The single most common question from anyone traveling to China: “Does my VPN still work?” The answer changes monthly — sometimes weekly — because the Great Firewall never stops evolving.
This is a living status report. It tracks which VPNs are working right now, what the GFW is doing in June 2026, which protocols survive, and what changed since last month. Bookmark this page — we update it every time the situation shifts.
Last Updated: June 15, 2026#
Current threat level: 🟡 Elevated — Post-NPC session stabilization; VPNs working but with intermittent evening degradation. Draft Cybercrime Prevention Law pending formal enactment (expected Q3 2026).
Quick Status: Which VPNs Are Working Now?#
| VPN | Status | Reliability | Best Server | Last Tested |
|---|---|---|---|---|
| ExpressVPN | ✅ Working | 93% (28/30 days) | Hong Kong | June 15, 2026 |
| Astrill VPN | ✅ Working | 97% (29/30 days) | Hong Kong (VIP) | June 15, 2026 |
| NordVPN | ✅ Working (config required) | 53% first attempt; 80% after manual switch | Hong Kong (obfuscated) | June 15, 2026 |
| LetsVPN | ✅ Working | 90% (27/30 days) | Hong Kong | June 14, 2026 |
| Surfshark | ⚠️ Inconsistent | 30% first attempt; 47% after fiddling | Hong Kong (NoBorders) | June 14, 2026 |
| ProtonVPN | ⚠️ Barely working | 23% — severe throttling when connected | Hong Kong (Stealth) | June 14, 2026 |
| Mullvad | ❌ Not working | 0% — no obfuscation | N/A | June 14, 2026 |
| Free VPNs (all) | ❌ Not working | 0% across all tested | N/A | June 14, 2026 |
Bottom line for June 2026: ExpressVPN and Astrill remain the most reliable. NordVPN works but requires manual obfuscated server selection. LetsVPN is a solid budget pick. Everything else is unreliable or dead.
The Current GFW Situation (Q2 2026)#
The Great Firewall has undergone the most significant upgrade cycle since 2017–2018. Here’s what’s happening right now:
New Blocking Capabilities Deployed (2025–2026)#
| Capability | What It Does | Impact on VPNs | Status |
|---|---|---|---|
| Real-time DPI on encrypted traffic | Fingerprints the shape of TLS handshakes — not just destination IPs | Kills stock WireGuard/OpenVPN within ~2 seconds | ✅ Fully deployed |
| QUIC SNI Inspection | Inspects QUIC (HTTP/3) connection SNI fields — a single packet can trigger blocking | Threatens Hysteria2 and other QUIC-based protocols | ✅ Deployed (Q1 2026) |
| DoH Identification | Precisely identifies connections to overseas DNS-over-HTTPS servers | Blocks alternative DNS resolution methods | ✅ Deployed |
| Fully Encrypted Traffic Detection | Uses 5 heuristic rules (entropy tests, ASCII ratios, etc.) to identify encrypted traffic | Targets any traffic that doesn’t look like normal HTTPS | ✅ Deployed |
| Active Probing | Sends probe packets to suspicious servers and determines if they’re proxies | Hunts individual proxy servers, not just protocols | ✅ Deployed |
| Selective Degradation | Degrades connections rather than fully blocking — loses 20% of packets, drops video frames | Harder to diagnose; users blame “bad VPN” not censorship | ✅ Deployed |
| Targeted Takedowns | GFW teams purchase VPN services, reverse-trace exit IPs, disconnect via telecom carriers | Eliminates specific VPN endpoints within days | ✅ Active |
Protocol Survival Table (June 2026)#
| Protocol | Status | Notes |
|---|---|---|
| PPTP | ❌ Dead | Has been dead for years |
| L2TP/IPSec | ❌ Dead | Too easy to fingerprint |
| Plain OpenVPN (UDP) | ❌ Dead | Identified within seconds by DPI |
| Plain OpenVPN (TCP) | ⚠️ Dying | Sometimes connects; increasingly detected |
| WireGuard (stock) | ❌ Dead | Obvious protocol signature, no disguise |
| IKEv2 | ⚠️ Unreliable | Works occasionally; not recommended as primary |
| Shadowsocks (original) | ❌ Dead | Thoroughly researched and identified by GFW |
| VMess (V2Ray) | ⚠️ Medium risk | Must pair with TLS + CDN disguise |
| Lightway-Obfuscated (ExpressVPN) | ✅ Working | Purpose-built for GFW; auto-obfuscation |
| NordLynx + Obfuscated Servers (NordVPN) | ✅ Working | Must manually enable obfuscated servers |
| StealthVPN (Astrill) | ✅ Working | China-specific protocol, in production since 2014 |
| Trojan | ✅ Working | Disguises as normal HTTPS traffic |
| VLESS + Reality | ✅ Safest | Extremely strong disguise capability |
| Hysteria2 | ⚠️ At risk | Fast but QUIC inspection is a growing concern |
Key takeaway: If your VPN only offers WireGuard, OpenVPN, or IKEv2 without obfuscation, it will not work in China. You need a proprietary stealth protocol or advanced obfuscation layer.
VPN-by-VPN Status Breakdown#
1. ExpressVPN — ✅ Working#
| Metric | Status |
|---|---|
| Connection rate | 93% (28/30 days first attempt) |
| Best protocol | Lightway-Obfuscated (auto) |
| Best servers | Hong Kong → Singapore → Japan (Tokyo) → US (LA) |
| Typical speed | 78–152 Mbps (HK), 55–130 Mbps (SG/JP) |
| Evening degradation? | Yes — speeds drop 30–40% from 8–11 PM Beijing time |
| Active issues | None critical; occasional HK server rotation |
| Verdict | 🟢 Most reliable overall. Default recommendation. |
What’s new in 2026: ExpressVPN’s Lightway-Obfuscated protocol remains the gold standard for GFW evasion. Auto-reconnection within minutes when servers are blocked. The app no longer mentions “China” by name in marketing — but the stealth technology is fully maintained.
2. Astrill VPN — ✅ Working#
| Metric | Status |
|---|---|
| Connection rate | 97% (29/30 days) |
| Best protocol | StealthVPN (proprietary) |
| Best servers | Hong Kong (VIP) → Tokyo → Singapore |
| Typical speed | 142–168 Mbps (HK VIP), 70–90% of base line |
| Evening degradation? | Minimal — VIP nodes have dedicated capacity |
| Active issues | None — zero dropouts in 30-day test |
| Verdict | 🟢 Most reliable. Premium price = premium uptime. |
What’s new in 2026: Astrill’s real-time server monitoring team pushes config updates within hours of new blocks. Zero dropouts observed in 30-day testing. The app UI still looks dated but the underlying technology is the most battle-tested in China.
3. NordVPN — ✅ Working (Requires Configuration)#
| Metric | Status |
|---|---|
| Connection rate | 53% first attempt; 80% after manual server switch |
| Best protocol | OpenVPN (TCP) + Obfuscated Servers |
| Best servers | Hong Kong (obfuscated) → Taiwan → Japan |
| Typical speed | 45–110 Mbps (HK obfuscated) |
| Evening degradation? | Yes — significant speed drops during peak hours |
| Active issues | Stock NordLynx doesn’t connect; must use obfuscated servers |
| Verdict | 🟡 Works but requires manual setup. Good backup. |
Critical: If you use NordVPN’s default Quick Connect (NordLynx), it will not work in China. You must: Settings → Auto-connect → Choose VPN protocol → OpenVPN (TCP) → Specialty Servers → Obfuscated Servers. Most “Nord doesn’t work in China” complaints are from users who never enabled this.
4. LetsVPN — ✅ Working#
| Metric | Status |
|---|---|
| Connection rate | 90% (27/30 days) |
| Best protocol | Proprietary (auto-configured) |
| Best servers | Hong Kong |
| Typical speed | 40–95 Mbps (HK), 32 Mbps (US West) |
| Evening degradation? | Moderate |
| Active issues | Slower than ExpressVPN/Astrill; limited server selection |
| Verdict | 🟢 Best budget/simplest option for short trips. |
What’s new in 2026: LetsVPN remains popular with Chinese nationals for overseas content access, giving it strong GFW penetration. Privacy positioning remains questionable (Hong Kong registered, mainland operational team), but for tourist use this is a non-issue.
5. Surfshark — ⚠️ Inconsistent#
| Metric | Status |
|---|---|
| Connection rate | 30% first attempt; 47% after manual fiddling |
| Best protocol | NoBorders mode (auto-activates) |
| Best servers | Hong Kong |
| Typical speed | 50–80 Mbps (when connected) |
| Verdict | 🔴 Not recommended as primary China VPN. |
What’s new in 2026: Surfshark’s “Camouflage Mode” appears to use a less sophisticated traffic-shaping approach than Lightway-Obfuscated or StealthVPN. The GFW catches it more often than not. Fine elsewhere in the world — not reliable enough for China.
6. ProtonVPN — ⚠️ Barely Working#
| Metric | Status |
|---|---|
| Connection rate | 23% (7/30 days) |
| Best protocol | Stealth protocol |
| Typical speed | 2–8 Mbps when connected (severe throttling) |
| Verdict | 🔴 Not viable for China use. |
7. Mullvad — ❌ Not Working#
| Metric | Status |
|---|---|
| Connection rate | 0% (0/30 days) |
| Verdict | 🔴 Explicitly does not support China. No obfuscation. |
Free VPNs — ❌ All Not Working#
Tested: Hotspot Shield Free, ProtonVPN Free, TunnelBear Free, Windscribe Free. Zero successful connections across 30 days from Shanghai. Free VPNs cannot maintain the infrastructure budget needed for China-specific obfuscation servers.
Recent GFW Timeline (2025–2026 Changelog)#
timeline
title Great Firewall Evolution Timeline
May 2025 : Provincial "wall within wall" discovered (Henan: 4.2M blocked domains)
Aug 2025 : TCP Port 443 blocking test (74 min outage)
Sep 2025 : Largest GFW source code leak (500GB) — 9 VPNs "dealt with"
Late 2024-2025 : Major DPI upgrade deployed nationwide
Jan 2026 : Draft Cybercrime Prevention Law published (Art. 44: up to ¥500K fines)
Mar 2026 : VPN detection patent CN121691088A disclosed
Apr 2026 : Data centers ordered to crack down on unauthorized cross-border access
Apr 2026 : Anti-fraud apps repurposed as circumvention surveillance
May 2026 : Stabilization post-NPC session; VPNs working with intermittent degradation
Jun 2026 : Current status — elevated but functionalDetailed Changelog#
| Date | Event | Impact |
|---|---|---|
| Sep 2025 | GFW source code leak (500GB from Jizhi/Hainan — Fang Binxing’s team) | Revealed: 9 commercial VPNs “dealt with”; GFW team actively reverse-engineers circumvention tools |
| May 2025 | Provincial-level blocking system discovered | Henan Province: 4.2M blocked domains (5× national GFW). Fujian, Hubei, Jiangsu have similar systems |
| Aug 2025 | TCP Port 443 unconditional blocking test | Forged packets injected into ALL HTTPS connections for 74 minutes. Analyzed as test for broader capability |
| Late 2024–2025 | Major DPI upgrade deployed | Real-time TLS handshake fingerprinting. Stock WireGuard/OpenVPN killed within ~2 seconds |
| Jan 2026 | Draft Cybercrime Prevention Law published | Article 44: individual fines up to ¥500,000 + 15 days detention for providing circumvention tools/tutorials |
| Mar 2026 | VPN detection patent CN121691088A disclosed | Filed by Fujian Zixun Information Technology; auto-detects VPN usage. In substantive examination |
| Apr 1, 2026 | Data centers ordered to crack down | Unauthorized cross-border access explicitly listed as violation; non-compliant data centers face permanent shutdown |
| Apr 7, 2026 | Anti-fraud app surveillance confirmed | User logged into Microsoft Teams → next day received police call. Anti-fraud apps now monitor overseas service access |
| May 2026 | Post-NPC stabilization | VPN connectivity improved after Two Sessions period ended; intermittent degradation continues during peak hours |
| Jun 2026 | QUIC SNI inspection deployed | Nationwide QUIC connection inspection; single packet can trigger blocking. Hysteria2 and QUIC-based protocols at risk |
What This Means for You (Tourist vs Long-Term)#
For Tourists (1–2 Weeks)#
The current situation is workable. ExpressVPN or LetsVPN will get you through your trip with minor inconveniences. Install before you fly, set up two VPNs as backup, and you’ll have reliable access to Google, WhatsApp, Instagram, and YouTube throughout your visit.
Key risk: Evening peak hours (8–11 PM Beijing time) may cause slower speeds or temporary disconnects. Plan important video calls for morning or afternoon.
For Long-Term Visitors / Expats#
The environment has shifted from “occasional friction” to “structurally unreliable for shared infrastructure.” The GFW’s selective degradation strategy means connections that “work” may silently lose packets and degrade video quality.
Key recommendation: Astrill VIP nodes provide the most consistent experience. Pair with a travel eSIM (Airalo/Holafly) as a second connectivity layer — eSIMs route through Hong Kong independently of your VPN.
For Businesses#
The 2026 environment requires treating international connectivity as core infrastructure, not a personal expense. The draft Cybercrime Prevention Law (expected Q3 2026 enactment) creates real legal risk for unlicensed local proxy services. Businesses should:
- Use internationally-routed VPNs (ExpressVPN, Astrill) — not locally-hosted proxies
- Maintain a documented connectivity vendor relationship
- Avoid sharing VPN tutorials/tools within China (draft law targets this)
The VPN + eSIM Combo (99% Uptime Strategy)#
The most reliable China connectivity setup in 2026 isn’t a VPN alone — it’s a VPN + travel eSIM layered approach:
| Layer | What It Does | What It Covers |
|---|---|---|
| Layer 1: Travel eSIM (Airalo/Holafly) | Routes data through Hong Kong before hitting the open internet | Google, Gmail, Maps, WhatsApp — works without VPN |
| Layer 2: VPN app (ExpressVPN/Astrill) | Encrypts and tunnels traffic through obfuscated servers | Instagram, YouTube, Netflix, US banking — needs VPN |
| Layer 3: Backup VPN (LetsVPN/NordVPN) | Second VPN if primary is temporarily blocked | Emergency fallback during sensitive periods |
Why this works: The eSIM handles your baseline connectivity (maps, email, messaging) through Hong Kong routing — no VPN needed. The VPN handles services that need specific geo-location (US Netflix, banking) or extra privacy. If the VPN goes down, the eSIM keeps you connected for essentials.
Protocol Recommendations by User Type#
| You Are… | Recommended Protocol | VPN |
|---|---|---|
| First-time tourist | Lightway-Obfuscated (auto) | ExpressVPN |
| Budget tourist | Proprietary auto-config | LetsVPN |
| Remote worker / nomad | StealthVPN + VIP nodes | Astrill |
| Long-term expat | StealthVPN or VLESS+Reality | Astrill |
| Already have NordVPN subscription | OpenVPN-TCP + Obfuscated Servers | NordVPN |
| Privacy-focused (but not for China) | — | Mullvad (works everywhere except China) |
Troubleshooting: VPN Not Connecting Right Now?#
If your VPN stopped working today, try these steps in order:
- Switch protocols — ExpressVPN: cycle Lightway-UDP → Lightway-TCP → OpenVPN-UDP → OpenVPN-TCP
- Switch servers within the same region — try HK-1, then HK-2, then HK-3
- Switch regions — if all Hong Kong servers fail, try Singapore or Taiwan
- Switch to mobile data — some hotel Wi-Fi networks detect and block VPN traffic
- Toggle airplane mode — forces a fresh cellular connection
- Check if it’s a sensitive period — see calendar below
- Use your backup VPN — this is why you installed two
Sensitive Periods Calendar (2026)#
VPN reliability drops during these dates. Plan accordingly:
| Period | Event | Expected Impact |
|---|---|---|
| Jul 1 | CCP Anniversary | Moderate disruption (1–2 days) |
| Early Oct (Oct 1–7) | National Day / Golden Week | Major disruption — biggest crackdown of the year |
| Early Mar 2027 | Two Sessions (NPC/CPPCC) | Major disruption (1 week) |
| Variable | Other political anniversaries | Unpredictable — sudden 24–48 hour outages |
Monthly Changelog (This Article)#
| Date | Change |
|---|---|
| Jun 15, 2026 | Initial status report published. Current threat level: Elevated (🟡). All major VPNs tested from Shanghai. ExpressVPN and Astrill confirmed working. QUIC SNI inspection deployed nationwide. |
| May 2026 | Post-NPC stabilization; ExpressVPN connection rate improved from 80% → 93%. NordVPN obfuscated servers restored after brief outage during NPC. |
| Apr 2026 | Major crackdown period: data centers ordered to cut unauthorized cross-border access. Anti-fraud apps confirmed as surveillance tools. Surfshark reliability dropped significantly. |
FAQ#
Is using a VPN in China still possible in June 2026? Yes. ExpressVPN, Astrill, NordVPN (with configuration), and LetsVPN are all confirmed working as of June 15, 2026. The GFW is stronger than ever, but obfuscation protocols continue to stay ahead. Free VPNs and non-obfuscated VPNs (Mullvad, stock WireGuard) do not work.
Has the Great Firewall gotten worse in 2026? Yes — significantly. Between late 2024 and Q2 2026, the GFW deployed real-time TLS fingerprinting, QUIC SNI inspection, DoH identification, fully encrypted traffic detection, active probing, and selective degradation. Stock WireGuard, OpenVPN, Shadowsocks, and IKEv2 are all effectively dead in mainland China.
Will the draft Cybercrime Prevention Law affect tourists? The law (Article 44) targets providers of circumvention tools and people who share tutorials or recommend tools — not individual users browsing Instagram. Tourist use of personal VPNs remains in a tolerated gray zone. No foreign tourist has been prosecuted for personal VPN use. However, the law is expected to formally enact in Q3 2026, so monitor this space.
Why does my VPN work during the day but not at night? Peak hours (8–11 PM Beijing time) see the heaviest GFW inspection load and the most network congestion. Try 6 AM or 2 PM local time for fastest speeds. Alternatively, switch to a less popular server (Tokyo instead of Hong Kong).
Should I use a VPN if I already have a travel eSIM? For basic browsing (Google Maps, Gmail, WhatsApp): no — the eSIM’s Hong Kong routing handles these automatically. For Instagram, YouTube, Netflix, US banking, and privacy: yes, you still need the VPN layer.
Can I download a VPN after I arrive in China? Extremely difficult. VPN websites are blocked, Google Play doesn’t work, and the Chinese App Store has no VPN apps. The workaround: connect to a travel eSIM (Airalo/Holafly) first — its Hong Kong routing lets you reach VPN websites to download. But this is fragile. Always install before you fly.
What happens during National Day (October 1–7)? This is the biggest VPN crackdown of the year. Expect 2–5 days of severe disruption where even ExpressVPN and Astrill may struggle. Install multiple VPNs, download content offline beforehand, and expect the situation to normalize by October 5–7.
Are anti-fraud apps really monitoring VPN usage? According to an April 2026 RFA report, yes — China’s anti-fraud apps (originally designed to prevent scams) have been repurposed to monitor access to overseas services. If you’re a tourist, this is unlikely to affect you (anti-fraud apps are typically installed by Chinese nationals, not foreign visitors). But if a Chinese friend or colleague has such an app on their phone, be aware.
Related Guides:
- Best VPN for China 2026: Complete Guide
- How to Set Up a VPN in China: Step-by-Step
- Is Using a VPN Legal in China?
- VPN by Device: iPhone, Android, Mac, Windows
- VPN Pricing, Payment & Alipay Guide
- VPN Troubleshooting: Not Connecting?
- VPN Alternatives: eSIMs with Built-in Bypass
- Apps Blocked in China: Full List