The “best VPN for China that works 100%,” this has always been a hot topic among expats in China. Despite the crackdowns and restrictions, there are a lot of VPN providers who’re trying to sell (and upsell) their services for expats in China. Skip introduction.

Furthermore, there’s a bunch of mediocre VPN providers and reviewers out there. Avoid them like the plague.

Most of these reviewers are interested in making easy money using affiliate links. They recommend almost all VPN services for China and claims it’s the best VPN for China. “Here are our top picks,” “we’ve picked out five top-notch VPN providers in China”..meh! Don’t fall for the marketing gimmicks.
I’ve seen some of them including Ivacy in their list. It is no good in my opinion. Not to mention the “well-known” bloggers recommending a multitude of VPN services just to stockpile the referral links.
Finding the best from Google is not an easy job because of the “promoted” content you come across.

You need to put a lot of time and effort to research. Let me help you refine the search.

What’s the Best VPN for China?

ExpressVPN: Very popular and works and promise a 99.9% uptime. The services come with optimized servers for streaming Netflix
SocketPro: SocketPro is essentially a ShadowsocksR proxy service provider. The service is dirt cheap, and they provide few servers to stream Netflix, Hulu and more.
DIY Methods: You could set up your Shadowsocks or ShadowsocksR servers on DigitalOcean, Amazon AWS or any other cloud provider of your choice.

Backstory, Finding The Best VPN for China

Having stayed for almost four years in China, I know what works and what doesn’t when it comes to climbing over the great firewall of China.

I’ve tried multiple VPN providers and even wrote a few tutorials on how to set up DIY SOCKS5 proxies for personal use. Read further if you’re tired of the mediocre China VPN reviews.

I’ll share the two best options. Without further ado, let’s look at the best working for VPN for China.

Note:

The second option is a trustworthy Shadowsocks service provider. Essentially not a VPN.
These are my honest recommendations as of February 2019.

The Best Working VPN for China (Review)

ExpressVPN: You might have heard a lot about them. But there are several solid reasons why you should go with ExpressVPN instead of choosing their competitors.

Major Features of ExpressVPN

Let’s look at why ExpressVPN turns out to be the best VPN for China.

Uptime: ExpressVPN has the best up-time comparing to its competitors. Most of their optimized Asian servers are available round the clock.

AES-256 Encryption: Yes, encryption is an essential factor while looking for the best VPN provider. AES (trusted by security experts) is a secure encryption algorithm used in symmetric key cryptography. Additionally, the company uses an RSA-4096 handshake and SHA-512 hash message authentication code, along with PFS. Meaning, you’re in good hands.

Multiple protocols: ExpressVPN recommends protocols and servers based on the location and connection. The company also lets you choose the protocols manually in case you know what you’re doing.

Sign up with ExpressVPN

Stream/Unblock Netflix: Important feature. A lot of expats in China has a Netflix account and want to stream their favorite TV shows and movies online or on the go. ExpressVPN’s US, UK, Canada, Hong Kong, and Taiwan servers are optimized for streaming Netflix.

Dedicated Apps: ExpressVPN has dedicated apps for MacOS, Windows, iOS, Android, routers, and Linux. Their knowledge base comes with pretty neat guides.

Furthermore, the company offers a “limited” free trial as well. You should try the full-featured version of ExpressVPN “risk-free” for 30 days. Not happy? You’ll get a full refund within 30 days, no questions asked.

Pros

Reliable, ExpressVPN is a trusted brand.
Few servers are optimized for streaming Netflix.
Dedicated Apps

Con

One ExpressVPN subscription only covers three devices of any type.

Best VPN Alternative for China

VPN is not your thing? Do you prefer proxy servers to stream Netflix and access Google? Give SocketPro a try.

What’s SocketPro? It is essentially a ShadowsocksR proxy service provider that offers cheap easy to use proxy servers which lets you unblock websites and climb the GFW. The whereabouts of SocketPro team are anonymous because of the nature of the service they provide.

I’ve been using their service for almost two years. So, don’t worry about anonymity. It’s for their own good to survive in China.

Shadowsocks vs. ShadowsocksR

Shadowsocks is an open source SOCKS5 proxy which, according to their official site, is designed to protect your internet traffic.

ShadowsocksR is a fork of the original Shadowsocks project, claimed to be superior in terms of security and stability.

Here are my blog posts on how to manually setup Shadowsocks and ShadowsocksR.

Why ShadowsocksR instead of a VPN?

A conventional VPN protocol creates a network that slows down Chinese websites, which can be annoying when you’re using Taobao, WeChat, JD.com, etc.

On the other hand, Shadowsocks has a Global Mode and Auto Mode.

Best Working Shadowsocks Service for China — Get SocketPro for All The Devices.

The Global Mode acts similar to a VPN connection whereas the auto settings (Auto mode by PAC) makes sure you can access Chinese website faster, without using a proxy.

Major features of SocketPro

SocketPro is packed with cool features as well. They’ve almost 8000+ active users and 74 node servers.

List of SocketPro Premium Servers — Open image in a new tab for better viewing.

Speed: They use a modern SOCKS5 protocol (ShadowsocksR) to transfer your data, which is faster compared to a traditional VPN.

Cross-platform support: Unlike ExpressVPN, SocketPro DO NOT limit your connection, meaning you can connect all your device at the same time.

Get a SocketPro Account

Secure: Your connection is secured with 256-bit encryption to protect your data from prying eyes.

Pros

Dirt Cheap and fast.
Unlimited bandwidth and speed.
Few servers are optimized for streaming Netflix.

Cons

Monthly plans are okay, but the yearly plan comes with better servers.
No dedicated app for iOS, you should purchase a 3rd party app.

These are the best reliable VPN services in China that lets you access blocked sites, online resources, and stream Netflix. What’s your best pick?

Need A Secure Custom Solution?

Hire me to set up a private proxy/VPN for $50 one-time fee

Send A Message

Shadowsocks is an open-source SOCKS5 proxy which, according to their official site, is designed to protect your internet traffic. As an expat in China, I have tried a few VPN services. The major downside of well-known providers is that their VPNs create one connection for all traffic (which is easier for China’s GFW to detect/block/slow down).

Recently, I tested Shadowsocks on an Ubuntu server based in Singapore and I must say I’m quite happy with SOCKS5 rather than the paid services. I know there are a bunch of tutorials out there on how to configure Shadowsocks. But, I’d like to be more precise providing the best tips and workarounds.

In this tutorial, you’ll learn how to install Shadowsocks and related packages on an Ubuntu server and bypass the Great Firewall of China.

Prerequisites

A DigitalOcean droplet (preferably an Ubuntu or CentOS x64 server) / Cost: Starts from $5 per month. Feel free to sign-up with my referral link if you’re interested.
Notepad++/Sublime Text Editor if you don’t prefer UNIX vi editor.
SFTP/FTP client like WinSCP if you prefer a GUI.

How To Create A New Droplet In DigitalOcean

Note: I highly recommend new users to generate/set-up SSH keys while creating a droplet as they provide a more secure way of logging into a virtual private server with SSH than using a password alone.

How To Install Shadowsocks on Ubuntu 18.04

Let’s fire up putty or any other SSH client and log in to your server as root user.

Once you have logged in to the server, run the following command to update the packages:

$ apt-get update

Now, run the following commands to install Python then Shadowsocks:

$ apt-get install python-pip
$ pip install shadowsocks

Now install M2Crypto, which is the most complete Python wrapper for OpenSSL featuring RSA, DSA, DH, EC, HMACs, message digests, symmetric ciphers (including AES). Run the following commands to install M2Crypto:

$ apt-get install python-m2crypto
$ apt-get install build-essential

Since salsa20 and chacha20 are fast stream cyphers. Optimized salsa20/chacha20 implementation on x86_64 is even 2x faster than rc4 (but slightly slower on ARM). You must install libsodium to use them:

$ wget https://github.com/jedisct1/libsodium/releases/download/1.0.10/libsodium-1.0.10.tar.gz
$ tar xf libsodium-1.0.10.tar.gz && cd libsodium-1.0.10
$ ./configure && make && make install
$ ldconfig

After finishing up the steps above, we must create a .json file (config file) for Shadowsocks. In order to do this, fire up Vi editor or open your text editor and create a new file. Add these data to the file:

{
"server":"your_droplet's_IP_address",
"server_port":8000,
"local_port":1080,
"password":"your_password",
"timeout":600,
"method":"aes-256-cfb"
}

You can choose any encryption method from here.

Save the file as shadowsocks.json and copy it to the /etc folder.

Now start your Shadowsocks server. Run the following command to do so:

$ ssserver -c /etc/shadowsocks.json -d start

You can check the Shadowsocks log file, which is located in /var/log/shadowsocks.log to make sure everything is okay.

Now that you are almost done, we need to make sure Shadowsocks server will be started automatically during system reboots. Edit the file named /etc/rc.local to do so.

Open up /etc/rc.local and add the following content before the exit 0 line.

/usr/bin/python /usr/local/bin/ssserver -c /etc/shadowsocks.json -d start

Now you’re ready to roll.

Note: In the future, use this command: “ssserver -c /etc/shadowsocks.json -d stop” to stop the Shadowsocks server. and “ssserver -c /etc/shadowsocks.json -d restart” to restart.

Server Optimization

There are a number of ways to optimize your server, here are the best ones.

To increase the maximum number of file descriptors:

Edit the limits.conf file located in /etc/security/limits.conf and add the following two lines:

* soft nofile 51200
* hard nofile 51200

Now, temporarily stop the Shadowsocks server to set the ulimit.

Run:

$ ssserver -c /etc/shadowsocks.json -d stop

Now set the ulimit:

$ ulimit -n 51200

To optimize the kernels:

We can optimize the kernel parameters by editing the /etc/sysctl.conf file. Open up the file and add the following lines to the end of the document:

fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.netdev_max_backlog = 250000
net.core.somaxconn = 4096
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 10000 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_mem = 25600 51200 102400
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_congestion_control = cubic

Save it and run this command:

$ sysctl -p

Now that you finished optimizing, start the server!

$ ssserver -c /etc/shadowsocks.json -d start

Shadowsocks Clients:

Check out the clients for different platforms listed on Shadowsock’s official website.