, and safe VPN for China – like ExpressVPN – it’s highly unlikely that you’ll get into trouble for using it.

From the table below, see which VPNs currently work, and which ones don’t, in China.

Many free VPNs are not equipped with the technology to bypass aggressive online censors, and popular free VPN apps like TunnelBear and Hotspot Shield won’t work reliably.

Some free VPN mobile apps may work, like Turbo VPN and VPN Proxy Master, but they are slow and your web activity will most likely be recorded by the Chinese authorities.

In fact, we investigated some of the most popular free VPNs and discovered that many have very questionable links to China.

If you want to use the Internet reliably from mainland China, a free VPN is definitely not a good choice.

You’re best paying a small monthly fee for a VPN that has obfuscation technology, like ExpressVPN or Astrill.

It’s very important to install a VPN before you arrive in China. Most VPN apps aren’t available from Chinese app stores, and VPN websites are blocked.

To install your VPN, you’ll need to sign up to a subscription (some VPNs accept AliPay as a payment method) and create an account.

Make sure that the VPN is known to work in China before buying it – our VPN recommendations above are a good place to start.

Before you get started setting up the VPN, ask customer support if the custom apps work in China or if you need to manually configure the VPN on each of your devices instead.

If manual configuration is needed, follow the VPN service’s instructions carefully as it will differ from provider to provider.

If the VPN apps work in China with no manual configuration, simply download the relevant software for your device from the ‘Downloads’ page on the VPN provider’s website.

The best VPNs for China will have custom VPN apps for at least Windows, MacOS, Android, and iOS.

Once you’ve downloaded the software, follow the installation instructions and log into the app with your login details.

Before you connect, make sure that any extra privacy settings are enabled, such as the VPN kill switch, DNS leak protection, as well as any stealth protocol or scrambling tool.

Once you’re in China, we recommend you connect to nearby servers – Hong Kong and Japan are popular VPN server locations – as these will provide the fastest speeds.

Once you’ve selected your chosen server, click/tap connect.

Sometimes even the best VPNs with the most effective stealth technology stop working in China. For example, your VPN may stop working after a crackdown by the Chinese government.

When this happens, there are a few things you can try to get back online:

1. Try connecting to a different VPN server
2. Change the VPN protocol
3. Forward the VPN traffic (known as port forwarding) to port 433

By directing your VPN traffic through port 433, which is typically used for encrypted communications, you may be able to get your VPN connection back up, but it’s not guaranteed.

If none of the above suggestions work, you’ll have to contact your provider’s customer support, which will be tricky to do as many VPN websites are banned in China.

ExpressVPN live chat support.

The above suggestions don’t always work, so if you require reliable open internet access from China, we advise our readers to get a back-up VPN subscription, just in case.

The ‘Great Firewall of China’ (or GFW) is the nickname given to China’s internet censorship system, through legislation and filtering technologies.

Since 2003, it gives Chinese authorities the power to monitor and restrict internet access to anyone based in mainland China (Hong Kong and Macau are exempt).

The GFW uses a combination of methods to block websites and apps:

1. IP blocking – blocking IP addresses that resolve to URLs (websites)
2. DNS cache poisoning, or DNS spoofing – to divert traffic from one website to another, which practically blocks you from accessing your desired website or app.
3. Keyword & URL filtering – scanning websites and URLs for specific terms
4. Deep packet inspection (DPI) – the inspection of headers in data packets to detect the destination IP address (website)
5. Manual actions – Chinese authorities employ thousands of workers to censor forbidden content

Many of the most popular websites and apps in the world are blocked in China, for example:

• Google (Gmail, Google Maps & all other Google services – blocked since 2014)
• YouTube (blocked since 2011)
• Facebook (blocked since 2009)
• Twitter (blocked since 2009)
• Instagram (blocked since 2014)
• WhatsApp (blocked since 2017)
• Skype (blocked since 2017)
• Pinterest (blocked since 2017)

The Google Play Store isn’t available at all in China, and Apple’s App Store complies with Chinese laws, so it’s highly restricted, meaning that you can’t find VPN apps on there.

That’s why it’s super important to set up your VPN apps before you travel.

You can download APK files directly from some VPN websites – although they too may be blocked – for your Android device.

Be wary of downloading those types of files from third-party websites, though, as they can be infected with malware.

Here is a more comprehensive list of websites blocked in mainland China. You can also use this checker to find out if a website is available or not.

It’s also important to note that censorship varies from day to day and region to region.

During times of political unrest censorship can be heightened, and some areas of China can be affected more than others.

Yes, China does actively block VPN connections.

China has been blocking VPNs to some degree since 2011 but in late 2017 to early 2018 the Chinese government’s VPN clampdowns intensified.

During that time, the Chinese government ordered Apple App Store to remove all VPN apps and threatened to block all VPN services that were not government-approved.

While China wasn’t successful in blocking all VPN services, many are now unusable.

Even the best VPNs with the most effective obfuscation tools fall victim to the Great Firewall’s crackdowns from time to time.

During times of political unrest, or on significant anniversaries such as June 4 (1989 Tiananmen Square protests), the Chinese government tends to crack down on VPNs more intensely. While you may find it harder to connect to a VPN server, the best VPN services usually find a solution reasonably quickly.

VPNs evade the Great Firewall of China using encryption and obfuscation tools.

VPNs encrypt internet traffic so that the Great Firewall can’t see what you’re trying to access online.

The encrypted traffic is routed to your VPN service’s private servers before going to the website or service that you want to access, hiding the destination of the internet traffic from the Great Firewall too.

However, the Chinese censors have become wise to some VPN connections.

Using Deep Packet Inspection, the censors can see certain indicators of VPN traffic, such as characteristics of particular VPN protocols.

The best VPNs for China now employ obfuscation tools which scramble VPN data to look like normal HTTPS internet traffic, helping the data to go undetected.

Yet even with obfuscation, the Great Firewall still successfully blocks some VPN servers by blacklisting their associated IP address ranges.

This means that one day a server might work but the next it wont. Some trial and error might be required when this happens.

VPN traffic obfuscation in China is completely necessary. Otherwise, the Chinese Firewall will detect VPN traffic (through deep packet inspection) and subsequently block it.

Therefore, VPN providers use protocol obfuscation methods to scramble VPN data and mask it as regular HTTPS web traffic.

The two most used ways to obfuscate VPN traffic involve using:

1. XOR – Also referred to as OpenVPN Scramble, Xor is an encryption algorithm often used to mask OpenVPN traffic.
2. Obfsproxy – Developed by the Tor network, Obfsproxy works by adding a further layer of encryption to OpenVPN traffic using the obfs4 wrapper.

Sometimes obfuscation protocols are also called ‘stealth’ or ‘camouflage’ protocols. All of our recommended VPNs above use obfuscation protocols.

Since China started cracking down on VPN services, the majority of VPN apps don’t work in China.

Even some of the most popular VPN services don’t come with the tools necessary for beating the Great Chinese Firewall’s censors.

Here are some VPN services that don’t work well in China:

• CyberGhost
• HideMyAss
• Hotspot Shield
• IPVanish
• Private Internet Access
• TunnelBear

Basically, if a VPN doesn’t come with obfuscation tools or stealth protocols, it’s unlikely to get past the Chinese VPN blocks.

You’ll find that internet speeds are typically slower than you’d expect when connecting to sites outside of China due to the Great Firewall and local infrastructure.

VPNs generally slow down your internet speeds because of the overhead of encryption, but the best VPNs only impact speeds by about 5-10% if you connect to a nearby sever.

The obfuscation tools necessary for VPNs to work in the country additionally impact speeds slightly, making them a little slower than regular VPN connections made outside of China.

However, you can ensure the best speeds by connecting to the closest possible VPN server such as Hong Kong or Singapore.

There are other circumvention tools that may be able to unblock websites and apps in China, but they’re not as effective as VPNs.

Essentially, most alternatives to VPNs don’t protect your privacy and aren’t guaranteed to work.

Here’s a list of five circumvention tools that may (or may not) beat the Great Firewall:

1. Proxies

   One option is to use a proxy server, which spoofs your IP address but doesn’t encrypt internet traffic.

   This means that your ISP – or the Chinese government – will be able to see what you’re doing online.

   The most effective proxy for China is Shadowsocks, which uses the SOCKS5 internet protocol.

2. Lantern

   Lantern is open-source peer-to-peer (P2P) software specifically built to circumvent web filters, and funded by the US government.

   It relies on volunteer users, located in countries with more open internet access, to share their bandwidth with users in high censorship nations.

   Lantern is not an anonymity tool, so remember that your web activity is still visible to others.

   Note: As of writing, Lantern’s official websites was down.

3. Mirror Sites

   Some websites release mirrors of their websites that have been blocked by the Great Firewall so that those in China can still access their content.

   However, these mirror sites are usually blocked soon after too, making it a very unreliable option.

4. TOR

   The Onion Router (Tor), a free anonymous web browser, anonymizes your internet surfing by randomly routing your web traffic through a network of servers.

   While Tor is a safer option than using proxy servers or mirror websites, it comes with some major disadvantages.

   Firstly, Tor is very slow – much slower than a good VPN.

   Secondly, China actively blocks access to Tor, so to unblock websites you’ll have to tinker with Tor’s advanced settings (for example, by setting up bridges), which may or may not work.

5. FreeBrowser

   FreeBrowser is a free web browser for Android devices with built-in circumvention technology. It’s used by over 100,000 Android users, but user reviews are very mixed.

   Also, remember it’s a web browser so your internet traffic outside of it will be blocked (or heavily restricted) in China.

Netflix isn’t currently available in China but it’s possible to watch content from the US and other Netflix libraries by using a VPN.

But, even with a VPN watching Netflix in China can be tricky.

Due to government crackdowns on VPNs, many services only work in the country using specific VPN servers, and these servers might not be optimized to work with Netflix.

ExpressVPN, our top choice for China, should unblock Netflix from China, but it’s worth double-checking with customer support which servers they recommend using.

It’s possible to set up your own VPN server outside of China – in your home, for example – and use it to access blocked websites while in China.

Connecting to a home VPN server will assign you your home IP, which may unlock banned content such as Google and YouTube.

However, building your own server comes with security risks if you fail to set it up correctly. It’s for those with plenty of tech know-how, and beginners should steer clear.

Connecting to a self-built VPN server might not work to unblock content in China if the VPN server doesn’t use any obfuscation tool. OpenVPN traffic is often blocked by the Chinese censors.

If you are traveling to China, the safest option is to use a trusted third-party (commercial) VPN that comes with the necessary obfuscation tools to get around the Great Firewall.

If you want to use a VPN to connect into China, there are a few VPN providers with virtual servers that will give you a Chinese IP address: PureVPN, Ivacy, HideMyAss, and Hotspot Shield.

These VPN servers are not physically located in China but do assign you a Chinese IP, which will make it seem as if you’re located in mainland China. These are known as Virtual Servers.

To change your IP to a Chinese one, simple select the ‘China’ server and click connect.

You can check that you have a Chinese IP address by running a leak test on browserleaks.com:

Leak test results for Hotspot Shield connected to the China VPN server.

By using a VPN to connect into China, you will be able to access popular Chinese streaming websites such as Youku, Tudou and Sohu Video.

While China still controls Taiwan, internet censorship there is nowhere near as rife. You can access popular sites like YouTube, Facebook, and Google in Taiwan without a VPN.

The same goes for Hong Kong and Macau – the internet is largely free and uncensored there too.

Until fairly recently, those living in Hong Kong could use VPNs freely without any issues, but recent reports suggest that some VPN connections were temporarily blocked during the second week of September 2019.

This came during pro-democracy protests that started over plans to allow extradition from Hong Kong to mainland China.