What is the Great Firewall of China

The Great Firewall of China (官方名称: 防火长城; informally GFW) is the world's most extensive internet-censorship system. It is not a single technology or location; it is a coordinated set of techniques operated at China's international gateways and at provincial-level filtering points throughout the country. The GFW has been operational since around 2003, when the original Golden Shield Project (金盾工程) infrastructure came online; it has been continuously upgraded since.

What the Great Firewall does

Six layers of capability work together:

DNS poisoning. Lookups for blocked domains return wrong IPs or get null-routed. Cheapest and most-deployed technique. Most VPNs route around it because the VPN client uses its own resolvers.

IP blackholing. Known IP ranges of blocked services (Google, Facebook, Twitter, OpenAI, GitHub) are null-routed at the gateway. Direct connections to those IPs do not establish.

Protocol fingerprinting. The GFW maintains a library of protocol signatures. WireGuard's 148-byte handshake initiation. OpenVPN's TLS handshake timing. Shadowsocks's high-entropy stream pattern. The library is updated continuously.

Entropy and statistical analysis. Streams that have high entropy from packet one and no preceding TLS handshake stand out from real HTTPS traffic. Even AEAD Shadowsocks variants are caught by this analysis at 30-60% accuracy in 2026.

Active probing. When the GFW sees a suspicious connection, it dispatches its own probe to the same destination, often within minutes. Servers that respond differently from legitimate services get added to the block list.

Machine-learning traffic classification. The newest layer, deployed at scale since 2023. ML models trained on labeled VPN-vs-legitimate traffic identify subtle behavioural patterns.

What is blocked by the Great Firewall

Mainland China blocks most major Western platforms: Google (search, Gmail, Drive, Maps), Facebook, Instagram, X (Twitter), YouTube, Wikipedia (full block since 2019, partial blocks earlier), Discord, Twitch, Reddit, Pinterest, OpenAI / ChatGPT, Bloomberg, Reuters, BBC, New York Times, Wall Street Journal, GitHub partial.

Most major messaging apps from outside China: WhatsApp, Telegram, Signal, Line, KakaoTalk.

Most VPN providers' websites and infrastructure. Standard VPN protocols at the connection layer.

What works: Chinese platforms (WeChat, Weibo, Baidu, QQ, Bilibili, Douyin/TikTok-China, Alipay), most East Asian commercial sites, most international commercial sites where China has not specifically blocked them (Microsoft, Apple, most non-news global services).

Bypassing the Great Firewall in 2026

Standard VPN protocols (WireGuard, OpenVPN, Shadowsocks AEAD, V2Ray VMess) are detected and blocked by the GFW. The protocols that survive are the ones that perform a real TLS 1.3 handshake to a real public host:

• VLESS Reality with the Vision flow — the most-deployed working protocol
• NaiveProxy — uses Chrome's actual networking stack
• Hysteria 2 — sometimes works, QUIC fingerprinting is improving
• ShadowTLS — works similarly to Reality but less mature

For the technical detail, the protocol guide covers VLESS Reality; the bypass-the-Great-Firewall-2026 guide covers the China-specific picture in depth.

Hong Kong and Macau

Hong Kong is not behind the Great Firewall. Hong Kong's internet routes through separate infrastructure with different (much lighter) filtering. Standard VPN protocols work in Hong Kong. The post-2020 National Security Law has tightened some content rules in Hong Kong but has not extended the GFW's technical filtering apparatus.

Macau is similar — its own infrastructure with light filtering, distinct from mainland China.

How Fexyn handles the Great Firewall

Fexyn ships VLESS Reality with the Vision flow as Fexyn Stealth. This is the protocol class that handshakes through the GFW reliably. We do not operate servers inside mainland China. Chinese users connect via Cyprus, Frankfurt, Helsinki, or Ashburn — typical latency 200-400ms depending on the route.

For users travelling to China who need a VPN that will work, the China bypass guide covers setup and what to expect.

Try Fexyn free for 7 days — Stealth (VLESS Reality with Vision) on every plan.