China's Great Firewall isn't just a firewall. It's a 20-year, government-backed research project with dedicated labs, published patents, and — as of September 2025 — over 500GB of leaked source code proving that at least 9 commercial VPN services have already been "solved."
If Russia's internet censorship is a sledgehammer, China's is a scalpel. The GFW doesn't just block things. It learns, adapts, and hunts. It runs active probes against suspicious servers. It uses machine learning to fingerprint encrypted traffic. In August 2025, it even tested shutting down all HTTPS connections on port 443 for 74 minutes — just to see what would happen.
And most VPNs? They're not even in the game anymore.
We spent the last several months testing from inside mainland China. Here's what we found.
Last updated: April 11, 2026
Why China Is the Hardest Country to Use a VPN In
This isn't hyperbole. Other countries — Russia, Iran, Turkmenistan — have serious censorship. But none of them have what China has: two decades of continuous, well-funded development by some of the country's top computer science researchers.
Consider the timeline:
- 2003: GFW begins active filtering
- 2012: Deep packet inspection deployed nationwide
- 2019-2020: Active probing techniques publicly documented by researchers at gfw.report
- 2025: 500GB source code leak reveals the GFW's internal tooling, reverse-engineering workflows, and a list of VPN services already defeated
- 2026: New Cybercrime Prevention Law proposes fines up to 500,000 RMB (~$68,000) for individuals and 5,000,000 RMB for organizations, plus up to 15 days detention
Russia spent $780 million on its VPN-blocking program and still accidentally knocked out its own banking system. China has been quietly perfecting this technology for over 20 years, and they rarely miss.
For a detailed comparison of how China and Russia approach censorship differently, see our analysis of Russia's internet censorship.
What's Blocked in China
If you've never been to China, the scale of the blocking might surprise you. This isn't "a few websites are restricted." This is the near-total removal of Western internet services.
| Category |
Blocked Services |
Notes |
| Messaging |
WhatsApp, Telegram, Signal, LINE, Facebook Messenger |
LINE is especially relevant for travelers from Taiwan/Japan/Thailand |
| Social media |
Facebook, Instagram, X (Twitter), Threads, Reddit, TikTok (international) |
Douyin (Chinese TikTok) works; international TikTok doesn't |
| Google |
Gmail, Google Maps, YouTube, Google Drive, Google Search, Google Docs |
The entire Google ecosystem is gone |
| AI tools |
ChatGPT, Claude, Gemini, Perplexity |
All major Western AI services blocked |
| News |
NYT, BBC, Reuters (partial), Bloomberg (partial) |
Many international news outlets blocked or heavily throttled |
| Productivity |
Notion, Dropbox, Slack (intermittent) |
Some business tools have inconsistent access |
| Other |
Wikipedia (Chinese edition), various academic resources |
Even some research databases are restricted |
The practical impact: about half the apps on a typical Western smartphone become decorative once you cross the border. Your maps don't work. Your messages don't send. Your email is gone. That's the reality.
How the Great Firewall Actually Works
Understanding the GFW helps you understand why most VPNs fail. It's not a simple blocklist — it's a multi-layered detection system.
Deep Packet Inspection (DPI)
Every packet crossing China's border passes through DPI infrastructure. Even when it can't read encrypted content, DPI analyzes packet structure, timing patterns, handshake signatures, and statistical properties of the traffic. Standard VPN protocols — OpenVPN, WireGuard, PPTP — have distinct fingerprints that DPI catches instantly.
Active Probing
This is what makes the GFW uniquely dangerous. When it detects suspicious traffic heading to an unknown server, it doesn't just watch — it connects to that server itself and sends carefully crafted probe packets. If the server responds like a proxy, it gets blocked. This technique has neutralized entire classes of circumvention tools.
Machine Learning Classification
The GFW now uses heuristic rules to identify fully encrypted traffic, including entropy analysis, ASCII character ratio tests, and packet size distribution checks. Even if your protocol has no recognizable signature, the GFW can flag it based on how "random" the traffic looks compared to normal HTTPS.
QUIC and DNS Targeting
Recent upgrades include nationwide QUIC SNI inspection (a single packet can trigger blocking) and precise identification of DNS-over-HTTPS connections to foreign resolvers. The GFW is systematically closing every side channel.
"Walls Within Walls"
As if the national GFW weren't enough, researchers discovered in 2025 that provinces like Henan operate their own filtering systems — blocking 4.2 million domains, five times more than the national system. Similar provincial firewalls exist in Fujian, Hubei, and Jiangsu, and they've been running quietly for years.
What We Tested: VPN Survival Rates in China
We tested various VPN technologies against China's current infrastructure during Q1-Q2 2026. The results are stark.
Completely Dead
| Technology |
Detection Rate |
Notes |
| PPTP / L2TP |
~100% |
Haven't worked in years |
| Standard OpenVPN |
~100% |
Fingerprinted immediately by DPI |
| Standard WireGuard |
~100% |
Protocol signature too distinctive |
| Original Shadowsocks |
~100% |
GFW has had research-grade detection since 2020 |
If your VPN provider relies on any of these without heavy modification, don't bother bringing it to China.
Under Heavy Pressure
Standard proxy protocols and basic obfuscation layers face detection rates of 85-95% through a combination of DPI, active probing, and ML classification. The GFW's leaked source code showed dedicated reverse-engineering efforts against commonly used circumvention tools — meaning the detection isn't based on general heuristics alone. They're specifically targeting popular tools by name.
What Still Works
The only tools that consistently survived our testing share a single characteristic: they make VPN traffic genuinely indistinguishable from normal web browsing to both automated systems and human analysts.
This goes beyond basic encryption or even standard obfuscation. The tools that work in China in 2026 produce traffic that looks, to every measurable metric, like someone browsing a regular website. Packet sizes, timing intervals, TLS handshake patterns, server responses to probes — everything matches what legitimate HTTPS traffic looks like.
This is an extremely narrow technical requirement, and it's why the vast majority of consumer VPN services — even ones that advertise "stealth mode" or "obfuscation" — fail in China.
How to Choose a VPN for China
Based on our testing, here's what actually matters.
Critical Requirements
-
Traffic that looks normal, not just encrypted: Every VPN encrypts your data. The GFW doesn't care. What it detects is traffic that behaves differently from regular web browsing. Your VPN needs to produce traffic that is statistically indistinguishable from someone loading a news article.
-
Resistance to active probing: If the GFW connects to your VPN server and the server reveals itself as a proxy, game over. Your provider needs technology that responds to probes exactly like a legitimate web server would.
-
Continuous updates: The GFW is a living system. It updates constantly. A VPN that worked three months ago might be blocked today. Look for providers with a track record of rapid response to new blocking techniques — not ones that shipped a "China mode" in 2023 and haven't touched it since.
-
Server infrastructure optimized for China: Latency matters. You want servers in nearby regions — Japan, South Korea, Singapore, Hong Kong — with routing optimized for connections from mainland China. A VPN that sends you through a server in Germany is going to be painfully slow.
-
Install before arrival: This is non-negotiable. The App Store in China removes VPN apps. Google Play doesn't exist. VPN provider websites are blocked. If you arrive in China without your VPN already installed and configured, you're locked out.
Red Flags
- Provider doesn't mention China specifically in their anti-censorship documentation
- Last blog post about China circumvention is from 2024 or earlier
- Relies on OpenVPN or WireGuard without any additional obfuscation layer
- Free with no clear revenue model (you're likely the product)
- Has servers inside mainland China (legally impossible for a circumvention tool to operate there)
Our Pick
(Okay, quick plug time.)
We built Sunset for exactly this environment. It didn't start as a general-purpose VPN that we later added a "China mode" to — it was designed from day one for the Great Firewall.
What that means in practice:
- Purpose-built for the GFW: The entire architecture is designed around traffic disguise. Connections look like ordinary web browsing to DPI, machine learning classifiers, and active probes.
- Optimized routing for China: Servers in Japan, South Korea, Singapore, and other nearby locations with routing specifically tuned for connections originating from mainland China.
- Free tier: Watch a short ad for 30 minutes of access with 5GB monthly data. Enough to check LINE, reply to WhatsApp messages, and access Gmail without paying anything.
- One-tap connection: No protocol configuration, no server selection, no technical knowledge required. Open the app, tap connect.
- Actively maintained: When the GFW updates, we update. This is a continuous arms race and we treat it as one.
Is it the only option that works in China? No. But it's the one we test daily from inside the firewall, and it's the one we can stand behind.
Alright, plug over.
Essential Tips for Using a VPN in China
Before You Travel
-
Install everything before you leave. This is the single most important piece of advice in this entire article. Once you're in China, you cannot download VPN apps from any app store, and you cannot visit VPN provider websites. Install your VPN, log in, and verify it works before your flight lands.
-
Have a backup. No VPN works 100% of the time in China. Install at least two different tools. If your primary goes down during a GFW upgrade, you need a fallback.
-
Download offline essentials. Google Maps doesn't work in China. Download offline maps (or install Amap/Baidu Maps). Save important documents, contact information, and travel details locally. Don't assume you'll have internet access at all times.
-
Tell people how to reach you. If your contacts use LINE or WhatsApp, let them know you might be unreachable or delayed. Consider setting up WeChat as a backup communication channel.
While in China
-
Keep your VPN updated. Anti-censorship tools push frequent updates to stay ahead of GFW changes. An outdated app is a dead app.
-
Don't broadcast it. China's new Cybercrime Prevention Law draft targets anyone who "provides technical support or assistance" for circumvention. Sharing VPN recommendations on Chinese social media, helping others set up VPN tools, or posting tutorials are all potential legal risks. Use your VPN quietly.
-
Be aware of anti-fraud software. Reports from April 2026 indicate that government-mandated "anti-fraud" apps on Chinese phones are being repurposed to monitor for VPN usage. If you're using a Chinese phone or have been asked to install anti-fraud software, be cautious.
-
Try different connection times. The GFW's filtering intensity varies. Connections are often more reliable during off-peak hours (late night, early morning China time). During politically sensitive periods — national holidays, major political events — expect tighter restrictions.
Legal Awareness
The legal landscape is evolving rapidly. The current situation:
- Individual VPN use: Technically a gray area. The vast majority of individual users face no consequences, but "making an example" cases do occur.
- Proposed penalties: The Cybercrime Prevention Law draft proposes fines up to 500,000 RMB and 15 days detention for individuals.
- Sharing/teaching: Actively promoting or distributing VPN tools carries significantly higher risk than personal use.
For a thorough breakdown of the legal risks, see our detailed article on VPN legality in China.
Frequently Asked Questions
Is it illegal to use a VPN in China?
It's complicated. China doesn't have a law that explicitly criminalizes individual VPN use. The regulations target "unauthorized VPN services" — meaning providers, not users. However, the proposed Cybercrime Prevention Law (draft published January 2026) would dramatically increase penalties, with individual fines up to 500,000 RMB (~$68,000) and 15 days detention. In practice, enforcement has historically focused on sellers and distributors rather than individual users, but the legal ground is shifting. We covered this in depth: Is Using a VPN Illegal in China?
Can I download a VPN after arriving in China?
Almost certainly not. Apple removes VPN apps from the China App Store. Google Play is entirely blocked. VPN provider websites are blocked. Even alternative download methods (direct APK links, mirror sites) are increasingly detected and blocked. Install your VPN before you enter China. This is the number one mistake travelers make.
Do free VPNs work in China?
Most don't. Free VPNs typically use standard protocols that the GFW detects instantly. The few that do connect often come with severe privacy risks — logging your traffic, injecting ads, or selling your browsing data. In a country where VPN usage itself carries legal ambiguity, trusting your traffic to an unknown free provider is a particularly bad idea. If budget is a concern, look for a reputable paid provider that offers a free tier (like Sunset's ad-supported 30-minute sessions) rather than a standalone free VPN app. We wrote about the specific risks of free VPNs if you want the full picture.
How does China's GFW compare to Russia's censorship?
They're fundamentally different systems. China's GFW has 20+ years of development, dedicated research labs, and — as the 2025 source code leak revealed — teams that systematically reverse-engineer VPN tools. It uses active probing, machine learning, and provincial "walls within walls." Russia's TSPU system is newer, more aggressive but less precise, and has caused collateral damage (like accidentally blocking banking systems). For VPN users, the practical takeaway is the same: only tools with advanced traffic disguise survive in either country. We've covered the Russian side in detail as a companion to this article.
What if my VPN stops working while I'm in China?
Don't panic — this happens, especially during sensitive political periods or GFW upgrades. First, check if your VPN app has an update available (connect to hotel Wi-Fi, which sometimes has less aggressive filtering). Try different server locations. Switch to your backup VPN. If nothing works, wait a few hours — GFW disruptions are sometimes temporary tests. For a longer-term stay, having a local SIM with international roaming (which bypasses the GFW entirely) as an emergency fallback is worth considering.
Should I use a VPN on my laptop or phone?
Both, if possible. Most travelers rely primarily on their phone, so prioritize mobile. Make sure your VPN works on iOS or Android before departure. For laptop users, the same rules apply — install before arrival. If your VPN supports router-level configuration and you're staying in one place for an extended period, setting it up on a travel router covers all your devices at once.
This article is based on testing conducted in Q1-Q2 2026 from inside mainland China. The GFW evolves constantly — we'll update this guide as conditions change. For Chinese-language readers, see our Chinese version of this guide and our detailed GFW update for 2026 Q2.