Bypassing VPN Geo Blocks
A Virtual Private Network (VPN) is widely considered a must-have tool for all internet users. It encrypts your traffic, keeps your information secure, and enables you to bypass geo-restrictions and access content from across the globe. However, many platforms, such as Netflix, Hulu, and BBC iPlayer actively try to detect and block VPN connections. VPN traffic may be blocked by other parties, too, including governments in countries like China. As such, you may want to make your VPN undetectable.

Thankfully, some VPNs have found ways to circumvent these blocks, so you can continue to enjoy unrestricted access to your favorite content. That said, depending on which service you’re trying to use, you may need to adjust some settings within your VPN app. If you’re stuck with a VPN that isn’t able to access the site you’re after, there are some other methods you can try.

In this post, I’ll discuss what types of blocks are in place and provide general information about the VPN settings you may need to configure to circumvent them. I’ll also provide a list of the best VPNs for bypassing VPN blocks and their individual settings and reveal a few alternative methods for making a VPN undetectable.

TIP: I’ve found NordVPN is the best option for bypassing online blocking. There’ll be more detail on individual VPNs later.

Types of VPN blocks

There are several types of blocks that can be used to prevent people from using VPNs to access certain content. This means that VPN providers have to stay ahead of the game on multiple levels. For users, the implication is that even if your VPN can bypass one type of blocking, it doesn’t mean it can circumvent them all. For example, even if your VPN can enable access to HBO, it may not help you bypass censorship in China or Iran.

Here are the main types of VPN blocks and where you’ll typically come across them:

Port blocking

Internet traffic is transmitted and received via ports, with specific types of traffic generally using certain ports. For example, most regular HTTP traffic uses TCP port 80 and secure (HTTPS) traffic uses TCP port 443. OpenVPN traffic typically uses UDP port 1194, so firewalls often monitor port 1194 and block any encrypted traffic that attempts to use it.

This method is fairly simple to put in place, so it’s likely used by many organizations and governments. However, it’s also fairly easy to circumvent, so it’s often used alongside another blocking method.

IP address blocks

Another method used to detect and block VPN traffic is based on IP addresses. When you connect to a VPN, your real IP address is replaced with one from your VPN server. Many VPNs use shared IP addresses, such that everyone connected to a given server shares the same IP address. If that IP address is discovered, it can simply be blocked by a website or internet service provider (ISP).

This type of blocking is often used by Netflix, Hulu, Amazon Prime Video, and other streaming sites. It is also used in China as part of the Great Firewall, although this is not the only method used.

VPN traffic detection

Instead of looking at where the traffic is coming from or going to, more advanced blocking methods look at the nature of the traffic itself. OpenVPN traffic uses SSL (as does HTTPS traffic). However, it has unique signatures, making it distinct and detectable with the right tools. Deep Packet Inspection (DPI) looks for these signatures and blocks traffic if they’re detected.

DPI is a major component of China’s Great Firewall and is difficult to circumvent.

See also: Best VPN for China

How to make your VPN undetectable

If you find your VPN is being blocked, there are some tricks you can try to make your VPN undetectable and bypass the restriction. Bear in mind that it’s often not obvious why your VPN is being blocked, so you may have to use trial and error with the settings.

Here’s how to make your VPN undetectable:

  1. Changing ports
  2. Switching servers
  3. Changing protocols

Let’s look at each of these in more detail and the situations they’re most useful.

1. Changing ports

A simple trick for evading detection is to switch ports. A few top VPNs offer the option of port forwarding and enable you to choose which port you use within the app settings. For example, forwarding VPN traffic to port 443 is a good idea because that’s the port used by most HTTPS traffic. As mentioned, OpenVPN traffic uses SSL (like HTTPS), so for less advanced detection methods, it can be difficult to spot this traffic on that port.

While it’s worth a try if the option is there, this usually isn’t the most reliable method of bypassing blocks. Entities looking to block VPN traffic will usually employ some other detection measures alongside port blocking, such as DPI.

2. Switching servers

When you switch VPN servers, you change the IP address used to access websites and apps. Meanwhile, your ISP can only see traffic headed to the VPN server but not to the destination website or app. This is often helpful when trying to access geo-restricted sites such as Netflix or BBC iPlayer that have blocked select IP addresses. Many VPNs will let you select specific servers in a given location, so you know for sure that you’re actually switching to a different one.

A lot of the top VPNs will even tell you which server to connect to for a given service. This may be indicated by a label in the server list or you can contact your VPN customer support team to find out.

Similarly, some VPNs will have specific servers to connect to for bypassing government blocks, such as in China. You may be told to connect to a server in a certain location, or you might find that servers are labeled as something like “stealth VPN”, “scramble”, or “obfuscated.” In these cases, the VPN is using advanced obfuscation techniques to mask traffic traveling to and from these servers that make it look like a different type of traffic.

I’ll go into more detail about how to find these servers when we discuss individual VPNs and their settings a little later.

3. Changing protocols

Switching protocols is one easy way to bypass port blocking or VPN traffic detection methods like DPI. Most VPNs use the OpenVPN protocol by default, but this traffic is exactly what site operators and ISPs are on the lookout for.

Your VPN may give the option to switch to different protocols such as WireGuard, PPTP, or L2TP/IPSec. PPTP is not considered secure and should only be used as a last resort. The other two options, however, give you a highly secure connection and are less likely to be detected.

You may also see multiple options for the OpenVPN protocol, usually using TCP or UDP. OpenVPN works better on the UDP protocol, but since some networks only allow TCP, this protocol is supported, too. That said, switching to TCP will usually result in slower OpenVPN traffic.

Some VPNs offer special protocols, designed specifically for bypassing blocks. These special protocols use obfuscation technology to mask VPN traffic. VyprVPN’s Chameleon protocol is an example that I’ll discuss in more detail below.

Best VPNs for bypassing VPN blocks

In case you don’t already have a VPN, don’t worry: I’ve put together a list of the best VPNs for bypassing VPN blocks. This will reveal what makes them solid choices and show you how to change the necessary settings within each app.

Here is my list of the best VPNs for bypassing VPN blocks:

1. NordVPN

NordVPN is my top VPN for bypassing VPN blocks. It reliably works in China and other countries that restrict VPN usage, and it has no issues with Hulu, Netflix, or other popular services. NordVPN comes with security extras such as automatic WiFi protection and obfuscated servers, which are handy for browsing safely while on the go. Six devices may be connected at a time and apps are available for Windows, macOS, Linux, Android, and iOS.

How to access streaming services with NordVPN

NordVPN doesn’t label its servers with what streaming services they work with, but it provides detailed information on its website about which servers to use for a given service. That said, for services like Netflix US and UK, and Amazon Prime Video US and UK, connecting to any server in the relevant country should work, so you may not have to consult the website at all.

NordVPN usually works with the following Netflix libraries:

  • US
  • UK
  • Canada
  • Germany
  • France
  • Italy

Connecting to any server in one of those countries should provide you with access to the corresponding Netflix library. We’ve also had luck with some other country versions as well.

Note that NordVPN works a bit differently to other VPNs in that every server will give you access to Netflix. If it can’t connect you to the country version that corresponds to the server you connect to, then you will be redirected to the US Netflix library. There is 24/7 live chat support available to help if you have issues.

How to use NordVPN in China

For Windows, Linux, macOS, and Android users, the easiest way to connect in China is to use one of NordVPN’s obfuscated servers. If obfuscated servers are already enabled, you will see an Obfuscated Servers option under Specialty Servers on the home screen.

NordVPN Server Home

If you don’t see the option (as is the case in the above image), you’ll need to enable the obfuscated servers. Go to Settings > Advanced. Move the toggle button next to Obfuscated Servers to the on (blue) position. If this is greyed out, you’ll have to change your protocol to OpenVPN (TCP) in the Auto-connect tab.

Now go to the app home screen and you should see an Obfuscated Servers option in the server list.

NordVPN Obfuscated servers undetectable vpn

If you select that option, you’ll automatically be connected to the best-obfuscated server for your location. Otherwise, you can choose from the list of 13 countries.

How to change protocols in the NordVPN app

NordVPN uses the OpenVPN protocol, but you have the option to switch between UDP and TCP.

NordVPN Protocol

BEST VPN FOR BYPASSING BLOCKS:NordVPN is easy on the wallet, but still provides you with excellent security and performance. Plans come with a risk-free 30-day money-back guarantee.

2. Surfshark

Surfshark is an excellent budget alternative that offers fast speeds and the ability to bypass restrictions set by streaming platforms, governments, and ISPs. It works with Netflix and other popular platforms and offers a NoBorders mode for use in countries like China. The service comes with strong security features and a no-logs policy. Apps are available for Linux, macOS, Windows, iOS, and Android, and there is no limit to the number of devices you can connect.

How to access streaming services with Surfshark

Surfshark works in a similar way to NordVPN when it comes to Netflix, except that it doesn’t work with as many regional libraries. If the server you connect to isn’t suitable, you will automatically be redirected to the US catalog. Surfshark works with Netflix US and UK among other libraries. It also works with Hulu, Amazon Prime Video, and BBC iPlayer. Just connect to a server in the relevant country and you should have access. Surfshark offers around-the-clock support via live chat in case you need help.

How to use Surfshark in China

Surfshark provides a stealth mode for use in China and other countries that censor the internet. To activate this, go to Settings > VPN settings and toggle the NoBorders button to the on (green) position.

Surfshark China

How to change protocols in the Surfshark app

Surfshark enables you to switch protocols if needed. Go to Settings > Advanced, and under Protocol, select your desired protocol from the dropdown menu.

Surfshark Protocol

BEST BUDGET VPN:Surfshark pegs fast speeds and can unblock all your favorite streaming platforms, plus it doesn’t impose a device limit. You can try it with a 30-day money-back guarantee.

3. ExpressVPN

ExpressVPN is a great all-rounder and provides a fast, reliable service that works anywhere in the world, including China. It’s highly secure and will provide secure access to geo-restricted content, including that from Netflix, Hulu, and Amazon Prime Video. ExpressVPN has apps for Linux, Windows, macOS, iOS, and Android, and allows up to five simultaneous connections.

How to access streaming services with ExpressVPN

To access Netflix, Hulu, BBC iPlayer, Amazon Prime Video, and other similar platforms using ExpressVPN, you need to connect to a server in the appropriate country.

ExpressVPN

However, not all servers in a given country will work. To find out which one to use, simply contact customer support via 24/7 live chat and a representative will be able to direct you to the right server. You can usually be up and running in a matter of minutes.

How to use ExpressVPN in China

There’s no special setup required for using ExpressVPN in China. You should be able to connect to a server in a location of your choice and enjoy access to the free web. That said, the ExpressVPN website (like most other VPN provider websites) is blocked in China. As such, you should plan to download the software and set up the VPN before you travel to the country. It’s also a good idea to download any relevant troubleshooting information and save it offline.

How to change protocols in the ExpressVPN app

If you do run into issues and need to try switching protocols, you can do so within the app. Go to the hamburger menu icon and select Options. In the Protocol tab, you’ll see that Automatic is selected by default. When this is checked, ExpressVPN will choose the protocol that it deems most appropriate for your network.

To switch to a different protocol, simply click the circle next to the one you want to use.

ExpressVPN Protocol

GREAT ALL-ROUNDER:ExpressVPN is fast, secure, and reliable, requiring minimal setup. 30-day money-back guarantee included.

4. VyprVPN

VyprVPN is known for its ability to evade government censorship in countries like China and the UAE. Its Chameleon protocol, which is included in the premium service, is designed to mask VPN traffic and bypass advanced DPI inspection techniques. It has great speeds and can securely access streaming platforms like Netflix and Amazon Prime Video. You can protect up to 30 devices at a time, and download apps for iOS, Android, Linux, macOS, and Windows.

How to access streaming services with VyprVPN

VyprVPN doesn’t guarantee access to sites like Netflix and BBC iPlayer. However, we’ve had luck using VyprVPN with those two, as well as Hulu and Amazon Prime Video. This provider does offer a free trial, and it recommends using that to see if the service works with your desired streaming site before signing up. This implies that VyprVPN isn’t able to offer support if your desired service remains blocked.

None of the servers are labeled as working with specific sites. That said, every US server we tested worked with Netflix, so you’ll probably be fine to just choose one at random.

VyprVPN

How to use VyprVPN in China

To circumvent blocks in China, your best bet is to use the Chameleon protocol. This uses obfuscation to disguise VPN traffic and bypass DPI. To switch to the Chameleon protocol, click the Customize tab at the bottom of the app. In the Protocol tab, click the circle to the right of ChameleonTM.

VyprVPN Protocol

How to change protocols and ports in the VyprVPN app

If the Chameleon protocol doesn’t work, or if you want to change protocols for some other reason, you can select one of the other protocols on that screen.

Within the Protocol tab, you also have the option to switch ports for both the Chameleon and OpenVPN protocols. With your protocol selected, click Configure. In the Chameleon and OpenVPN protocol menus, you can enter whichever port you want to try or stick with the app’s automatic selection.

VyprVPN Protocol Settings

SPECIAL PROTOCOL:VyprVPN unblocks streaming sites and has developed a special protocol for circumventing censorship. It comes with a 30-day money-back guarantee.

5. PrivateVPN

PrivateVPN is a name you may not have heard as often as others on this list. This is a smaller provider but that may work in its favor. It manages to avoid being blacklisted by the likes of Netflix, Amazon Prime Video, and Hulu. It also works reliably in China and other countries where censorship is the norm. This is a no-logs provider that uses solid security features to protect your information. It has apps for Windows, macOS, iOS, and Android, and allows up to 10 simultaneous connections.

How to access streaming services with PrivateVPN

PrivateVPN makes it super simple to regain access to your usual streaming sites. In our experience, choosing any server in an appropriate location works with the desired site. That said, you can always contact customer support and ask which one to use if you’re not sure.

How to use PrivateVPN in China

You may have luck using PrivateVPN in China using the default settings. But if you’re having issues, you should enable Stealth VPN. This feature is specifically designed to mask your VPN traffic and bypass DPI.

To enable Stealth VPN, go to Advanced and select the STEALTH VPN tab. Switch the toggle to the on (green) position.

PrivateVPN China

How to change protocols in the PrivateVPN app

To change protocols, go to Advanced and select the Dashboard tab. In the Connection type dropdown, you can choose which protocol you want to use: OpenVPN (various options), PPTP, or L2TP.

PrivateVPN Protocol

IDEAL STREAMING VPN:PrivateVPN boasts fast speeds and can unblock all your favorite streaming platforms with ease. Plans include a 30-day money-back guarantee.

Testing methodology: finding the best VPNs for bypassing blocks

There are many VPN services out there but not all of them are created equal and can bypass the various VPN blocks that are in place. I reviewed many different VPN services in order to find the best ones for bypassing VPN blocks. Here are the factors I considered when making my choices for the best undetectable VPNs:

  • Servers: The more servers the better. This increases the chances of there being servers that aren’t blocked by various entities. It helps if some of these servers are obfuscated. This is especially important in a jurisdiction like China for getting around the government-level blocks in place.
  • Settings geared towards bypassing blocks: Settings such as the ability to change VPN protocols and port numbers make it easier to bypass blocks. Some ports and protocols are blocked by some entities, so it’s useful to be able to make these changes.
  • Strong security: Strong security features can never be ignored. VPNs should keep your browsing private so that governments and ISPs are unable to see your browsing activity. Strong security can also keep you protected while on public or open WiFi networks.
  • Speed: While being able to bypass blocks is nice, it isn’t worth it if you aren’t able to do things like stream or general browsing comfortably. The VPNs that I picked are fast and let you browse and stream with ease.

Read more about my VPN testing methodology.

Alternative software for bypassing blocks

What if you’re already using a VPN that doesn’t provide you with a way to bypass blocks? You may not need to purchase another subscription just yet.

While these solutions aren’t as straightforward as using the above VPNs, there are a few methods you can use to mask your existing VPN traffic:

  1. Obfsproxy: This is actually a Tor subproject that was developed to hide Tor traffic, but it works with OpenVPN, too. The most commonly used version of Obfsproxy scrambles your traffic to look like nothing. You can read about how to set up Obfsproxy with OpenVPN on Windows and Linux in our guide.
  2. SSH tunneling: SSH tunneling adds another layer of encryption to your traffic and is simpler to set up than Obfsproxy. It also works on mobile devices. However, the extra layer of encryption slows your traffic down. SSH traffic is blocked by some firewalls, so this isn’t always a reliable option. For example, Netflix detects and blocks any encrypted proxy traffic. You can find out how to wrap OpenVPN traffic in an SSH tunnel in our tutorial.
  3. SSL/TLS tunneling: Wrapping your OpenVPN traffic in an SSL/TLS tunnel makes it look like regular HTTPS traffic. This method works well in some cases because blocking this traffic often means blocking the ports that HTTPS traffic travels through, which could cause issues. Some VPNs use stunnel, an open-source software, to add an SSL/TLS tunnel. It’s possible to set this up yourself, although it’s not an easy process.

There are also a couple of methods that could work alone, without the use of a VPN:

  1. Tor browser: This is an open-source browser that provides anonymity bypassing your (encrypted) traffic through multiple computers (nodes) before it reaches its destination. Using the Tor browser alone or in combination with a VPN can help in some situations, but it’s not always suitable. For example, the Great Firewall blocks Tor traffic, so it’s unlikely to help users in China.
  2. Shadowsocks: This is a socks5 proxy that has been widely used in China, where it was developed, to bypass blocks. It’s open-source, but it is fairly difficult to set up. Shadowsocks won’t slow your traffic down as much as other options but it’s not as secure as using a VPN.

Bypassing VPN Geo Blocks FAQs

Is using a VPN legal in China?

The use of VPNs in China is banned. However, while the Chinese government has rarely punished people for using VPNs, some people have been fined for using VPNs, this doesn’t seem to apply to foreigners, however. If you have a VPN app installed from the list above before traveling to China, then you should be able to access blocked websites such as Facebook and Google without many issues after arriving.

Can I just use a free VPN?

Free VPNs may seem enticing. However, they don’t offer the same level of performance as paid VPNs. Free VPNs just don’t have the same infrastructure in place as paid VPNs. They have fewer servers and the servers that are available aren’t as powerful as those provided by a paid VPN service. This leads to slow connection speeds and lag. On top of that, the security features offered by paid VPNs, such as kill switches and encryption, are oftentimes not present with free VPNs.

Some free VPNs have even engaged in the collection and selling of user data for a profit. In fact, one such VPN, Hola VPN, sold users’ bandwidth for botnets. On top of all of this, some VPNs limit the amount of daily data that users can use and many don’t even work in China. They are also not able to unblock services such as Amazon Prime Video in many cases. If you want a reliable, fast VPN service, it is better to go with a paid VPN subscription such as the ones on this list.

Are VPNs safe?

Yes, VPNs are safe. In fact, using a VPN while connected to the internet is safer than not using one. While using a VPN, your IP address will be masked. This protects your private information and identity while you’re online. VPNs even offer protection on open WiFi networks.

See also: