How to bypass the Great Firewall of China in 2026
The Great Firewall of China is the oldest and most-studied internet-censorship system in the world. By 2026 it is also the most technically sophisticated. The GFW's April 2026 escalation — when authorities physically unplugged thousands of relay servers and added entropy analysis to the detection layer — was the latest reminder that protocols that worked last year do not always work this year.
Here is what the GFW does in 2026, which protocols survive it, and what to do if you are travelling to or living in mainland China and need access to the open internet.
A note before we start: this is a technical guide to circumvention. We are not going to tell you that VPN use is risk-free in China. Foreign VPNs are technically illegal under the 2017 cybersecurity law. Individual prosecution is rare and almost always tied to the underlying activity (publishing critical content, organising protests). Routine VPN use — checking foreign news, accessing Google or Gmail, using WhatsApp — is widespread and tolerated for foreigners and most Chinese citizens. Tolerance shifts; behaviour and context matter. We do not recommend ignoring the legal landscape, and we do not recommend pretending it does not exist.
What the Great Firewall actually does
The GFW is not a single system. It is a coordinated set of techniques operated at China's international gateways and at provincial-level filtering points. Six layers of capability work together:
1. DNS poisoning. Lookups for blocked domains return wrong IP addresses or get null-routed. This is the cheapest and most-deployed technique. Most VPNs route around it trivially because the VPN client uses its own resolvers, not the local ISP's.
2. IP blackholing. Known IP ranges of blocked services (Google, Facebook, Twitter, OpenAI, GitHub) are null-routed at the gateway. Direct connections to those IPs do not establish. A VPN exits to a non-blocked IP, which routes around this.
3. Protocol fingerprinting. The GFW maintains a library of protocol signatures. WireGuard's 148-byte handshake initiation. OpenVPN's TLS handshake timing. Shadowsocks's high-entropy stream pattern. The fingerprint library is updated continuously. New protocols get added typically within months of public deployment.
4. Entropy and statistical analysis. Streams that have high entropy from packet one and no preceding TLS handshake stand out from real HTTPS traffic. Even AEAD Shadowsocks variants are now caught by this analysis at 30-60% accuracy per community testing.
5. Active probing. When the GFW sees a suspicious connection, it dispatches its own probe to the same destination, often within minutes. Servers that respond differently from legitimate services get added to the block list. This is how Trojan deployments eventually get caught — their certificates do not match what Certificate Transparency says about the claimed domain.
6. Machine-learning traffic classification. The newest layer, deployed at scale since 2023. ML models trained on labeled VPN-vs-legitimate traffic identify subtle behavioural patterns — packet timing, flow durations, byte sequences during the first second of a connection. The classification is probabilistic, not certain, but it produces enough signal to flag suspect connections for active probing.
The combined effect: a connection that would have worked in 2018 (basic Shadowsocks), 2020 (Shadowsocks AEAD), or 2022 (Trojan with a real certificate) is increasingly likely to fail in 2026. The protocols that survive the GFW today are the ones that perform a real TLS 1.3 handshake to a real public site, with a real third-party certificate, and behavioural patterns that match real browsing.
Protocol-by-protocol assessment for 2026
WireGuard
Dead. The 148-byte handshake initiation packet is too rigid. The GFW detects it on the first packet with near-100% accuracy. Connection establishment fails within 1-3 seconds. NordLynx and Mullvad's standard configurations are detected the same way. Custom WireGuard ports do not help; the fingerprint is in the handshake content, not the port.
OpenVPN (TCP and UDP)
Dead. The TLS handshake timing and control-channel framing are recognisable. OpenVPN-XOR and obfs4 wrappers are detected. ExpressVPN's Lightway has had brief windows where freshly-updated builds slipped past, but those windows are days to weeks before the GFW adds the new fingerprint.
IKEv2 / IPsec / L2TP
Dead. ESP packet structure or IKEv2 handshake patterns are recognisable.
Basic Shadowsocks (stream cipher)
Mostly dead. Old Shadowsocks (chacha20, aes-256-cfb) is fingerprinted by entropy analysis and connection patterns. Detection rate is high.
Shadowsocks AEAD
Partially works. Newer AEAD variants (chacha20-ietf-poly1305) survived 2018-2022. By 2024-2026, the GFW's ML traffic classification flags them at 30-60% accuracy per gfw.report measurements. Self-hosted Shadowsocks with simple-obfs-tls plugin and a real-looking domain still works on some networks; commercial Shadowsocks deployments mostly do not.
V2Ray VMess
Mostly dead. The "WebSocket + TLS + Web" deployment pattern (running VMess inside HTTP/2 over TLS to a real-looking domain) still works for self-hosters who maintain a real fronting website. Most commercial deployments are detected.
Trojan-GFW
Inconsistent. The handshake is real TLS, which evades entropy analysis. The certificate is the giveaway — it is your own (Let's Encrypt or self-issued), not a real public site's. Active probing with Certificate Transparency comparison catches Trojan deployments where the cert does not match what CT says about the claimed domain. Sophisticated self-hosted setups with rotating certs and high-traffic fronting domains still work; most commercial deployments do not.
VLESS Reality with the Vision flow
Works. This is the protocol class that the Iranian and Chinese self-hosted communities converged on, and the one that most consistently survives the GFW in 2026. Reality performs a real TLS 1.3 handshake to a real public site (microsoft.com, cloudflare.com, apple.com) and forwards that site's actual certificate. There is no fake handshake to fingerprint, no self-issued certificate to compare against CT. Active probing returns a real Microsoft response because the server transparently proxies unauthenticated probes to the real site.
The Vision flow (xtls-rprx-vision) eliminates the TLS-in-TLS detection signal that traffic analysis would otherwise produce. Combined, Reality+Vision is statistically indistinguishable from a real browser session to the camouflage host.
The remaining attack vector is IP reputation. The GFW maintains lists of known VPS IP ranges and periodically blocks them. Reality connections from "clean" IP space (residential-looking IPs, business IPs that also serve a stable public service) work consistently; connections from well-known commercial VPN IP pools see periodic blocks. This is why Fexyn maintains a rotating IP pool rather than a static list of advertised server IPs.
NaiveProxy
Works. Uses Chrome's actual networking stack to make HTTP/2 connections to a real backend (Caddy webserver). The traffic is byte-identical to Chrome traffic because it literally is Chrome's network code. The detection problem becomes "distinguish NaiveProxy users from real Chrome users at the behavioural layer," which the GFW has not deployed at scale.
The blocker on NaiveProxy is operational: it requires running Caddy as the proxy server, which is more complex than most commercial VPN deployments are willing to support. As a self-host option, it is excellent.
Hysteria 2
Sometimes works. QUIC-based, low overhead, good performance on lossy networks. The GFW has been adding QUIC fingerprinting capability since 2024; Hysteria's specific QUIC fingerprint is increasingly distinguishable from Chrome's QUIC fingerprint. Detection rate around 40% as of May 2026 in our testing.
TUIC v5
Works on some networks. Same family as Hysteria; less widely deployed. Similar QUIC-fingerprint vulnerability emerging.
The summary: in mainland China in 2026, Reality+Vision and NaiveProxy are the two protocols that work reliably. Everything else has gaps. Fexyn ships Reality+Vision (Fexyn Stealth). For users who need a backup, having a self-hosted NaiveProxy setup as a parallel option is a reasonable choice for technical users.
What this means in practice
If you are already in China and a VPN you used to use has stopped working, this is what is happening. Your provider is shipping a protocol the GFW now detects. The fix is a different protocol, not a different server. Switching from "ExpressVPN US" to "ExpressVPN Japan" does not help if Lightway itself is blocked.
If you are about to travel to China and need a VPN that works, you need a provider that ships Reality+Vision. The set:
Fexyn (us). Stealth protocol = VLESS Reality with Vision. Tier-based pricing (China is Tier 3 at $4.49/month). Crypto or card billing. Servers in Frankfurt, Helsinki, Cyprus, Ashburn — Cyprus is the closest from China but routing through it from East Asia is suboptimal; Ashburn or Frankfurt usually performs better despite higher latency.
Astrill. Long-time China specialist. Ships V2Ray/XRay protocols including Reality. More expensive (around $15-30/month depending on plan); the long-tenured reputation in the China-traveller community is real.
Self-hosted XRay-Reality or NaiveProxy. The technically-best option. Run your own server outside China on a VPS that has not been added to the GFW IP block list. Use the XTLS-Iran-Reality or klzgrad/naiveproxy tooling. The cost is operational complexity; the upside is no commercial provider can be name-blocked because there is no provider.
What does not work in China in 2026:
NordVPN, Surfshark, ProtonVPN, Mullvad. None ship Reality. NordLynx, Camouflage Mode, Stealth, Mullvad's WireGuard — all detectable by the GFW.
ExpressVPN. Lightway has periodic working windows. Not reliable enough to recommend as a primary option for users who need consistent access.
Free VPNs. Almost universally do not work in China and may carry additional risks (data collection, malware). The exceptions are anti-censorship non-profits like Lantern and Psiphon, which work intermittently but are not commercial VPNs.
Practical setup before you arrive in China
The pattern that works:
1. Install before you fly. This is the single most important step. Most VPN provider websites are blocked at the China gateway; you cannot reliably download a VPN client from inside mainland China. Sign up at fexyn.com/pricing and install the Windows or Android client at home before you travel. The 7-day free trial does not require a card. (macOS, iOS, and Linux clients are coming soon.)
2. Pin Stealth as the default protocol. In Fexyn app settings, set the default to Stealth. Bolt (WireGuard) will not work in China; do not waste time on it. Stealth (VLESS Reality with Vision) is what handshakes through the GFW.
3. Test the connection from outside China before you travel. Connect to the server you plan to use. Confirm the VPN works. This is your baseline.
4. Bring multiple devices. If your laptop's VPN client is misbehaving in your hotel and you cannot fix it on the spot, having Fexyn installed on your phone as a fallback matters. Phone-as-hotspot is the emergency option if hotel Wi-Fi has DPI rules different from mobile-data routing.
5. Have a backup. Seriously. China is the one country where we recommend two independent VPN providers. The best-deployed protocol does not work 100% of the time; a second provider running a different stack is worth the redundancy. Astrill is the standard "second VPN" most China travellers we have talked to use alongside Fexyn or alongside their first choice.
6. Know which servers to try. Cyprus works on some Chinese routes; Frankfurt works on others; Ashburn occasionally outperforms both because the trans-Pacific route has different congestion patterns than the trans-Eurasian one. If one server is slow, switch to another. Latency from China to Cyprus is typically 200-300ms, to Frankfurt 250-350ms, to Ashburn 250-400ms — none of these are great, but all are usable for browsing and most calling.
What to expect once you are in China
Speed. Reality runs over TCP; the trans-continental routing adds latency; the GFW occasionally throttles even successful connections. Realistic expectation: 5-15 Mbps on a typical Chinese hotel or residential connection. Browsing works. Voice and video calls work (though video may downgrade to lower quality). 4K streaming will not work reliably. Large file downloads will be slow.
Reliability during normal periods. Stealth on a working server typically maintains stable connections for hours. Occasional drops happen; the Fexyn client reconnects automatically.
Reliability during major events. Around politically-significant dates (October 1 National Day, Tiananmen anniversary on June 4, sessions of the National People's Congress, major foreign visits), the GFW intensifies. Connection rates degrade. Servers that worked yesterday may not work today. The pattern lasts days to weeks; switching server location helps; switching providers sometimes helps; sometimes you wait it out.
Reliability during the April 2026 escalation. The most-recent major escalation. Authorities physically unplugged thousands of relay servers, added entropy analysis to the detection layer, and started flagging more aggressively. Reality continued to work for most users; some self-hosted Shadowsocks deployments stopped working and migrated to Reality. This is the trajectory: each escalation eliminates a layer of weaker protocols and pushes everyone to whatever survives.
Mobile vs desktop. Both work with Reality. Mobile is sometimes more reliable because mobile operators have slightly different filtering paths than fixed-line residential ISPs. Hotel Wi-Fi varies enormously; some hotels have stricter DPI than the underlying ISP because they buy filtering as a service.
Hong Kong. Hong Kong is not behind the GFW. Standard VPN protocols work in Hong Kong. If you are travelling to Hong Kong specifically and not crossing into the mainland, any reasonable VPN works.
WeChat and Chinese apps. WeChat works without a VPN; the GFW does not block traffic going to Chinese services. If you only need WeChat, you do not need a VPN. If you need Google, Gmail, Instagram, Facebook, WhatsApp, Twitter, YouTube, or most Western services, you need a VPN.
Frequently asked
Is it illegal to use a VPN in China?
Yes, technically, for unauthorized providers. The 2017 cybersecurity law requires VPN providers to be licensed; foreign VPNs are not licensed. Enforcement against individual users is rare and almost always tied to the underlying activity. We do not recommend ignoring the legal landscape; we do recommend understanding what the actual risk is, which for ordinary use by foreigners and most Chinese citizens is low.
Will my Chinese SIM card affect VPN access?
Not directly. The GFW filters at the IP gateway level, regardless of which carrier you are on. China Mobile, China Unicom, China Telecom all route through the same filtering infrastructure. Your SIM card determines which carrier you are on; it does not change whether a VPN protocol works.
What about a Hong Kong SIM card?
Hong Kong SIM cards roaming in mainland China still route through the mainland gateway when in mainland China. Some Hong Kong roaming plans use Hong Kong's exit IPs (which are not behind the GFW); this is sometimes called "mainland China roaming with Hong Kong network" and is a reliable way to bypass the GFW without a VPN, but it costs more than a regular Chinese plan.
Do I need a VPN in mainland Chinese hotels?
If you need access to anything blocked in China — Gmail, Google services, Western social media, most non-Chinese news — yes. Most international hotel chains (Hilton, Marriott, Hyatt) provide Wi-Fi that is still subject to the GFW. Some chains advertise "VPN-friendly" Wi-Fi but the underlying filtering is the same.
What is the difference between Reality and "Reality+Vision"?
Reality is the transport mechanism — real TLS handshake to a real public site, server forwarding the real certificate. The Vision flow (xtls-rprx-vision) is an additional layer that eliminates the TLS-in-TLS detection signal. Plain Reality without Vision started failing in TSPU (Russia) in late 2025; it works in China for now but is on the same trajectory. Fexyn ships Reality+Vision; the distinction matters.
Can I use a VPN to access Tor in China?
Yes, but Tor itself is blocked. The pattern is "VPN → Tor": connect to a VPN with a working protocol (Reality), then run Tor over the VPN. Tor's bridge mode (using obfs4 bridges) is an alternative but is increasingly detected by the GFW; running Tor over a working VPN is more reliable.
What if I need to make a phone call?
VPN-tunneled WhatsApp, Telegram, Signal, FaceTime, Zoom all work over Reality. Quality depends on connection latency and bandwidth. Voice over IP through a 250ms VPN tunnel is usable but not great; video calls will downgrade to lower quality.
Is there a free VPN that works in China?
Lantern and Psiphon work intermittently. They are not commercial VPNs; they are anti-censorship tools designed for one-off access to specific blocked content. For sustained reliable access during a trip or extended stay, a paid VPN with Reality (Fexyn or Astrill) is the practical answer.
What if my VPN gets blocked while I am in China?
Switch server location first (Cyprus → Frankfurt → Ashburn). If that does not help, try a different protocol if your provider offers one (Fexyn does; ExpressVPN's Lightway-vs-OpenVPN-vs-IKEv2 are all detectable, so the protocol switch usually does not help with Express). If that does not help, your backup VPN is the answer. If you do not have a backup, ask the local expat community on a working communication channel (the China-resident forums on Telegram and Reddit are surprisingly good at "what VPN is working today" updates).
Why does VPN access to ChatGPT not work even with Fexyn?
Two layers of blocking: the GFW blocks OpenAI's IP ranges, AND OpenAI's terms exclude Chinese accounts. The VPN solves the first; for the second, you need a non-Chinese phone number for sign-up and a non-Chinese payment method. The full ChatGPT page covers this in detail.
Try Fexyn free for 7 days — Stealth (VLESS Reality with Vision) on every plan. The VLESS Reality protocol guide covers the technical detail. The protocol comparison covers the alternatives. The Iran 2026 piece is the equivalent guide for the second-most-restrictive market we serve.
Last reviewed 2026-05-09. The GFW evolves continuously; we update this page when material changes happen, typically quarterly.