A Virtual Private Network (VPN) is widely considered a must-have tool for all internet users. It encrypts your traffic, keeping your information secure, and enables you to bypass geo-restrictions and access content from across the globe. However, many platforms, such as Netflix, Hulu, and BBC iPlayer, actively try to detect and block VPN connections. VPN traffic may be blocked by other parties, too, including governments in countries like China. As such, you may want to make your VPN undetectable.
Thankfully, some VPNs have found ways to circumvent these blocks, so you can continue to enjoy unrestricted access to your favorite content. That said, depending on which blocks you’re trying to circumvent, you may need to adjust some settings within your VPN app. If you’re stuck with a VPN that isn’t able to bypass blocks, there are some other methods you can try.
In this post, we’ll discuss what types of blocks are in place and provide general information about the VPN settings you may need to configure to circumvent them. We’ll also provide a list of the best VPNs for bypassing VPN blocks and their individual settings. Finally, we’ll reveal a few alternative methods for making a VPN undetectable.
TIP: We’ve found NordVPN is the best option for bypassing blocks. We’ll get into more detail on individual VPNs later.
Types of VPN blocks
There are several types of blocks that can be used to prevent people from using VPNs to access certain content. This means that VPN providers have to stay ahead of the game on multiple levels. For users, the implication is that even if your VPN can bypass one type of block, it doesn’t mean it can circumvent them all. For example, even if your VPN can enable access to Netflix, it may not help you bypass censorship in China or Iran.
Here are the main types of VPN blocks and where you’ll typically come across them:
Internet traffic is transmitted and received via ports, with specific types of traffic generally using certain ports. For example, most regular HTTP traffic uses TCP port 80 and secure (HTTPS) traffic uses TCP port 443. OpenVPN traffic typically uses UDP port 1194, so firewalls often monitor port 1194 and block any encrypted traffic that attempts to use it.
This method is fairly simple to put in place, so it’s likely used by many organizations and governments. However, it’s also fairly easy to circumvent, so it’s often used alongside another blocking method.
IP address blocks
Another method used to detect and block VPN traffic is based on IP addresses. When you connect to a VPN, your real IP address is replaced with one from your VPN server. Many VPNs use shared IP addresses, such that everyone connected to a given server shares the same IP address. If that IP address is discovered, it can simply be blocked by a website or internet service provider (ISP).
This type of blocking is often used by Netflix, Hulu, Amazon Prime Video, and other streaming sites. It is also used in China as part of the Great Firewall, although this is not the only method used.
VPN traffic detection
Instead of looking at where the traffic is coming from or going to, more advanced blocking methods look at the nature of the traffic itself. OpenVPN traffic uses SSL (as does HTTPS traffic). However, it has unique signatures, making it distinct and detectable with the right tools. Deep Packet Inspection (DPI) looks for these signatures and blocks traffic if they’re detected.
DPI is a major component of China’s Great Firewall and is difficult to circumvent.
See also: Best VPN for China
How to make your VPN undetectable
If you find your VPN is being blocked, there are some tricks you can try to make your VPN undetectable and bypass the restriction. Bear in mind that it’s often not obvious why your VPN is being blocked, so you may have to use trial and error with the settings.
Here’s how to make your VPN undetectable:
- Changing ports
- Switching servers
- Changing protocols
Let’s look at each of these and in which situations they’re most useful.
1. Changing ports
A simple trick for evading detection is to switch ports. A few top VPNs offer the option of port forwarding and enable you to choose which port you use within the app settings. For example, forwarding VPN traffic to port 443 is a good idea because that’s the port used by most HTTPS traffic. As mentioned, OpenVPN traffic uses SSL (like HTTPS), so for less advanced detection methods, it can be difficult to spot this traffic on that port.
While it’s worth a try if the option is there, this usually isn’t the most reliable method of bypassing blocks. Entities looking to block VPN traffic will usually employ some other detection measures alongside port blocking, such as DPI.
2. Switching servers
When you switch VPN servers, you change the IP address used to access websites and apps. Meanwhile, your ISP can only see traffic headed to the VPN server but not to the destination website or app. This is often helpful when trying to access geo-restricted sites such as Netflix or BBC iPlayer that have blocked select IP addresses. Many VPNs will let you select specific servers in a given location, so you know for sure that you’re actually switching to a different one.
A lot of the top VPNs will even tell you which server to connect to for a given service. This may be indicated by a label in the server list or you can contact your VPN customer support team to find out.
Similarly, some VPNs will have specific servers to connect to for bypassing government blocks such as in China. You may be told to connect to a server in a certain location, or you might find that servers are labeled as something like “stealth VPN”, “scramble”, or “obfuscated.” In these cases, the VPN is using advanced obfuscation techniques to mask traffic traveling to and from these servers that make it look like a different type of traffic.
We go into more detail about how to find these servers when we discuss individual VPNs and their settings below.
3. Changing protocols
Switching protocols is often successful for bypassing port blocking or VPN traffic detection methods like DPI. Most VPNs use the OpenVPN protocol by default, but this traffic is exactly what site operators and ISPs are on the lookout for.
Your VPN may give the option to switch to different protocols such as PPTP or L2TP/IPSec. The former is not considered secure and should only be used as a last resort. The latter, L2TP combined with IPSec, gives you a highly secure connection and is less likely to be detected.
You may also see multiple options for the OpenVPN protocol, usually using TCP or UDP. OpenVPN works better on the UDP protocol, but since some networks only allow TCP, this protocol is supported, too. Switching to TCP will usually result in slower OpenVPN traffic.
Some VPNs offer special protocols, designed specifically for bypassing blocks. These special protocols use obfuscation technology to mask VPN traffic. VyprVPN’s Chameleon protocol is an example which we discuss in more detail below.
Best VPNs for bypassing VPN blocks
In case you don’t already have a VPN, we’ve put together a list of the best VPNs for bypassing VPN blocks. We reveal what makes them solid choices and show you how to change the necessary settings within each app.
NordVPN Our top VPN for bypassing VPN blocks. It reliably works in China and other countries that restrict VPN usage, and it easily unblocks Hulu, Netflix, and more. NordVPN comes with security extras such as automatic wifi protection, which is handy while on the go. Six devices may be connected at a time and apps are available for Windows, MacOS, Linux, Android, and iOS.
How to access streaming services with NordVPN
NordVPN doesn’t label its servers with what streaming services they work with, but it provides detailed information on its website about which servers to use for a given service. That said, for services like Netflix US and UK, and Amazon Prime Video US and UK, connecting to any server in the relevant country should work, so you may not have to consult the website at all.
NordVPN usually works with the following Netflix libraries:
Connecting to any server in one of those countries should provide you access to the corresponding Netflix library. We’ve also had luck with some other country versions as well.
Note that NordVPN works a bit differently to other VPNs in that every server will give you access to Netflix. If it can’t connect you to the country version that corresponds to the server you connect to, then you will be redirected to the US Netflix library. There is 24/7 live-chat support available to help if you have issues.
How to use NordVPN in China
For Windows, Linux, MacOS, and Android users, the easiest way to connect in China is to use one of NordVPN’s obfuscated servers. If obfuscated servers are already enabled, you will see an Obfuscated Servers option under Specialty servers on the home screen.
If you don’t see the option (as is the case in the above image), you’ll need to enable the obfuscated servers. Go to Settings > Show advanced settings, and agree to the warning by clicking I know what I am doing. Move the toggle button next to Obfuscated Servers to the On (blue) position.
Now go to the app home screen and you should see an Obfuscated Servers option in the server list.
If you select that option, you’ll automatically be connected to the best-obfuscated server for your location. Otherwise, you can choose from the list of 13 countries.
How to change protocols in the NordVPN app
NordVPN uses the OpenVPN protocol, but you have the option to switch between UDP and TCP.
BEST VPN FOR BYPASSING BLOCKS:NordVPN is easy on the wallet, but still provides you with excellent security and performance. Plans come with a 30-day money-back guarantee.
Surfshark is an excellent budget alternative that offers excellent speeds and the ability to bypass restrictions set by streaming platforms, governments, and ISPs. It unblocks Netflix and other popular platforms and offers an obfuscation mode (dubbed “NoBorders mode” in the app) for China. The service comes with strong security features and a no-logs policy. Apps are available for Linux, MacOS, Windows, iOS, and Android, and there is no limit to the number of devices you can connect.
How to access streaming services with Surfshark
Surfshark works in a similar way to NordVPN when it comes to Netflix, except that it doesn’t unblock as many countries. If the server you connect to doesn’t unblock the corresponding library, you will automatically be redirected to the US catalog. Surfshark unblocks Netflix US and UK among other libraries. It also works with Hulu, Amazon Prime Video, and BBC iPlayer. Just connect to a server in the relevant country and you should have access. Surfshark offers around-the-clock support via live chat in case you need help.
How to use Surfshark in China
Surfshark provides special obfuscated servers for use in China and other countries that censor the internet. To use obfuscated servers, you need to switch to NoBorders mode. Go to Settings > Advanced and toggle the NoBorders button to the on (green) position.
How to change protocols in the Surfshark app
Surfshark enables you to switch protocols if needed. Go to Settings > Advanced, and under Protocol, select your desired protocol from the dropdown menu. Note that Shadowsocks is an option here, but Surfshark warns that this should only be used as a last resort. It’s an encrypted proxy, but it only protects your browser traffic, leaving other applications exposed.
BEST BUDGET VPN:Surfshark pegs fast speeds and can unblock all your favorite streaming platforms, plus it doesn’t impose a device limit. You can try it with a 30-day money-back guarantee.
ExpressVPN is a great all-rounder and provides a fast, reliable service that works anywhere in the world, including China. It’s highly secure and will provide access to geo-restricted content, including that from Netflix, Hulu, and Amazon Prime Video. ExpressVPN has apps for Linux, Windows, MacOS, iOS, and Android, and allows up to five simultaneous connections.
How to access streaming services with ExpressVPN
To access Netflix, Hulu, BBC iPlayer, Amazon Prime Video, and other similar platforms using ExpressVPN, you need to connect to a server in the appropriate country.
However, not all servers in a given country will work. To find out which one to use, simply contact customer support via 24/7 live chat and a representative will be able to direct you to the right server. You can usually be up and running in a matter of minutes.
How to use ExpressVPN in China
There’s no special setup required for using ExpressVPN in China. You should be able to connect to a server in a location of your choice and enjoy access to the free web. That said, the ExpressVPN website (like most other VPN provider websites) is blocked in China. As such, you should plan to download the software and set up the VPN before you travel to the country. It’s also a good idea to download any relevant troubleshooting information and save it offline.
How to change protocols in the ExpressVPN app
If you do run into issues and need to try switching protocols, you can do so within the app. Go to the hamburger menu icon and select Options. In the Protocol tab, you’ll see that Automatic is selected by default. When this is checked, ExpressVPN will choose the protocol that it deems most appropriate for your network.
To switch to a different protocol, simply click the circle next to the one you want to use.
GREAT ALL-ROUNDER:ExpressVPN is fast, secure, and reliable, and requires minimal setup.
Hotspot Shield is making vast improvements to various aspects of its VPN service, including unblocking, support for users in countries that impose censorship, and device support. It’s extremely fast and can bypass the restrictions imposed by Netflix, Hulu, and other popular sites. It works in China and other regions that block VPNs. The service uses strong encryption and there are no identifying logs maintained. Apps are available for Windows, MacOS, iOS, and Android, and up to five devices can be connected at a time.
How to access streaming services with Hotspot Shield
All of the US Hotspot Shield servers we tested worked with Netflix US, and UK servers worked with Netflix UK. Other countries are hit and miss. For example, Sweden’s and Spain’s libraries were accessible, but the Canada catalog wasn’t. Hotspot Shield works with BBC iPlayer, Hulu, ITV Hub, Amazon Prime Video, and more. If you have trouble finding a server that works, you can contact customer support via live chat.
How to use Hotspot Shield in China
According to the Hotspot Shield team, all of its servers work in China, so you should be able to simply pick any location for a connection.
Hotspot Shield has a fixed protocol
This provider utilizes its own proprietary protocol (Catapult Hydra) which gives you excellent speeds no matter where you are in the world. There is no option to switch protocols if this one doesn’t work.
SPEEDY AND SECURE:Hotspot Shield’s proprietary protocol keeps your information secure and provides you with a fast connection for streaming, browsing, and more. Plans come with a 45-day money-back guarantee.
VyprVPN is known for its ability to evade government censorship in countries like China and the UAE. Its Chameleon protocol, which is included in the premium service is designed to mask VPN traffic and bypass advanced DPI inspection techniques. It has great speeds and can unblock streaming platforms like Netflix and Amazon Prime Video. You can protect up to five devices at a time, and download apps for iOS, Android, MacOS, and Windows.
How to access streaming services with VyprVPN
VyprVPN doesn’t guarantee access to sites like Netflix and BBC iPlayer. However, we’ve had luck using VyprVPN with those two, as well as Hulu and Amazon Prime Video. This provider does offer a free trial, and it recommends using that to see if the service works with your desired streaming site before signing up. This implies that VyprVPN isn’t able to offer support if your desired service remains blocked.
Since there’s no guarantee about unblocking, none of the servers are labeled as working with specific sites. That said, every US server we tested worked with Netflix, so you’ll probably be fine to just choose one at random.
How to use VyprVPN in China
To circumvent blocks in China, your best bet is to use the Chameleon protocol. This uses obfuscation to disguise VPN traffic and bypass DPI. To switch to the Chameleon protocol, click the gear icon in the upper right-hand corner of the app and select Options. In the Protocol tab, click the circle to the left of ChameleonTM.
How to change protocols and ports in the VyprVPN app
If the Chameleon protocol doesn’t work, or if you want to change protocols for some other reason, you can select one of the other protocols in that screen.
Within the protocol tab, you also have the option to switch ports for both the Chameleon and OpenVPN protocols. With your protocol selected, click Configure. In the Chameleon protocol, you can enter whichever port you want to try or stick with the app’s automatic selection. For OpenVPN, you have the option to change your encryption type as well. While 160-bit is less secure, it can give you a bit of extra speed.
SPECIAL PROTOCOL:VyprVPN unblocks streaming sites and has developed a special protocol for circumventing censorship. It comes with a 30-day money-back guarantee.
PrivateVPN is a name you may not have heard as often as others on this list. This is a smaller provider but that may work in its favor. It manages to avoid blocks by the likes of Netflix, Amazon Prime Video, and Hulu. It also works reliably in China and other countries where censorship is the norm. This is a no-logs provider that uses solid security features to protect your information. It has apps for Windows, MacOS, iOS, and Android, and allows up to six simultaneous connections.
How to access streaming services with PrivateVPN
PrivateVPN makes it super simple to unblock streaming sites. In our experience, choosing any server in an appropriate location works with the desired site. But PrivateVPN is making its app even more user-friendly and is beta testing a list of streaming services along with the servers that unblock each one.
In the app, select Choose Location. In the resulting screen, go to the BY SERVICE tab and you’ll see a list of streaming platforms. Double-click the platform you want to watch, for example, Amazon Prime. The list will expand out to show you all the servers that unblock that service. You may see multiple locations for platforms that offer services in more than one country, for example, Amazon Prime, Netflix, and DAZN. Select a server in the location you want to unblock, then hit the CONNECT button in the main app to be connected to that server.
As mentioned, this list is in beta testing, but you can always contact customer support via live chat if you have any issues.
How to use PrivateVPN in China
You may have luck using PrivateVPN in China using the default settings. But if you’re having issues, you should enable “Stealth VPN.” This feature is specifically designed to mask your VPN traffic and bypass DPI.
To enable Stealth VPN, go to Advanced and select the STEALTH VPN tab. Switch the toggle to the on (green) position.
How to change protocols in the PrivateVPN app
To change protocols, go to Advanced and select the Dashboard tab. In the Connection type dropdown, you can choose which protocol you want to use: OpenVPN (various options), PPTP, or L2TP.
IDEAL STREAMING VPN:PrivateVPN pegs fast speeds and can unblock all your favorite streaming platforms with ease. Plans include a 30-day money-back guarantee.
Alternative software for bypassing blocks
What if you’re already using a VPN that doesn’t provide you with a way to bypass blocks? You may not need to purchase another subscription just yet.
While these solutions aren’t as straightforward as using the above VPNs, there are a few methods you can use to mask your existing VPN traffic:
- Obfsproxy: This is actually a Tor subproject that was developed to hide Tor traffic, but it works with OpenVPN, too. The most commonly used version of Obfsproxy scrambles your traffic to look like nothing. You can read about how to set up Obfsproxy with OpenVPN on Windows and Linux in our guide.
- SSH tunneling: SSH tunneling adds another layer of encryption to your traffic and is simpler to set up than Obfsproxy. It also works on mobile devices. However, the extra layer of encryption slows your traffic down. SSH traffic is blocked by some firewalls, so this isn’t always a reliable option. For example, Netflix detects and blocks any encrypted proxy traffic. You can find out how to wrap OpenVPN traffic in an SSH tunnel in our tutorial.
- SSL/TLS tunneling: Wrapping your OpenVPN traffic in an SSL/TLS tunnel makes it look like regular HTTPS traffic. This method works well in some cases because blocking this traffic often means blocking the ports that HTTPS traffic travels through, which could cause issues. Some VPNs use stunnel, an open-source software, to add an SSL/TLS tunnel. It’s possible to set this up yourself, although it’s not an easy process.
There are also a couple of methods that could work alone, without the use of a VPN:
- Tor browser: This is an open-source browser that provides anonymity bypassing your (encrypted) traffic through multiple computers (nodes) before it reaches its destination. Using the Tor browser alone or in combination with a VPN can help in some situations, but it’s not always suitable. For example, the Great Firewall blocks Tor traffic, so it’s unlikely to help users in China.
- Shadowsocks: This is a socks5 proxy that has been widely used in China, where it was developed, to bypass blocks. It’s open-source, but it is another software that’s difficult to set up. Shadowsocks won’t slow your traffic down as much as other options but it’s not as secure as using a VPN.