VPNs are widely used in China to circumvent the Great Firewall, a state-sponsored internet censorship system. For many people in China, a VPN serves as a digital ladder to “climb over the wall”. For businesses, VPNs are crucial for maintaining secure communication with global offices and accessing essential corporate resources.
While the Chinese government has intensified its efforts to block unapproved VPN services, their use remains relatively common for both individuals and businesses.
China VPN reality at a glance
China’s government has clarified its stance on VPNs: only government-approved VPNs are legal. These are typically for corporate use and must be obtained from state-owned telecommunications companies.
On the other hand, personal use is not technically illegal in every case, but it is heavily restricted and actively discouraged through advanced detection methods and the blocking of unapproved services.
To formalize its control, the Chinese government has become more aggressive in its efforts to block VPN traffic. This is why many consumer VPNs are unreliable, as they are designed for general use, such as privacy in a coffee shop, rather than bypassing a state-level censorship system.
Does compliance and approval equal perfection?
One could think that using compliant and approved connections is the best solution. Yet even a fully legal one doesn’t guarantee perfect performance. It can still be slow or unstable due to network infrastructure issues and active service filtering.
For these reasons, services must be continuously tested from within China to ensure a good user experience. This can be achieved by combining in-country manual testing and server-based synthetic testing. Together, you can gain the consistent, large-scale data and the human-centric context needed to truly understand your site’s performance in China.
What changed in China’s VPN landscape
The Great Firewall‘s evolution has been a multi-stage process. Especially with the integration of AI and machine learning in recent years, its evolution has accelerated to an adaptive and automated censorship system.
From gray to clear
In the mid-2000s, commercial VPN services emerged, and their use surged in the mid-2010s.
While the use of unauthorized VPNs was technically against the rules, the government mainly focused on VPN providers and commercial entities. There was a tacit understanding that individuals could bypass the Great Firewall for personal purposes, such as accessing social media or foreign news, as long as they did not challenge the state.
The turning point
On January 22, 2017, the Ministry of Industry and Information Technology (MIIT) announced plans to “clean up and regulate” the internet market. This document was the legal basis for the subsequent crackdown operation.
For business use, VPNs were acknowledged as a necessary tool for international business, but companies were required to use licensed providers and obtain government approval. In contrast, personal use was actively restricted, with a crackdown on unlicensed providers and a push to block individual access to unapproved services.
Characteristics of approved business VPN services
Approved business VPN services operate with government approval and have two defining features:
- Nationwide Coverage: The licenses are granted by the MIIT and cover operations across the entire country. This allows a company with offices in different regions across China to use a single, approved service to connect all its locations.
- A legal and centralized system: Businesses can get formal, nationwide VPN access that is legal yet monitored. This contrasts with personal use, which has more ad-hoc technical blocks.
While these may seem appealing to foreign businesses, obtaining a legal VPN requires accepting three conditions:
- Oversight: Companies using these services must comply with regulations like the Cybersecurity Law, Data Security Law, and Personal Information Protection Law. The Chinese government can inspect your data and operations at any time.
- Logging: Your network traffic is logged for at least six months, so it is not private.
- Licensing: You must use a state-sanctioned provider, and the approval process is difficult and expensive.
(Legal Disclaimer: For informational purposes only. This content is not legal advice. Please consult with an attorney or a local legal provider to confirm and act on this information.)
The technical reality of VPN traffic in China
With the advancement of technology, the Great Firewall is now much more sophisticated. Here, we’ll take a deeper look at the technical realities of VPN traffic in China.
Three levels of sophistication in VPN blocking
The simplest method involves blocking IP addresses that are known to belong to consumer VPN servers. Many consumer VPNs use a static and widely known list of servers, making them easy targets.
The firewall now goes beyond simple IP blocking. It uses two key technical methods to analyze traffic in real-time:
- Deep packet inspection (DPI): The firewall inspects the actual data packets and not just the IP address. This allows it to identify the “fingerprint” of a specific VPN protocol (like OpenVPN), which has a unique combination of data packet size and timing.
- Protocol heuristics: The system uses rules of thumb to guess if a connection is a VPN. If it sees encrypted traffic with unusual patterns that don’t match standard, approved protocols, it immediately blocks it.
Additionally, the system is no longer a passive blocker. It actively scans for and tests new VPN servers from within China. If a server responds in a way that suggests it’s a VPN, it is immediately added to the blocklist. This means that even a brand-new, previously unknown VPN server can be blocked within minutes of going online.
Performance limits
Businesses operating with cross-border internet traffic in China must be aware of several technical performance limits. These issues can occur even on compliant connections due to the nature of the internet infrastructure and censorship systems.
- Latency: The time delay for data to travel from a source to a destination. In China, latency is high for international connections due to long travel times and government inspection.
- Jitter: The variation in latency. If data packets arrive at inconsistent intervals, it causes a “choppy” experience, which is especially noticeable during real-time communication.
- Packet loss: This occurs when data packets fail to reach their destination. The system can discard data during inspection, which forces a resend, leading to a poor user experience.
- Volatility during sensitive periods: The censorship and blocking rules are not static. The government tightens its control over the internet during sensitive periods, which leads to a temporary yet significant rise in performance issues, including high latency and data loss, on all cross-border connections.
Enterprise solutions for compliance
Businesses can use legal, licensed solutions to meet their connectivity needs in China. These services are officially sanctioned by the government, which ensures compliance with local regulations. Common enterprise options include:
- Licensed IPSec, MPLS, and SD-WAN: These secure, business-grade network solutions are specifically approved for cross-border traffic, offering a reliable way for companies to connect offices and access corporate resources.
- Cross-border dedicated lines: These are private, high-speed fiber lines that offer a direct, secure connection between China and overseas destinations, bypassing the public internet for a more stable connection.
These solutions are essential for legal operation, but they do not guarantee perfect speed or uptime.
Why a VPN alone ≠ China readiness
A VPN is not a complete solution for customers in China, but it provides only a basic connection for businesses’ internal use. Here are two reasons:
Reason 1: Access is not usability
Even with a VPN, a website can still be broken because it relies on other services that are blocked or have poor performance in China. For example, a travel site might use an API to display Google Maps or a social media feed. If that API’s server is blocked in China, the entire feature will fail, regardless of whether a VPN is active.
Reason 2: The Internet reality in China is fragmented
China’s internet is not a single, uniform network. A VPN works like a tunnel; it provides a single connection but doesn’t reflect the full picture. This can be seen in two ways:
- Regional variance: A website that works perfectly for a test user in a major city may be completely unusable for customers in other regions, as the quality and speed of the internet infrastructure vary significantly across the country.
- Internet service providers (ISPs) variance: A single VPN test using one provider won’t tell you how your service will perform for users on another. The performance of your connection can change drastically because each of China’s ISPs has its own network infrastructure and censorship implementation.
The two-pronged approach: add VPN with real testers
A real tester is a person physically located in China who can test your digital service from their own device, using their own internet service provider and network conditions. The strategy is effective because:
It provides a realistic view
Using a VPN from your office outside of China only shows you if your service can technically connect. Having real testers on the ground, across different cities and ISPs, reveals the actual user experience. They can identify if images fail to load in one region, if a payment gateway hangs on a specific network, or if the user interface is too slow to be useful.
It addresses technical variance
As we’ve discussed, internet performance and censorship rules are inconsistent across different regions (e.g., Shanghai vs. an inland city) and major internet providers (China Telecom, China Unicom). This approach allows you to directly address and test for these specific variances, giving you a comprehensive understanding of what your entire customer base will experience.
It helps to replicate and solve problems
When a tester reports a problem, it’s a real-world issue, not a theoretical one. This allows your team to analyze the specific conditions (location, ISP, device) that caused the problem and develop a targeted solution, whether it’s optimizing a component or using a more robust connectivity solution.
The China readiness playbook
In China, any VPN a business uses must be a compliant, licensed solution. Do not confuse it with a private, unrestricted tunnel. It may provide a path, but it doesn’t solve the underlying problems of a fragmented and highly regulated environment. To prepare for the Chinese market, it is essential to have a playbook in hand.
First Step: Establish a secure and compliant internal connection.
If you must use a VPN, work only with licensed providers.
Simultaneously, document all your use cases to ensure clarity and enforce strict device security policies to protect your data, and add continuous monitoring to track connectivity status.
Second step: Harden your digital delivery
This means using China-appropriate CDNs and hosting key content locally where allowed.
You should also consider reducing reliance on third-party services from outside China and building your site with graceful degradation, which ensures the core function works even if some elements fail to load.
Third step: Test and monitor your service
To ensure continuous performance, test your service with real devices across multiple cities before launching to understand how it performs.
After launch, use a mix of synthetic checks and human spot checks to monitor performance. It is also important to have an incident playbook ready to respond quickly to any changes in the online environment.
Moving beyond the basics
Ultimately, a basic connection is not enough for a foreign business in the Chinese market. To truly succeed, you must move beyond a simple “tunnel status” and instead validate your actual user journeys with a professional audit and continuous monitoring.
This is exactly what we do.
At GoClick China, we help companies spot and solve the pain points of the Chinese internet. Our team understands these challenges firsthand, and we customize solutions that improve your site’s performance and give your customers the effortless interaction they expect. Contact us and get started.
