Disclosure: Top10VPN is editorially independent. We may earn commissions if you buy a VPN through links on our site.

The Best VPNs for China

23 comments
Podium Rankings for Best VPN
Simon Migliano Head of Research at Top10VPN
23 comments

Simon is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times, CNet and more. Read full bio

The Great Firewall of China (GFW) blocks over 10,000 web domains including 135 of the world’s top 1,000 websites. It’s the world’s most advanced internet censorship system.

Only the best VPNs for China get round the GFW to access the free internet. That’s because China blocks most VPN traffic unless a VPN uses cutting-edge obfuscation technology to disguise its traffic.

The VPNs we recommend below work in Beijing, Shanghai, and elsewhere in mainland China. They unblock Google, Instagram, Twitter, and many other websites.

Based on encryption, obfuscation, and reliability, the five best VPNs for China are:

  1. Astrill: The most reliable VPN for China working 100% of the time. Read Summary
  2. VPN.ac: A great alternative for China with 87% uptime. Read Summary
  3. Windscribe: Free VPN with 89% uptime, but slower than its rivals. Read Summary
  4. PrivateVPN: The cheapest VPN option that works 74% of the time. Read Summary
  5. ExpressVPN: The fastest VPN for China that works 71% of the time. Read Summary

The VPNs above are the most effective and reliable based on our unique testing methodology specific to China. Using a server located in Shanghai, we perform weekly tests to verify which VPNs still work and which don’t.

We also test for AES-256 encryption, IP leaks, effective obfuscation, VPN servers in mainland China or neighboring countries, and China-specific support.

Keep reading to learn more about our top-rated VPNs for China, or skip to our most recent China VPN test results.

The Top VPNs for China: Performance Ratings

Here’s a table summarizing how the top VPNs for China perform in five key testing categories:

EXPERT TIP: Download your VPN before traveling to China. Most VPN websites are blocked in China, and safe-to-use VPN apps are banned from Chinese app stores.

The 5 Best VPNs That Work in China (Tested in July 2021)

  1. 1. Astrill VPN: 100% Reliable

    The overall best VPN for China with 100% uptime and effective obfuscation.

    Ranked #1 out of 68 VPNs for China
    Astrill mobile screenshots
     0% 
    No user reviews
    Visit Astrill

    Pros

    1. Stealth VPN protocol to beat censors
    2. VPN servers optimized for China
    3. Nearby VPN servers in Asia with good speeds
    4. Works with US Netflix
    5. Kill switch & no IP,DNS and WebRTC leaks
    6. Easy to set up and use
    Cons
    1. Live chat doesn’t always work
    2. Free trial unavailable to China users
    3. No refund policy
    4. More expensive than its competitors
    5. No VPN browser extensions

    Overall Rating for China: 9.8/10

    This rating is calculated using the following five subcategory ratings. To learn more, read our testing methodology for VPNs in China.

    • 9.9
    • 9.8
    • 9.4
    • 8.7
    • 9.2

    Astrill VPN is absolutely the best VPN for China. During our testing over the past 12 months, it has never failed to bypass the Great Firewall and unblock international websites. It offers two stealth protocols, VPN servers in neighbouring countries like Hong Kong and Japan, and AES-256 encryption.

    Special ‘SuperCharged’ servers are available to get the best speeds possible, and its logging policy is good enough to maintain your privacy. Overall, Astrill is the most consistent and reliable VPN that works in China.

    Works in ChinaYes
    Data LeaksNo
    Logging PolicySome User Logs
    Cheapest Price$10.00/mo over 12 Months See all plans
    JurisdictionSeychelles (Privacy Haven)
    Compatible with
    1. windowsWindows
    2. macosMacOS
    3. iosiOS
    4. androidAndroid
    5. linuxLinux

    The most reliable VPN for China

    Astrill operates two stealth protocols that are both effective at bypassing Chinese web blocks. One of these obfuscation methods is a VPN protocol, the other is a proxy.

    As a result of this, Astrill consistently outperforms all the other VPNs tested on our Shanghai server. Astrill has worked in China 100% of the times we’ve tested in the past 12 months, more than any other VPN.

    Fast and secure servers in Hong Kong, Japan & more

    Astrill also offers nearby servers in Asia, including Hong Kong, Japan, and South Korea. There are nearby servers on the US west coast too, including Los Angeles, San Francisco, and San Jose.

    Its speeds are reasonably good, although they are slower than ExpressVPN. Speed does improve in China when you connect to servers labeled ‘SuperCharged’.

    Astrill owns all its DNS servers, meaning there is no chance your traffic will be routed via less secure third-party servers. All connections are secured with AES-256 encryption.

    If the VPN itself fails (which is unlikely to happen), Astrill offers a simple proxy which can get around the censors as a last resort.

    Mixed logging policy and lacking customer support

    Astrill does collect some logs including connection time, IP address, Device type, and VPN app version.

    These are kept for the duration of your VPN session. Once the session is over, the connection logs are wiped.

    You can use Astrill VPN on Microsoft Windows, MacOS, iOS, and Android, but the mobile apps lack many of the advanced security features of the computer software. It doesn’t offer any browser extensions, either.

    It’s more expensive than most competing VPNs and live chat doesn’t always work. You can’t access the Astrill free trial from China and there’s no refund policy, either, so make sure you want to commit to Astrill before buying.

    Astrill comes with some drawbacks as a general VPN service, but it is unbeaten for reliable use in China.

    How to Use Astrill VPN in China

    1. Select ‘StealthVPN’ from the drop-down settings menu before connecting.
    2. If that doesn’t work, open menu on the left and select ‘StealthVPN options’, then try changing to ‘Reliable (TCP)’ mode.
    3. Your final option is to Select ‘Proxy Settings’ and try to connect using an HTTP proxy. This is not fully encrypted so should only be used as a last resort.
  2. 2. VPN.ac: 86.84% Reliable

    The best for ease-of-use, with China-optimized servers in North America.

    VPN.ac screenshots
     100% 
    (3 user reviews)
    Visit VPN.ac

    Pros

    1. China optomised servers in both Europe and the US
    2. Specialized XOR obfuscation
    3. Regularly updated China status pages
    4. Very easy to use in China
    Cons
    1. Some minimal logs which are wiped daily
    2. Less consistent than ExpressVPN or Astrill

    Overall Rating for China: 8.9/10

    This rating is calculated using the following five subcategory ratings. To learn more, read our testing methodology for VPNs in China.

    • 8.7
    • 9.4
    • 9
    • 8.3
    • 9.2

    VPN.ac is a less popular VPN service than others on this list, but our tests have shown it is a particularly good choice when connecting from China. Its simple applications, advanced obfuscation, and dedicated servers for China make it a strong alternative to the big-name VPNs.

    Works in ChinaYes
    Data LeaksNo
    Logging PolicyNo Logs
    Cheapest Price$3.75 over 24 months See all plans
    JurisdictionRomania
    Compatible with
    1. windowsWindows
    2. macosMacOS
    3. iosiOS
    4. androidAndroid
    5. linuxLinux

    Dedicated VPN servers optimized for China

    VPN.ac uses ‘China Optimized’ servers, which offer a strong connection between China and North America, Europe, and Asia. Specialized servers are available in the following countries:

    • Canada
    • France
    • Germany
    • Hong Kong
    • Japan
    • Singapore
    • Taiwan
    • UK
    • US

    If you connect to one of these servers from China, they will automatically apply VPN.ac’s specialized obfuscation technology.

    Internet access from China to US servers

    VPN.ac uses the OpenVPN XOR protocol with a TCP port 443 tunnel (the same port used by HTTPS traffic) to sneak traffic past China’s extensive censorship system.

    Beating the censors in China is a constant game of cat and mouse – one which VPN.ac has managed to stay consistently ahead of.

    Testing using a server in Shanghai, VPN.ac has been able to successfully bypass Chinese censorship over 80% of the time. West coast US connections are typically the most stable and reliable.

    This makes VPN.ac a great choice for business travellers or tourists from the USA.

    China-oriented customer support

    Giving users access to the wider internet from China is clearly a key part of VPN.ac’s product offering.

    The status of its service in China is monitored on a dedicated ‘China Status’ webpage, and it also offers its own detailed instructions for using the VPN in China.

    Good, but not perfect, privacy policy

    VPN.ac does log a small amount of information, however this information is wiped daily. This includes your originating IP address, the start and end time of the VPN connection, and the total amount of data transferred.

    On long subscription plans VPN.ac represents good value, but cheaper VPNs like PrivateVPN are much more affordable on short, one-month commitments.

    Overall, VPN.ac has clearly invested a lot into becoming one of the top choices for connecting in China. It has specialized servers, advanced obfuscation, and fantastic customer support dedicated to Chinese users or tourists.

    How to Use VPN.ac in China

    1. You need to enable the China-specific features of VPN.ac before you use it.
    2. Select ‘Advanced’ at the bottom of the app.
    3. Select ‘I am in China or another censored country’.
    4. When you return to the server select page, you will see a new tab for ‘China Optimized’ servers.
    5. Select one of these servers and connect to it.
  3. 3. Windscribe: 89.47% Reliable

    The best free VPN for China, and the only free VPN that works reliably.

    Windscribe mobile screenshots
     100% 
    (2 user reviews)
    Visit Windscribe

    Pros

    1. No need to give card details
    2. Strong logging policy
    3. Good for streaming Netflix & BBC iPlayer
    4. Multiple obfuscation protocols
    5. Trustworthy provider
    Cons
    1. 10GB data cap
    2. iOS app won't work in China
    3. Less consistent than alternatives

    Overall Rating for China: 8.6/10

    This rating is calculated using the following five subcategory ratings. To learn more, read our testing methodology for VPNs in China.

    • 8.9
    • 9.4
    • 9.5
    • 8.5
    • 7.5

    Windscribe Free is the only safe free VPN that works in China. It’s also one of the most consistent VPNs for China available – free or paid. Windscribe’s paid application also works, and both versions of the app offer strong security and a trustworthy logging policy.

    The free version does come with a 10GB monthly data cap and restricted server choice, so you will have to limit your use of the VPN. Despite these limitations, its reliability makes it stand out as the best free VPN for China.

    Works in ChinaUnreliable
    Data LeaksNo
    Logging PolicyAnonymous Server Usage Data
    Cheapest PriceFree
    JurisdictionCanada (Five-Eyes Member)
    Compatible with
    1. windowsWindows
    2. macosMacOS
    3. iosiOS
    4. androidAndroid
    5. linuxLinux

    Choice of obfuscation technology

    Windscribe has two obfuscation protocols available: Stunnel (called “Stealth” in the app) and Wstunnel. Stunnel wraps OpenVPN traffic in TLS, whereas Wstunnel wraps it in WebSocket.

    Both of these features make sure your VPN traffic blends in seamlessly with ordinary internet traffic.

    Windscribe is the only free VPN we’ve seen that can offer consistent access to both US Netflix and BBC iPlayer. This makes it a good option for streaming blocked TV shows and movies while you’re in China.

    A safe and trustworthy free VPN for China

    Finding a trustworthy free VPN that works in China is difficult. Our tests have found several unreliable or dangerous VPNs that work temporarily in China, but these VPNs are often incapable of actually protecting your data.

    Based on our most recent tests, the best Windscribe server for China is the Hong Kong, Victoria server. This is available on both the free and premium version of the app.

    During the last month, Windscribe has been 100% successful in bypassing China’s firewall using this server.

    No obfuscation on iOS applications

    Windscribe’s stealth and obfuscation protocols aren’t available on iOS, so Windscribe Free is only a good option for Android, PC, and Mac users in China.

    Just like every VPN app, you need to download Windscribe onto all of your devices before leaving for China, as the website is blocked within the country’s borders.

    How to Use Windscribe in China

    1. Open the Windscribe application. From the menu on the left, select ‘Preferences’.
    2. Under the ‘Connection’ tab, set the Connection Mode to ‘Manual’.
    3. From the drop-down menu, select either ‘Stealth’ or ‘WStunnel’.
    4. If your connection doesn’t work, change to the other protocol.
  4. 4. PrivateVPN: 73.68% Reliable

    The cheapest VPN for China, with an effective Stealth VPN protocol.

    Image of PrivateVPN's app on mobile
     98% 
    (1,736 user reviews)
    Visit PrivateVPN

    Pros

    1. Stealth VPN protocol works in China
    2. Fast VPN servers in nearby Asian cities
    3. Also works with TCP Port 443 & Tor
    4. No-logs policy & no IP, DNS or WebRTC leaks
    5. Unblocks US Netflix & BBC iPlayer
    Cons
    1. Small VPN server network (only 150 servers)
    2. No VPN browser extensions
    3. Live chat not always available

    Overall Rating for China: 8.3/10

    This rating is calculated using the following five subcategory ratings. To learn more, read our testing methodology for VPNs in China.

    • 7.4
    • 9.1
    • 9.5
    • 8.9
    • 6.5

    PrivateVPN costs just $1.98 per month on its longest subscription, making it the cheapest VPN that still works in China. It doesn’t have a large server network, but you can connect to fast VPN servers in Hong Kong, Japan, Taiwan, and South Korea. These will give you reliable connection speeds out of China.

    Works in ChinaYes
    Data LeaksNo
    Logging PolicyNo Logs
    Cheapest Price$1.98/mo over 24 months See all plans
    JurisdictionSweden (14-Eyes Member)
    Compatible with
    1. windowsWindows
    2. macosMacOS
    3. iosiOS
    4. androidAndroid
    5. linuxLinux

    Stealth VPN protocol for effective obfuscation

    PrivateVPN offers a stealth VPN protocol called ‘Stealth VPN’. This protocol consistently works to bypass Chinese web censors. It also has essential security features like a VPN kill switch and AES-256 encryption.

    It doesn’t leak IP or DNS data, and our testing has found that its obfuscation works in China every single time, although you may sometimes need to try a few different servers.

    Strong privacy and no-logs privacy policy

    Its strict no-logs policy means that PrivateVPN doesn’t track or collect any of your internet data. This is good anywhere, but particularly good when accessing the internet from regions with strict governments like China.

    Great, user-friendly interface

    PrivateVPN’s applications have been recently updated. The new version makes it extremely easy and intuitive to select and activate stealth VPN. There isn’t any manual setup or advanced configuration involved.

    Connecting in China is really easy, too. We have more detailed instructions below, but most of the time you only need to press the connect button and the app will automatically work to access the global internet.

    Excellent value for money

    PrivateVPN has recently reintroduced a seven-day free trial alongside the 31-day refund period, which means you can try it out for a whole month and get your money back if the VPN doesn’t work.

    With the exception of Windscribe Free, PrivateVPN is the cheapest VPN that works in China, and it’s even good value on short one-month subscriptions. This makes it a great choice if you intend to be in China for a short time and don’t want to commit to a longer subscription.

    How to Use PrivateVPN in China

    1. Open the PrivateVPN application and select ‘Advanced View’.
    2. Select the ‘Stealth VPN’ tab.
    3. Turn Stealth VPN on to enable obfuscation, then return to simple view.
    4. Choose a VPN server and connect.
    5. You can also choose between Port 22 and Port 443. Changing between these options may help unblock content.
  5. 5. ExpressVPN: 71.05% Reliable

    The fastest VPN for China that works most of the time.

    ExpressVPN's new app on mobile devices
     96% 
    (1,768 user reviews)
    Visit ExpressVPN

    Pros

    1. Fast VPN servers optimized for China
    2. Unblocks most websites in China
    3. Obfuscation technology to beat censorship
    4. Works with Netflix, Hulu, Disney+ & more
    5. No logging & no IP, DNS or WebRTC leaks
    6. Full-featured VPN browser extensions
    Cons
    1. Expensive on shorter subscription plans
    2. Not as consistent as Astrill

    Overall Rating for China: 7.8/10

    This rating is calculated using the following five subcategory ratings. To learn more, read our testing methodology for VPNs in China.

    • 7.1
    • 9.6
    • 9.6
    • 9.2
    • 9.5

    ExpressVPN was historically the top VPN for China. Though its ability to bypass China’s censorship has wavered in the past 12 months, recently its performance in our tests has been very strong.

    It offers the best user experience and the fastest speeds when it works, but falls short of some competitors for reliability overcoming censorship.

    Works in ChinaYes
    Data LeaksNo
    Logging PolicyAnonymous Server Usage Data
    Cheapest Price$6.67/mo over 15 Months See all plans
    JurisdictionBritish Virgin Islands (Privacy Haven)
    Compatible with
    1. windowsWindows
    2. macosMacOS
    3. iosiOS
    4. androidAndroid
    5. linuxLinux

    Seamless obfuscation technology

    ExpressVPN uses advanced obfuscation technology to create one of the most seamless experiences we’ve seen from a China VPN. Thanks to this feature, using ExpressVPN in China is very similar to using it anywhere else in the world, with the same extensive suite of features.

    ExpressVPN usually connects from China without any issues, and you can connect to the global internet with a single click.

    Just be sure to set the VPN protocol to ‘Automatic’ before you connect.

    Fast international connection speeds

    Our testing methodology doesn’t allow us to record specific comparisons for speed in China. However, based on human experience, ExpressVPN is typically the fastest VPN in China compared to its main rivals.

    Its server network is extensive and there are even specific servers recommended for China. Simply get in touch with the 24/7 live chat support to find out which servers it recommends, as they change regularly.

    Simple applications for all major platforms and devices

    There are VPN applications for all popular devices including Windows, Mac, iPhone, Android, and Fire TV. These are all very easy to set up and use.

    ExpressVPN also comes with SmartDNS technology called MediaStreamer. This is ideal for Apple TV and games console users.

    The VPN doesn’t collect any activity logs, and our testing has never measured a single IP, DNS, or WebRTC leak. This means there is much less risk of ExpressVPN being compromised or identified by Chinese censors.

    Money-back guarantee

    ExpressVPN also comes with a 30-day money-back guarantee. If you’re unhappy with the software, tell the customer support team within the first 30 days and you’ll be refunded, no-questions-asked.

    If you’re in China, or planning on travelling there, ExpressVPN is a good choice. It’s fast, safe, and highly secure, but it won’t work in China as consistently as Astrill VPN.

    How to Use ExpressVPN in China

    1. If you’re travelling to China, download the most recent ExpressVPN application before you leave.
    2. If you’re already in China, download the application from a mirror website. You can find these by contacting ExpressVPN directly.
    3. Make sure the protocol is set to “automatic” before connecting to a VPN server.
    4. Choose a VPN server in a nearby country and select “connect”.
    5. You’ll now have access to international websites and services.

China VPN Test Results: 16 Top VPNs Compared

Use the table below to compare the best VPNs for China based on reliability and obfuscation technology.

You can also find out which popular VPNs currently work in China, and which don’t.

The data is collected from our Shanghai server, using our China testing methodology.

VPN Service % Reliability (12 Months) % Reliability (3 Months) Obfuscation Tips
Astrill 100% 100% Use the StealthVPN protocol.
Windscribe 89.47% 100% Use the StealthVPN protocol.
VPN.ac 86.84% 75% Use the China-optimized servers.
PrivateVPN 73.68% 58.33% Turn on Stealth Mode.
ExpressVPN 71.05% 100% Use the latest version of the app.
PIA 63.16% 41.67% Use the Shadowsocks OpenVPN protocol.
VPNArea 57.89% 25% Use a VPN server in Japan.
StrongVPN 50% 50% Use the “No Borders” setting.
NordVPN 44.71% 0% Use the dedicated app for China.
Hotspot Shield 34.21% 16.67% Kill switch only available on Windows.
Surfshark 31.58% 16.67% Use the “No Borders” setting.
VyprVPN 10.53% 0% Use a VPN server in South Korea.
Hide.Me 10.53% 0% N/A
IPVanish 0% 0% Use the ‘scramble’ option.
ProtonVPN 0% 0% N/A
HideMyAss 0% 0% N/A

How We Test the Best VPNs for China

We test for a number of key decision-making factors when testing the safest and most reliable VPNs for China.

For China specifically, we test for:

  • The ability to bypass the Great Firewall from a server in Shanghai.
  • AES-256 encryption, OpenVPN, and other safe connection protocols.
  • Effective traffic obfuscation technology.
  • Fast international speeds from China.
  • VPN Servers in mainland China or nearby countries.
  • Specialised servers for bypassing Chinese censorship.
  • China-specific support (such as additional app download links).
  • No ties to the Chinese government or companies.

Here’s a breakdown of exactly what we test for when recommending VPNs for China, along with how much of the overall rating each category makes up:

1. Reliability in China: 70%

Minimum Requirement: Over 50% reliability in China.
We Recommend: Over 80% reliability in China.

The most important test for a VPN in China is whether it can bypass the Great Firewall (GFW), a name given to China’s sophisticated censorship infrastructure.

We operate a virtual Windows 10 PC installed on a server near Shanghai to determine whether or not a VPN actually works in China.

When testing a VPN, we attempt to connect to a server outside of mainland China using every available protocol on a variety of servers, and follow any additional instructions from the VPN itself, including downloading special versions of its apps.

We collect this data once a week for 15 popular VPN services and use it to track the percentage reliability in the last quarter and last year. This is the most accurate way to predict the long term performance of a VPN in China from outside the country.

The percentage uptime of each VPN over the last 12 months is what determines its score in this category. For example, if it has worked 82% of the time it will get a score of 8.2/10.

Because we connect remotely from outside of China, our connection speeds are throttled. This means we cannot accurately record or compare other types of performance data, such as upload and download speeds or latency.

2. Obfuscation technology: 5%

Minimum Requirement: Includes an option for active obfuscation.
We Recommend: OpenVPN XOR or Stunnel functionality.

While test results are the absolute indicator of whether or not a VPN works in China, obfuscation technology can also give you some idea of whether or not it is likely to work.

OpenVPN Stunnel and XOR are both effective options we reward. Many VPN services also offer their own proprietary obfuscation protocols.

We also test for the ability to actively toggle obfuscation as a factor for VPNs in any censored country.

3. Logging Policy: 5%

Minimum Requirement: A clear privacy policy with only anonymised logs.
We Recommend: A strict zero-logs policy.

Logging is an important indicator of a truly private VPN.

In China, where using unauthorized VPNs is banned, it is important your provider doesn’t keep a record of your connections in the country.

We do not recommend any VPNs for China that keep records in the country or has ties to domestic businesses or the government.

4. Average Speed: 10%

Minimum Requirement: Download speeds over 40Mbps on connections to nearby countries.
We Recommend: 60Mbps or faster on long-distance connections.

Speed is also an important component of choosing a VPN for China, as speeds in and out of the country are bottlenecked and can be very slow.

As we cannot test speeds in China directly, speeds in nearby countries (ideally Hong Kong, but also other countries in East Asia) are taken as an indicator of performance.

Nearby Servers: 10%

Minimum Requirement: Obfuscated servers in Asia or the USA’s west coast.
We Recommend: Obfuscated servers in both Asia and the USA’s west coast.

Having nearby servers is a good indicator of the quality of performance you can expect from a VPN in China.

Servers in nearby Asian countries, especially in Hong Kong, are generally the best choice for speed. We also test for servers in Singapore, Japan, Thailand, Korea, Vietnam and more.

Servers on the US west coast can also get good speeds from China from some VPNs. They’re ideal for accessing US streaming services.

VPNs That Don’t Work in China

The majority of VPN apps do not work in China. This includes some of the best and most popular VPNs.

China actively tries to identify and block unofficial VPN connections. For VPN to work in China, it needs to have obfuscation tools or stealth protocols as a minimum.

Most of the VPNs that do work in China put a significant amount of work and investment into beating the censors.

Here are some popular VPNs that do not work in China:

  • CyberGhost
  • Hide.me
  • HideMyAss
  • Hotspot Shield
  • IPVanish
  • ProtonVPN
  • TunnelBear

The Great Firewall of China

The great firewall of China

The Great Firewall of China (GFW) is a nickname given to China’s internet censorship system, which functions through legislation and internet filtering technologies.

Since 2003, it has given Chinese authorities the power to monitor and restrict internet access to anyone based in mainland China (Hong Kong and Macau are exempt).

The Great Firewall is designed to regulate and censor the Internet within China’s borders. It does this by limiting, slowing, or completely blocking access to certain foreign websites and services.

How Does the Great Firewall Work?

Unlike the online censorship in some other countries, China’s Great Firewall has been around since the origins of the internet. As a result, it is built into the basic internet infrastructure of the country.

The Great Firewall uses a combination of five methods to block websites and apps:

  1. IP blocking: blocking IP addresses that resolve to specific URLs (websites).
  2. DNS spoofing: diverting traffic from one website to another, which practically blocks you from accessing a desired website or app.
  3. Keyword and URL filtering: scanning websites and URLs for specific terms.
  4. Deep packet inspection (DPI): inspecting the headers in data packets to detect the destination IP address (website).
  5. Manual actions: Chinese authorities employ thousands of workers to censor forbidden content.

The GFW doesn’t operate in a single or straightforward way, and the Chinese Communist Party (China’s ruling political party) maintains a high degree of secrecy about how its censorship functions.

From the outside looking in, these are some of the common methods used by the Great Firewall to block websites and services.

By combining these technologies and constantly upgrading its methods and infrastructure, China has managed to build the most effective and dynamic system of online censorship in the world.

Here’s a more detailed explanation the five methods used to block or censor content in China:

1. IP Blocking

China builds a blacklist of IP addresses which correspond to banned websites. If it sees you are trying to connect to these IP addresses, your traffic will simply be blocked. If an IP address associated with a non-approved VPN are discovered, it is blocked too.

2. DNS Spoofing

When you connect to a website, the Domain Name System (DNS) is used to establish a connection between your device and the website’s IP address. China can set DNS servers up to give faulty information for some DNS requests, which will prevent you from establishing a connection with the website.

3. URL Filtering

As well as blocking specific IP addresses, the GFW scans URLs for sensitive keywords. This means you might be able to access one part of a website, but not the pages that refer to content that the government would rather keep you from seeing.

4. Deep Packet Inspection & Injection

The Great Firewall can look through blocks of unencrypted data to identify flagged keywords using a process known as ‘deep packet inspection’. It can then stop any unwanted packets from being transmitted. After identifying an unwanted connection, China can inject reset packets, to break the connection between you and the website you are visiting for a period of time.

5. Manual Actions

Much of the censorship carried out as part of the Great Firewall isn’t automated. The government hires staff specifically to scan the internet for content to add to its blacklist.

Does the Great Firewall Block Every VPN?

China’s Great Firewall actively blocks VPN connections, but it cannot block every VPN.

The Chinese government has been blocking VPNs to some degree since 2011, but this process has intensified since 2017 and early 2018.

During that time, the Chinese government ordered the Apple App Store to remove all VPN applications and threatened to block all VPN services that were not government-approved.

While it wasn’t successful in blocking all VPN services, many popular services are now unusable.

Even the VPNs with the most effective obfuscation tools occasionally fall victim to the Great Firewall’s censorship.

During times of political unrest, or on significant anniversaries such as June 4, the Chinese government tends to crack down on VPNs more intensely. While you may find it harder to connect to a VPN server, the best VPNs for China usually find a solution reasonably quickly.

How Do the Top VPNs Beat the Great Firewall?

VPN services encrypt your internet traffic so the Great Firewall can’t see what you’re trying to access online.

The encrypted traffic is routed to a VPN server in another country before going to the website or service that you want to access. This hides the destination of the internet traffic from the Great Firewall, too.

The Chinese censors have learnt to identify some VPN connections.

Using Deep Packet Inspection, the censors can see certain indicators of VPN traffic, such as characteristics of particular VPN protocols.

As a result, the most reliable VPNs for China now use obfuscation technology to scramble VPN traffic and make it look like normal HTTPS internet traffic. This helps the data to go undetected.

PrivateVPN working in China

PrivateVPN uses obfuscation to unblock YouTube in China.

Even with obfuscation, the Great Firewall still successfully blocks some VPN servers by blacklisting associated IP address ranges.

This means that one day a VPN server might work, and the next day it won’t. Some trial and error might be required when this happens.

What Is VPN Obfuscation?

Obfuscation technology disguises your VPN traffic so it blends in with other forms of online traffic. Normal VPN encryption stops observers from reading your traffic, but obfuscation stops them from knowing it is VPN traffic at all.

A VPN that offers obfuscation technology will allow you to select an obfuscation protocol from the settings menu.

Without obfuscation, the Chinese Firewall will detect VPN traffic (through deep packet inspection) and block it.

deep packet inspection searching for a VPN connection. The VPN has obfuscation and therefore cannot be detected by the censors.

VPN services use protocol obfuscation methods to scramble VPN data and mask it as regular HTTPS web traffic.

The two most common ways to obfuscate VPN traffic are:

  1. XOR: Also referred to as OpenVPN Scramble, XOR is an encryption algorithm often used to mask OpenVPN traffic.
  2. Obfsproxy: Developed by the Tor network, Obfsproxy works by adding a further layer of encryption to OpenVPN traffic using the “obfs4” wrapper.

Sometimes obfuscation protocols are also called ‘stealth’ or ‘camouflage’ protocols. All of the recommended VPNs above use obfuscation protocols.

Which Websites are Blocked in China?

Many of the most popular websites and apps in the world are blocked in China. However, this censorship varies from day to day and region to region.

The Google Play Store isn’t available at all in China, and Apple’s App Store complies with Chinese laws. This means it’s highly restricted and does not offer VPN applications.

You can use the greatfire.org analyzer tool to check if specific websites are blocked.

Some of the most popular websites and services in the world are completely unavailable in China, including:

  • Google (blocked since 2014)
  • YouTube (blocked since 2011)
  • Facebook (blocked since 2009)
  • Twitter (blocked since 2009)
  • Instagram (blocked since 2014)
  • WhatsApp (blocked since 2017)
  • Skype (blocked since 2017)
  • Pinterest (blocked since 2017)

Many VPN websites and applications are also blocked in China, which is why it’s important to set up your VPN apps before you travel.

If you’re using an Android device, you can download APK files directly from some VPN websites – although they too may be blocked.

ExpressVPN APK download page

ExpressVPN offers an APK file for direct installation.

Be wary of downloading this type of file from third-party websites, though, as they can be infected with malware.

The Great Firewall can also block access to anything that requires access to the internet. This includes email (if you use Gmail) and blacklisted mobile apps.

If your mobile app needs to connect to a blocked site or service to operate, it won’t work in China.

Are VPNs Legal in China?

Only government-approved VPNs are legal in China. All VPN services have to be officially sanctioned by the Chinese Communist Party (CCP) before they are given permission to operate.

To receive this permission, VPN services must agree to conditions such as data logging and sharing data with local authorities, making the VPN useless from a privacy perspective.

Using an unauthorized VPN can technically result in fines of up to 15,000 yuan (approximately $2,200). However, there are very few instances of VPN users actually being charged or fined –particularly foreigners.

If you choose a legitimate, secure, and safe VPN for China it’s highly unlikely that authorities will be able to identify your VPN traffic. If they do, it’s very unlikely you’ll get into trouble for using it.

It’s important not to use an unsafe VPN with poor encryption and weak security, as these are likely to leave your activity exposed. For example, the popular Hola VPN is unsafe to use in China.

China VPN FAQ

What's the Best Free VPN for China?

The best free VPN that works in China is Windscribe Free. In fact, it’s the only safe free VPN that currently works in China.

Generally, it’s not recommended to use free VPNs in China. They are unlikely to work, and free VPNs usually come with considerable risks to your privacy and security.

The free version of Windscribe is easily the best free VPN available, and has worked 89.29% of the time over the past 12 months.

To learn more about what makes Windscribe Free the best option, read the full Windscribe review.

How Do I Get a Chinese IP Address?

If you want to use a VPN to access Chinese websites and services, there are a few VPN services with virtual server locations that will give you a Chinese IP address. These include PureVPN, Ivacy, HideMyAss, and Hotspot Shield.

These VPN servers are not physically located in China, but they will assign you a Chinese IP address. This will make it seem as if you’re located in mainland China.

To get a Chinese IP address using a VPN, simply select the ‘China’ server and click connect.

You can check that you have a Chinese IP address using our IPv4/IPv6 address info tool.

Hotspot Shield leak test when connected to a Chinese VPN server

You can use Hotspot Shield to connect to a Chinese VPN server.

By using a VPN to connect into China, you will be able to access popular Chinese streaming websites such as Youku, Tudou, and Sohu Video.

Why Is My VPN Slow in China?

Unlike the internet in other countries, there are very few exit or entry points to the Chinese internet. This means local connections are much faster than international ones.

If you’re in China and you’re connecting to websites or services outside of China, your internet speeds are likely to be much slower.

Most VPN services slow your internet speeds to some degree due to the data cost of encryption and how traffic is relayed via the VPN server. However, the fastest VPNs will only impact your speeds by about 5-10% if you connect to a nearby server.

The obfuscation technology necessary for VPNs to work in China will also slow your speeds slightly, making Chinese VPN connections a little slower than regular VPN connections outside of China.

You can get the best possible speeds by connecting to the closest possible VPN server. These are usually found in Hong Kong or Singapore. This isn’t always the case, though – you may need to experiment to find the fastest server for you.

Can You Beat the Great Firewall Without a VPN?

There are other circumvention tools that can unblock websites and apps in China, but they’re usually not as effective as VPNs.

Most VPN alternatives don’t protect your privacy and aren’t guaranteed to work.

Here’s a list of five circumvention tools that can work in China:

  1. Proxies (Shadowsocks): One option is to use a proxy server, which spoofs your IP address but doesn’t encrypt your internet traffic.

    This means that your ISP – or the Chinese government – will be able to see what you’re doing online.

    The most effective proxy for China is called Shadowsocks, which uses the SOCKS5 internet protocol. Many VPNs actually incorporate Shadowsocks into their obfuscation protocols.

  2. Lantern: Lantern is a type of open-source peer-to-peer (P2P) software specifically built to circumvent web filters, and funded by the US government.

    It uses volunteers located in countries with a more open internet to share their bandwidth with users in high-censorship nations.

    Lantern is not an anonymity tool, so remember that your web activity is still visible to others.

  3. Mirror Websites: Some websites release copies or “mirrors” of their website if the original has been blocked by the Great Firewall. As long as the mirror site remains unblocked, users in China can still access it.
  4. TOR: The Onion Router (Tor) is a free web browser that anonymizes your internet activity by routing your web traffic through a network of random servers.

    While Tor is a safer option than using proxy servers or mirror websites, it comes with some major disadvantages.

    Firstly, Tor is much slower than most VPNs. It is very anonymous, but it isn’t very secure – which means you’ll need to do your research to use it safely.

    China also actively blocks access to Tor, which means you have to configure the browser’s advanced settings and use bridges to unblock websites. There is a good chance that you simply won’t be able to get it working, though.

  5. FreeBrowser: FreeBrowser is a free web browser for Android devices with built-in circumvention technology. It’s used by over 100,000 Android users, but user reviews are very mixed.

    It’s only a web browser, too – so your internet traffic outside of it will be blocked (or heavily restricted) in China.

Is Social Media Blocked in China?

Many of the sites blocked in China are social media websites. This means you also won’t be able to access these services from mobile apps without a VPN.

Blocked social media sites include:

  • WhatsApp
  • Facebook
  • Twitter
  • Instagram

Some social media sites aren’t blocked in China, though. You can still access:

  • LinkedIn
  • Weibo
  • Renren
  • YouKu

Github is also available in China, and has previously been used as a platform for dissent and sending messages to the wider internet.

About the Author


  • Simon Migliano Head of Research at Top10VPN

    Simon Migliano

    Simon is a recognized world expert in VPNs. He's tested hundreds of VPN services and his research has featured on the BBC, The New York Times, CNet and more. Read full bio