The Best VPNs for China in 2019

Last updated: December 5, 2019
Muhammad Hamza Shahid

Muhammad Hamza Shahid

The Great Firewall is a menace for citizens living in China. Use the recommended VPNs in this guide to bypass the Great Firewall!

Do you know what one of the hardest things about visiting China is?

As the most advanced surveillance state in the world, leveraging online privacy/anonymity in the country is an impossible feat to achieve. China’s system of high-tech spying is inescapable; someone is always watching you.

It’s like you’re roaming around naked, digitally. Excuse the bad example. That’s actually how I felt visting Mainland China two years ago, experiencing “The Great Firewall” in all its might.

Twitter, Instagram, Facebook, WhatsApp, Gmail, and other Google services were all blocked. I couldn’t even get a VPN that could bypass the ban, which led to my research on “working” recommendations.

In-Depth Analysis on the 5 Best VPNs for China

I came up with this listing of the 5 best VPN for China, after putting in 240+ hours, into testing over 80+ providers, determining the top “working” choices for you:

1. Ivacy

The most reliable China VPN

Ivacy Ranks 1st for China VPN

Pros: 1,000+ server’s network in 100 locations. Five simultaneous connections. Unblocks all streaming platforms. Chinese mirror websites available.

IvacyPrime app for China. Split Tunneling (Ivacy actually created the feature) and Automatic Kill Switch. Available on iOS, Mac, Windows, and Android.

Cons: None in terms of its support in China.

Final Verdict: Ivacy is a leader in the marketplace of VPNs, creating the Split Tunneling feature, located away from Internet Enemy Jurisdictions, and even winning awards as the Fastest VPN several times.

It has a verified no-logging policy and has not been caught even once revealing any data to government authorities. Best part of all: they are the only VPN to offer a dedicated app for Chinese residents, called IvacyPrime!

Users in China can download IvacyPrime from two dedicated Chinese pages:

https://www.ivacyforcanada.com/affiliate-china/

https://www.ivacyforcanada.com/special-offer-vpn/

How to Bypass “The Great Firewall” using Ivacy

To defeat the censorship in China, Ivacy offers the most functionalities. It offers a native app for its Chinese audience, giving it an edge over others in the marketplace.

This app can run on your Ivacy premium subscriptions too, but you will have to download it separately by visiting this mirror website link.

Currently, you have dedicated Chinese apps for Windows, Android, and Mac.

Ivacy Chinese Website

As you can see below, the IvacyPrime has a separate installation menu. It is not the app you will download normally through the official website, but rather a tweaked version.

IvacyPrime Setup

It gives Chinese residents the options of unblocking social websites and streaming platforms directly from within the app, so they do not even have to open the browser and enter the URL:

Ivacy Social Sites Unblocking Feature in China

As part of my favorite features for China, if you click on the “gear” icon and go to “Connections”, Ivacy even presents you the option to manually change the port.

If the IvacyPrime app ever stops working in China. You can contact Ivacy’s support team and request them to give a working port for either the OpenVPN (TCP or UDP) protocol.

Ivacy Manual Port Entering for China

The second you enter the recommended port by the support team, your IvacyPrime app will start working once again, allowing you to unblock websites seamlessly, within the country.

Ivacy is the only VPN currently offering such a remarkable feature for its Chinese customers. If you doubt them, you can check their real-time testing on a daily basis at 10Beasts.

2. ExpressVPN

Fast VPN for Bypassing the Great Firewall

ExpressVPN Logo

Pros: 2,000+ server network in 160 locations that deliver fast speeds. Six simultaneous connections. Unblocks US Netflix, Disney+ and other VoDs. StealthVPN bypassing GFW in China.

P2P/Torrenting support. 30-day money back guarantee. Split Tunneling and Automatic Kill Switch. Available on iOS, Mac, Windows, and Android.

Cons: Overall Expensive Service. No Port Forwarding Option.

Final Verdict: ExpressVPN is one of the leading privacy tools in the marketplace, offering unmatched security and privacy to users around the world. It is away from “Internet Enemy” jurisdictions.

The provider even offers a verified zero logs policy, which even the Turkish Authorities could not break, during an investigation concerning the assassination of the Russian Ambassador of Turkey.

Users in China can download ExpressVPN from their dedicated Chinese page here: http://exp4links4.net/

How to Bypass the GFW via ExpressVPN

In order to bypass the GFW using ExpressVPN, you will need to connect to their StealthVPN servers in Hong Kong, specifically designed to defeat censorship in China:

  1. Download the ExpressVPN Windows app
  2. Log into your account and enter activation code
  3. Connect to servers designated for China Users
  4. For instance, Hong Kong – 2 uses Obfuscation
  5. Enjoy bypassing VPN blocks!

How to Bypass the GFW via ExpressVPN

3. Surfshark

Affordable VPN for China

Surfshark Logo

Pros: 1040+ servers in 61 countries worldwide. MultiHop Feature. CleanWebTM (Ad/Tracker/Malware Blocker) Automatic Kill Switch and Wi-Fi Protection.

Low-cost VPN service ($47.76 for 2 years). Legacy Simultaneous Connections (No Limits – USP of the provider). WhitelisterTM for specifying VPN connection.

Cons: Support Needs Improvement. Uses Virtual Locations.

Final Verdict: Based in the British Virgin Islands, Surfshark just like the names above is located in a safe jurisdiction, where user privacy is respected and protected.

The newcomer has become quite famous in a short time, due to its budget-friendly deals and ability to unblock VoDs and bypassing the GFW in China. Their apps and quite user-friendly too.

Users in China can download ExpressVPN from their dedicated Chinese page here: https://shark-cn.com/

How to Bypass the GFW via Surfshark

If you want to bypass the GFW using Surfshark, you will have to activate their “NoBordersTM Mode”, which offers extra security for enjoying the open internet without blocks/restrictions.

  1. Download the Surfshark Windows Application
  2. Subscribe to a plan and enter your login details
  3. Click on the “Gear” icon on the top right corner
  4. Navigate to the “Advanced” settings menu
  5. Activate the “NoBordersTM Mode”
  6. Connect to any available servers!

How to Bypass the GFW via Surfshark

4. Astrill VPN

Powerful VPN for Unblocking 

Astrill VPN Logo

Pros: 400+ servers in 115 cities across 64 countries. Unblocks US Netflix and BBC iPlayer UK. Five multilogins. Smart Mode for activating VPN on specific sites.

Application Filter to choose which apps use VPN. WireGuard support. VPN sharing and App Guard. Automatic Kill Switch and StealthVPN.

Cons: No 24/7 Live Chat. Expensive monthly subscription.

Final Verdict: Based in Seychelles (away from 5, 9, and 14 Eyes Alliances), Astrill VPN is another reliable service for circumventing geo-restrictions in China.

The provider offers an undefeatable StealthVPN feature, which enables you to tunnel all sites and connect to servers in different countries for access in China.

How to Bypass the GFW via Astrill VPN

If you want to access Astrill VPNs obfuscated servers, you will have to use their “Tunnel All Sites” mode. You can activate it by following the easy steps below:

  1. Install the Astrill VPN Windows app
  2. Enter the login details inside the app
  3. On the top right corner, click on “OpenVPN”
  4. From the list of options, select “StealthVPN”
  5. Select “Tunnel All Sites” Mode
  6. Connect to any specialized Server Available!

Bypass the GFW via Astrill VPN

5. TorGuard

Strong Security and Protection

TorGuard Logo

Pros: 3000+ servers in 50+ countries worldwide. OpenConnect SSL. Simultaneous Connections on Five Devices. StealthVPN for bypassing GFW in China.

Supports SOCKS5/SSH/HTTP/SSL. MITM attack protection.  Secure G/PGP encryption. Perfect forward secrecy available. Dedicated IP addresses!

Cons: Based in an FVEY. Confusing Pricing Plans.

Final Verdict: Despite being based in the US, TorGuard tends to be quite a resilient service, offering users protection from the government mandatory data retention.

There have been zero instances of the provider cooperating with security agencies. Their security is unmatched and the availability of dedicated IPs further boosts its credibility.

How to Bypass the GFW via TorGuard

In order to bypass the GFW using TorGuard, you will have to connect to the VPN’s Stealth servers in China. Follow the steps below to access them inside the app:

  1. Download and install TorGuard
  2. Enter your login details
  3. Access the server listings
  4. Select any of the “Stealth” servers
  5. Use the “UDP” protocol
  6. Hit the “Connect” button!

Bypass the GFW via TorGuard

An In-Depth Analysis of 80+ Providers for Bypassing GFW in China

You may think that finding a working VPN in China is a simple task. Oh hell no, it wasn’t. I faced great difficulty in testing VPNs for bypassing the GFW.

Since I do not reside in the country, the task further became difficult. This urged me to get in contact with one of BestVPN.co’s representatives in Beijing.

He has a rented server, so I downloaded WeChat to be in-tune with all the tests on Video Call. My technical analyst and me, tested over 80 VPNs.

Large scale testing of VPNs is quite a difficult task, as anyone caught could be handed over to the Chinese authorities. So, I’m just glad our representative is safe.

Concerning the results, you can look at the Google Spreadsheet I embedded below. Here you can see 3 categories of VPNs in China: Active, Inconsistent, and Inactive.

How Does China Block Sites and VPNs via GFW?

In an attempt to strengthen Cybersecurity, the Chinese Government has passed several controversial laws; stifling political dissent, affecting communication technologies, the formation of international entities, eliminating “freedom of speech”, and affecting areas of academia to business and policymaking.

The country wants zero reliance on anything “outsider” and even takes action against services that could bypass their laws i.e. VPN China services. If you’re like me, this could trigger some curiosity, as to how is China doing this.

Below I dissect the many methods of China’s censorship machine, diving into the technology behind the infamous “Great Firewall” a.k.a. GFW:

Let me warn you, things do get quite technical. I’ll try my best though to simplify it as much as possible…

Blocking Websites

IP Blocking i.e. Deploying a Blacklist

This method involves the creation of a blacklist that includes undesirable IP addresses. Routers drop all packets destined to blocked IPs, which in terms of privacy tools, includes the addresses of VPN sites.

In China, an IP blacklist is injected via Border Gateway Protocol (BGP) using null routing. Since this is a lightweight censorship solution, the government doesn’t need much involvement from ISPs.

DNS Tampering via DNS Poisoning

DNS-related blocking techniques work in conjunction with IP blocking. Those who indulge in the tampering of DNS addresses falsify the response returned by the DNS server via intentional configuration or DNS poisoning,

This DNS server can lie about associated IP addresses, authoritative servers for the domain, any CNAMEs related to the domain, or the existence of the domain itself.

DNS Tampering via DNS Poisoning

China uses this tactic to map Facebook’s domain name to a false address. For the domain name facebook.com, only 1% of vantage points in China, return a mapping to 66.220.158.68, where 94.5% of all vantage points do around the world.

Upon digging further, it is visible that at least 71.1% of vantage points return a mapping to 159.106.121.75, an address that no other country’s servers return, which shows that China has poisoned Facebook’s domain name to a false address.

DNS Hijacking – Injecting Fake DNS

Apart from DNS tampering, routers can disrupt unwanted communication through any channel by hijacking DNS requests containing banned keywords and injected forged DNS replies.

According to researchers, China uses a blocklist of around 15,000 keywords with injections of fake DNS, which block sites even when you utilize a third-party DNS resolver outside the country.

Other More Advanced Techniques

  1. Collateral DNS Damage – When China deploys DNS injections, their Firewall does not separate incoming/outgoing traffic, resulting in large-scale collateral DNS damage. According to research, 15,225 open-resolvers outside China were affected in about 79 countries.
  2. Deep Packet Inspect (DPI) – Working in coordination with an Intrusion Detection System (IDS), China uses DPI for the instant analyzing of connections and blocking, re-routing, or logging it accordingly. All packets incoming to China pass through their Firewall, making blocking of VPN connections easier and less disruptive.

Blocking VPN Services

“Blackholing” VPN Servers

The fire line of defense for China against VPNs is to blackhole websites and services using BGP. A Protocol designed to allow routers to communicate efficiently and inform which resources are and aren’t available to other routers.

Blackholing prevents the TLS handshake from completing, which in turn mitigates the protection offered by VPNs, eventually adding their IPs to their blacklist.

“Blackholing” VPN Servers

Most VPNs have at least two to three servers blackholed by China. CactusVPN, Keenow Unblocker, and VPNArea are a few examples. All of their servers are blackholed.

Attacking the OpenVPN Protocol

OpenVPN (TCP and UDP) is a famous protocol for leveraging anonymity. It is most suited for countries with tough internet laws like China, Egypt, UAE, Iran, Iraq, Turkey, etc.

XOR Obfuscation used alongside the OpenVPN helps providers in bypassing VPN bans in such countries. Governments can’t shut OpenVPN down, due to its utility in enterprise networks.

However, China is getting increasingly clever at identifying unauthorized OpenVPN traffic, particularly those routing it through port 443, intended to disguise OpenVPN as HTTPS traffic.

TCP RST Floods to Shut Down Dissident Devices

The Chinese Government has also adapted towards tackling L2TP over IPSec, which in place of OpenVPN worked quite well, until a few years ago.

Many have experienced an instant blocking of connections deriving from L2TP over IPSec protocols because the GFW shuts them down using TCP RST Floods.

Of course, different configurations may help in bypassing the VPN block in China, but for now, it is safe to say that some modules provide weaker encryption and can be shut up.

Alternatives to Using a VPN in China

It is hard to doubt the usefulness of VPNs, particularly for unblocking VoD services and engaging in P2P/Torrenting. These tools are the epitome of enjoying anonymity.

Especially, in countries like China, where “The Great Firewall” bans access to all foreign services. Does this mean you should rely on VPNs entirely? Not necessarily!

These are two alternatives you can use to receive internet freedom in China:

Data-Roaming with a Foreign SIM Card

Buy a data-roaming SIM from any foreign country or simply from Hong Kong. You can find many SIM cards with data roaming activated for as low as $19.99.

These SIMs have their own data plans. Usually, they come with a 1.5GB data limitation. However, you can opt for a more suitable plan, if it suits your budget.

One of the best China Data SIMs I recommend is from a company called GMHK. You can get the SIM from this eBay link here for $19.99. Shipping costs may add $5.99.

Simply add the SIM in your phone and enjoy unblocking all your favorite apps/websites/services without any hassle!

ShadowSocks Proxy

Created by a Chinese programmer called “Clowwindy”, the ShadowSocks Proxy is an open-source encrypted proxy project. It is used very commonly in mainland China.

This because of its ability to anonymize your network. Unlike other proxies, ShadowSocks utilizes encryption. This allows users from anywhere worldwide to bypass firewalls

The best part of all: you do not have to pay a single penny for using the ShadowSocks Proxy. You can try it by clicking here.

States in China that Do Not Require a VPN Service

Hong Kong and Macau are famous destinations for many, thanks to their amazing nightlife, modern architecture, vibrant lifestyle, and. modern architecture.

At the same time, they exist as the safest locations in terms of internet censorship laws. Where China blocks all access to the outside world, Hong Kong and Macau believe in a FREE lifestyle.

Residents of both states do not have to face the torment of a walled-off internet. However, this still does not mean that the Government or Communist Party is not watching your every move.

Also, there is not much time until the agreement between both states with China regarding internet laws and censorship changes. So, it is still vital to invest in reliable VPN solutions.

How to Protect Yourself from Government Surveillance in China

The “Great Firewall of China” has amassed a great reputation for being incredibly hard to penetrate, preventing users within the country from accessing services in other countries.

The Government tries its best in controlling what content is available for seeing to its citizens. In light of this, they indulge in internet surveillance activities. Follow the steps below to protect yourself:

  1. Keep All Data Off the Cloud – All your passwords, documents, and pictures could become part of the internet data lump. Try moving all your personal information to a secure external hard drive or USB, preferably encrypted.
  2. Use End-to-End Encryption –For protecting all your private conversations, it is crucial to use end-to-end encryption. One of the most famous tools that offer this feature is “off-the-record (OTR) messaging).
  3. Add Strong Passwords to All Accounts –Whether it’s your email, social media, or any other account, make sure to always keep strong passwords with a mix of alphabets, numbers, and various characters.
  4. Use VPN over Tor Configuration –Nothing beats the VPN over Tor configuration by adding an extra layer of privacy! It is almost impossible to trace your identity, as your network passes thousands of nodes around the world.
  5. Use Anti-Virus/Malware Software –Many anti-virus and malware solutions come equipped with advanced tools and threat detection systems that disable the network upon identifying any kind of attack.

Wrapping Things Up

Hosting the most powerful censorship regime in the world, China is a tough country to live in. Though there are alternatives to all websites/services blocked, it is highly irritating not being able to access the ones you actually want to.

With all factors taken into consideration, I highly recommend Chinese netizens to sign up with Ivacy to bypass the Great Firewall. As an alternative, I would suggest them to go for the infamous BVI-based provider, ExpressVPN.

I strive to be as accurate as possible with the complexities of the “Great Firewall”. Nevertheless, do feel free to give your own suggestions about best VPN for China or share your experience with any of the providers mentioned above.

Leave a Reply

Your email address will not be published. Required fields are marked *