VPN services are among the best available tools to protect your online privacy and anonymity, albeit not the only ones. However, there are several occasions where websites block even VPNs themselves. There are obvious cases like streaming services (Netflix, Disney+, Hulu), but this practice can go even further. ISPs, governments, and online services often practice VPN blocking.
Plenty of web entities try to keep track of VPN use, for instance by keeping VPN IP databases and blacklisting them, making you subject to geo-blocking, thus losing access to content worldwide.
To make things worse, VPN blocking can even interrupt your day-to-day anonymous browsing, for instance using a public WiFi at an airport.
Exemplary VPN services like ExpressVPN or NordVPN can help you get around such blocks and continue your anonymous private browsing experience while enjoying online content across the globe.
Moreover, ExpressVPN and NordVPN offer a 30-day money-back guarantee so that you can try their VPN services risk-free. Another premium VPN provider, CyberGhost, provides a 45-day money-back guarantee.
Keep reading to find out how VPNs are blocked and what you can do to stay undetectable.
Why Do VPNs Get Blocked?
From copyright to censorship, there are many reasons why websites block VPNs. Things can worsen in countries with strict digital surveillance where VPN blocking is even more intense. There are several reasons for an online service to prevent VPN connections, and some make real sense while others are unfounded.
In some areas, governments impose strict internet censorship. They may block websites that don’t support the culture and values of their country so that residents can’t digest info that’s contrary to a particular cause. This is, of course, freedom of speech violation, and in most cases, you will find authoritarian governments employing such measures.
Worse, these types of countries also often regulate the use of VPNs, blocking vendor sites and app stores so you can’t download these services.
The most obvious and famous example of strict government censorship is China. The Great Firewall of China restricts all kinds of sites, including Google, social media apps, YouTube, and even news websites.
Unsurprisingly, China even blocks most VPNs, narrowing down the available pathways out of its sponsorship control and raising questions about backdoors open in the allowed VPN services.
There are several other countries where various digital restrictions exist, including Turkey, the UAE, and Iran. Many social media and streaming sites are banned in these countries, as is the use of VPNs.
As you can imagine, finding a VPN that can somehow stay undetected from government censorship is a challenge. This article will show you what you can do to overcome obstacles set by websites, ISPs, and even governments.
Streaming Location Restrictions
The most obvious example in everyone's mind is Netflix, as it will always redirect you to your country's library even if you try to log in from netflix.us or any other variation. Netflix has to block access to content due to territorial licensing. Media content is subject to broadcast and streaming licenses by production companies. In some sense, geo-blocking is a remnant of almost half-century-old legislation, but we have no idea whether territorial licensing will change.
Netflix isn’t the only streaming service enforcing this policy, of course. Most streaming sites only allow access in certain regions— Disney+, BBC iPlayer, Hulu, HBO GO, and ITV Hub are just a few examples of platforms that employ these geo-restrictions. Simultaneously, most US and UK TV channels do not allow online access to their content from abroad.
In some cases you even have to provide your national TV license to be able to watch such channels online. Keep in mind that VPNs cannot help you in cases where you need to provide proof of your cable TV subscription or a UK TV license. You will have to resort to side channels to acquire one.
Some sites are exclusive to a single area, such as Hulu in the US, while other sites like Netflix offer different libraries depending on where you are.
So if you’re not in the country where access is allowed, you’re blocked from tuning in. And they don’t make it easy to get around these geoblocks; Netflix’s proxy error is one of the toughest to defeat.
Some internet service providers (ISPs) limit VPN use to stop copyright infringement. While many VPN users engage in P2P sharing to send and receive files like images or videos, others use torrenting for piracy. They download copyrighted content from the Pirate Bay or its alternatives.
However, if we are honest, in this case, ISPs punish the tool used rather than the offender, and this harms everyone using VPNs, regardless of what they do online.
But if your VPN can prevent your ISP from seeing that you’re using a VPN, the ISP can’t interfere with your online activities. Even as a law-abiding citizen (except for when I test and review VPNs, whoops), I don't want my ISP knowing everything I do, because then who knows who else can find out.
School and Workplace Restrictions
Most schools and workplaces introduce restrictions so you can’t access certain websites, including YouTube and social media sites.
As a countermeasure for any violations of such restrictions, they may even block VPNs while you’re connected to the institution’s WiFi network.
I can't complain too much about this, but it has to be mentioned as one reason for VPN blocking, although I had no such issues during my internships at tech companies and organizations.
Types of VPN Blocks
There are many reasons why a VPN gets blocked. But have you ever wondered how exactly they’re blocked? Thankfully, the most common techniques are also the easiest to get around.
When you connect to your VPN, it masks your real IP address and displays the VPN server’s IP address instead.
This means that when to head over to Netflix US while connected to a US server, Netflix will see a US IP address of the VPN server you are currently using. This is also the IP you will see if you test your VPN for leaks using ipleak.net or if you want to check your IP address while connected to a VPN service.
Theoretically, this means any geo-restrictions should be easy to get around. But it’s not always as simple as that.
Many sites keep a database of identified VPN server IP addresses e.g., Netflix, Disney+, and the BBC iPlayer.
So the moment you hop onto a VPN server that uses an IP address on that list, the streaming service will block you instantly.
This is why many VPNs can’t access sites with tough geoblocks, like Netflix and the BBC iPlayer, as they don't have enough VPN servers and IPs to stay ahead of IP blocking.
Most VPNs use specific ports when they connect to the internet.
These ports are identified by numbers and function as tunnels that internet traffic is routed through. For example, when you use the OpenVPN security protocol, your traffic is usually sent to port 1194. You can find the ports used by each VPN protocol in my breakdown of the most popular VPN protocols.
It’s easy to block certain types of traffic when that traffic goes through the same port—all a website needs to do is monitor that port and block the traffic it doesn’t want.
When that happens, you can’t get onto your favorite sites, VPN or not. Port blocking isn’t as common as IP blocking, but it’s still easy to get around by simply switching ports. Using random ports is a common practice for many client applications including BitTorrent clients.
It goes without saying that respectable VPN providers follow the same approach.
Deep Packet Inspection (DPI)
DPI is a highly advanced and complex way of blocking VPN traffic. Rather than checking where the traffic comes from, sites look at the type of traffic instead, identifying common patterns used by VPN services.
When you use a VPN, your traffic is anonymous and hidden, but certain security protocols, like OpenVPN, use unique cryptography signatures that can be detected. With DPI, your traffic can be flagged and blocked without breaking its encryption.
OpenVPN is commonly blocked as most VPNs use this as their default protocol, which means sites block traffic because they think you’re using a VPN. Even though no one can actually see your traffic, they can see that it’s been encrypted with OpenVPN.
This kind of VPN block is callous to bypass. It’s a technique that the Great Firewall of China uses to restrict VPN use, and that’s one of the reasons why finding a VPN to use in China is difficult.
But if your VPN that allows you to change security protocols, it’s possible to bypass DPI.
VPN providers that use next-generation protocols like Wireguard (Cyberghost, Surfshark, and PrivateInternetAcess) or its variations (Lightway for ExpressVPN and NordLynx for NordVPN) are definitely the way to go if you aim to take down the Great Firewall of China.
How to Bypass VPN Blocks
Now that you know how and why VPNs get blocked, it’s time to think about how you can get around the restrictions. First of all, you need to make sure you choose a high-quality VPN that offers everything you need as avoiding VPN blocks requires strong security.
Obfuscated servers are advanced features that usually only come with leading VPNs. To understand how they work, first, think about your standard VPN connection:
When you connect to a VPN server, anyone who sees your connection—including your ISP, government surveillance agencies, and other third parties—can see that you’re using a VPN even though they can’t see your actual traffic. They still can see a signature that indicates the use of a VPN protocol.
An obfuscated server hides your VPN traffic altogether.
It scrambles your data to make your VPN traffic look like any other internet traffic, removing identifying metadata so anyone watching will think you don't use a VPN.
These servers add another layer of anonymity, so your browser traffic and your VPN client's traffic are completely hidden simultaneously.
Since your VPN appears as regular traffic, it makes it easier to bypass VPN restrictions. This feature is ideal for places with harsh digital censorship, like China, where most VPNs are entirely banned as it will bypass Deep Packet Inspection.
Obfuscated servers also employ port randomization.
They scan for open ports to send your traffic through, instead of always using the same one, which significantly reduces the risk of you being detected by port blocking.
It’s unlikely someone is watching every possible port to block VPN traffic potentially. And it’s even less likely that your traffic will be blocked using obfuscated VPN servers since no one even knows you’re using a VPN.
Dedicated IP Addresses
Dedicated IP addresses are another great feature to have, and it’s something you should look for in a VPN if you’re worried about being detected. Usually, you can purchase dedicated IP addresses on top of your monthly VPN subscription.
VPNs tend to use shared IP addresses. This means that when you connect to a server and obtain an IP address, all the other users connected to the same VPN server will also have that same IP address. IP addressing is very easily detectable.
All it takes is multiple people with the same IP address accessing a platform like Netflix to make it easier for the service to spot the VPN usage.
All a web service has to do is block that shared IP address.
A dedicated IP address helps you get around this issue by assigning you a unique IP address that you don’t share with anyone else.
So even though you’re using a VPN, Netflix will only see you with that IP address, no one else.
As you’re not sharing that identifier with anyone else, the sites you visit are more likely to think you’re just a regular user accessing the internet from your device in your home country—and that means you won’t get blocked.
Sometimes you can solve VPN blocking by simply switching to another server in the same country. It’s not uncommon for servers to be blacklisted, but if a VPN has a large server network, you can try disconnecting and connecting to another.
Most leading VPNs offer regular IP refreshing, too, so sites like Netflix can’t possibly keep up with all the new IP addresses.
Consequently, it is vital to choose a VPN with a higher server count, so you have less chance of getting blocked, but you also need a VPN that offers unlimited server switching. That way, you’re free to connect to as many different servers as you like.
To bypass Port monitoring, sometimes all it takes to avoid detection is to switch ports.
You can find VPNs that already do this for you—many scan ports automatically when you connect so that you can evade blocks.
However, you can manually change ports, too. These are the best ports to switch to:
- Port 443: Unencrypted traffic comes to this port to be sent to a secure website version as this is the port assigned to SSL. For example, if you’re shopping online and about to check out and enter your credit card details, you’ll be sent to the HTTPS site. It keeps your personal details and banking information safe from being leaked. It’s a good idea to change to this port since it’s less likely to be blocked as all normal, secure website traffic is routed through here.
- Port 80: This port is also used for encrypted traffic (HTTPS). It secures all HTTPS sites, so it’s rarely blocked.
If your VPN allows it, you can also use the Secure Socket Tunneling Protocol (SSTP) protocol.
Contrary to OpenVPN that uses port 1194, the SSTP protocol uses port 443 by default. Since this port secures all website traffic, it lets you avoid detection as your traffic is unlikely to be blocked.
Change Security Protocols
Most VPNs offer various security protocols, so it’s not always easy to know which one to use. In most cases, I’d recommend OpenVPN as it’s the most modern protocol and comes with speed and security in one. However, if avoiding detection and blocks is your main concern, switching to other security protocols can help. Many blocking algorithms check for OpenVPN traffic, which makes it harder to evade blocks.
The protocol you should use depends on your chosen VPN and what it offers, as well as your internet needs. You need to know what to expect from each one because, in most cases, you’ll compromise somewhere on either speed or security.
For instance, if you’re looking to get onto a geoblocked streaming site, you’ll want faster speeds. But if you want to secure your online traffic and share anonymous files, you might be less bothered about speed and want stronger security features.
These are two different protocols that are combined. Layer 2 Tunneling Protocol (L2TP) doesn’t offer much security, but it has decent speeds. So it’s paired with Internet Protocol Security (IPSec) to encrypt your traffic and shield you from any leaks fully. However, the extra security slows you down somewhat, so you’d be better off choosing this protocol if you’re more concerned about detection than speed.
Internet Key Exchange v2 (IKEv2) uses IPSec’s level of security and has fast reliable speeds. It’s a good choice for mobile devices to reconnect you if you temporarily lose your internet connection. However, it can be tricky to set up, and it’s only compatible with a limited number of devices.
SSTP is a solid choice for getting around VPN blocks as it uses port 443 just like all other secure internet traffic, so it’s highly secure. However, it’s only available on Windows devices.
WireGuard is a fairly new security protocol that uses OpenVPN’s security with IKEv2’s speeds. It’s a great security option, but only a few VPNs offer it right now, like CyberGhost, Surfshark, and PrivateInternetAccess.
ExpressVPN's WireGuard variation that includes security patches.
NordVPN's WireGuard variation that includes security patches.
PPTP is the most dated VPN protocol and should only be used as a last resort. Premium VPNs have removed PPTP support altogether. It offers high speeds, but it lacks decent security, so you’re at increased risk of leaks and exposure to anyone watching you—risky if you’re somewhere with strict digital censorship.
Switch to Mobile Data
If you’re in the workplace or at school, you can avoid most VPN blocks by simply disconnecting from the WiFi and switching to your mobile data. The restrictions in place are usually just limited to WiFi. Remember, though you have an unlimited data allowance, activities like streaming and gaming can quickly eat away at your data.
Other Ways to Avoid VPN Blocks
Does your VPN not offer obfuscated servers? If you’re familiar with VPNs or are a more tech-savvy user, you can try other advanced methods for avoiding VPN blocks.
Tor, also known as The Onion Router, is free, open-source software that anonymously lets you surf the web. Your traffic enters the Tor network through an entry point, where it’s then sent through several random servers or nodes (relays) before it reaches its final destination.
It’s called The Onion Router because your traffic is wrapped in layers of encryption to keep it anonymous. Layers of encryption are removed as your traffic moves through each node in the network so it can be visible at the exit point.
On its own, however, the Tor browser isn’t completely secure, as your IP address can still be identified at the entry and exit nodes of the Tor relay network.
Surveillance agencies and hackers heavily monitor Tor entry and exit points to detect, block, and intercept traffic. Your IP address also means they can find your exact location at these points too, which is a very alarming possibility.
You can find VPNs that are compatible with the Tor Browser, though.
TOR over VPN
When you try the Tor over VPN approach, your devices connect to a VPN server that encrypts all the Internet traffic. Then, this encrypted traffic is sent to the TOR network through a few TOR hops before it ends up at the final destination (the Internet).
VPN over TOR
When using VPN over TOR your data is encrypted by the VPN when entering and exiting TOR nodes before it ends up routed to the Internet.
Both combinations provide different effects. Connecting to TOR through a VPN generally offers higher security, while connecting to a VPN through TOR generally provides better anonymity.
SSH tunneling is an advanced way of encrypting your traffic and bypassing blocks by sending your data undetected through filtering services. You can create an SSH tunnel by using local port forwarding.
This means connecting your current device to another device elsewhere to bypass a block. You can create an SSH tunnel to connect your work laptop to your computer at home.
This fires up a new browser using a different port, like port 80, to go onto the online shopping website. Your encrypted data is sent to your home computer, but when it reaches its destination there, it’s unencrypted.
This method is used in a host of different applications, including sending and receiving files via FTP, so it’s rarely blocked. But SSH tunneling does come with slower speeds, so I wouldn’t recommend it if you’re trying to stream.
With SSH you can also use remote port forwarding, where you can access servers on your work computer from your home network, for example.
SSL/TLS tunnels are similar to SSH tunnels in that they’re encrypted. SSL/TLS tunnels are used for encrypted HTTPS online traffic or anything that deals with private data, like on your online banking website when you’re transferring money.
Most VPNs offer this feature by default so that you can use it with your VPN. Any prying eyes monitoring port 443 will find it hard to identify whether you’re coming through as regular HTTPS traffic or VPN traffic, so you’re less likely to be blocked.
SOCKS5 Proxy (Shadowsocks)
The SOCKS5 Proxy works by using the Socket Secure 5 protocol to transfer data using a proxy server. SOCKS also adds a layer of authentication that ensures that only the intended user can access the proxy. This makes it a very effective method of anonymizing and sending traffic—perfect for sharing files via P2P.
If you’re in China trying to get onto Google, all Google sees is your proxy-assigned IP address, not your actual device IP address. This lets you bypass any blocks.
One thing to be aware of, though, is that a proxy isn’t completely secure. While it uses authentication, it doesn’t wrap your data in encryption as a VPN does.
You can find VPNs that support SOCKS5 connections so you can combine them for maximum security and restriction-free access.
The Best VPNs for Bypassing VPN Blocks
To make sure your VPN is undetectable to websites and services looking for it, you need to choose a high-quality provider. A service that offers advanced features like obfuscated VPN servers, various security protocols, and an extensive IP address network isn’t always easy to find. But without these features, you risk being detected and blocked.
After lots of research and testing, I’ve rounded up the three best undetectable VPNs so you can continue to browse, stream, and torrent without the worry of blocks.
- 3,000+ super-fast servers in 90 countries
- Obfuscated servers and a range of security protocols, inluding Lightway, OpenVPN, IKEv2 and L2TP/IPSec.
- Compatible with Tor
- DNS leak protection
- Works with: Hulu, Crunchyroll, ESPN, Netflix, BBC iPlayer, Hotstar, Disney+
- Compatible with: iOS, macOS, Linux, Android, Windows, Chromebook, routers
ExpressVPN is a high-speed VPN that comes with military-grade encryption and security measures. I’ve tested it for weeks and found that it’s easy to use, has reliable and super-fast connections, and guarantees access to sites with the toughest geoblocks.
ExpressVPN has multiple security protocols, so it’s a great option if you want to modify your connection to ensure you’re undetectable. My favorite option is Lightway and I highly recommend trying it out.
OpenVPN is the default option, but it’s easily changeable through the settings area.
ExpressVPN is also blistering fast regardless of the protocol used, even the slower ones.
ExpressVPN can even take down the Great Firewall of China using obfuscated servers.
No matter how you connect, ExpressVPN uses 256-bit AES encryption to shield your personal information.
There’s also DNS leak protection to stop your traffic from being leaked and compatibility with Tor for anonymity.
Read my ExpressVPN review to explore the full results of my evaluation of ExpressVPN.
Are VPNs legal?
VPNs are legal in many countries. Most governments don’t place restrictions on using a VPN at all, but there are exceptions. China in particular has taken down VPN use in recent years, blocking nearly all VPN services. Other countries that restrict VPN use include Turkey and the UAE.
Regardless of whether using a VPN is allowed or not, using your VPN for illegal activities like downloading copyrighted movies and songs is considered criminal activity.
Can I use a VPN to avoid blocks on my mobile?
Yes, absolutely. As long as you use a VPN that’s compatible with your mobile device (all the ones in my list are), you can easily bypass blocks on your mobile phones and tablets.
Can I use a free VPN to bypass VPN blocking?
There are plenty of free VPNs out there, but I’d always recommend a premium vendor over a free one. As you’d expect, free often means limited, especially in terms of security protocols.
Hardly any free VPNs can unblock sites like Netflix as they don’t refresh their IP addresses regularly enough. They also hold back on security measures, like kill switches, encryption levels, and no-logs policies, which could compromise your anonymity.