Traditional VPNs are compliant with what are known as RFC standards. RFC means Request For Comments and is promulgated by the Internet Engineering Task Force or IETF.

That being said, RFC compliant IP-VPNs (there are many flavors of VPN) have a special header in your IP packets, that identify them as IP-VPN packets. It's a bit more complicated than that - but that's the general high-level principal.

Because of this - IP-VPN companies created tunneling IP-VPN packets, disguised as other normal network activities, such as HTTPS (secure web browser) traffic, which slows your traffic down considerably - if you use that feature, as it's a packet within a packet, meaning your computer and their computers and network equipment, have to work 2x each way for each packet of information transmitted and received.

The advantage - almost impossible to detect. Disadvantage is of course the speed hit.

ISPs can also create VPNs, which are significantly faster, but also more expensive. These are normally reserved for businesses requiring secure or faster internet tunnels from point to point.

Boring tech junk aside - it's probably wiser to share your favorite VPN client via PM as opposed to publicly advertising it on a forum, for SO many reasons.

@AlexKMG I doubt 2 million employed web monitors are solely interested in a handful of human rights lawyers

DNS servers in China log requests so how can a VPN provide privacy? It's not as though the monitors are not allowed to a use a VPN either! You can change your DNS server to outside of China if you don't want to get caught doing something illegal. But it could be said that this activity has the potential of attracting even bigger league surveillance.

@napolean
Yes, I'm mental. Paranoid too.VPN quashing is akin to whack-a-mole.

@vicar
Your vpn request may be searching for an off-shore DNS, but the DNS request is still visible and subject to intercept and re-routing as it passes through network equipment, on the way to your DNS.

skype.com is an excellent example of DNS intercept. If you use google's offshore DNS servers - your attempt to navigate to the Skype.com international site will still be re-routed to the tom.com Skype site. This is a form of legal and legitimate DNS hi-jacking. Truly annoying if you're an expat and trying to download the English version of Skype.

VPN's avoid this kind of intercept by tunneling through network equipment and giving you an effective point of presence (POP) wherever the VPN lands.

I'm really rusty on this stuff and haven't looked at it for about 16 years, so your milage may vary (YMMV).

China Telecom DNS in Kunming is particularly bad at resolving out-of-country domains. I have reported it a number of times but they seem incapable of comprehending the problem.

I suggest that you use 114.114.114.114 and 114.114.115.115 instead of the China Telecom provided DNS servers for native (non-VPN) DNS resolution of foreign domain names within China.

Sunday night had this problem with DNS and missed the beginning of the footie because of it to :(

Using China Telecom myself so I guess there does lay the problem.

Changed mine to an open source DNS service.
Preferred DNS server: 208.67.222.222
Alternate DNS server: 208.67.220.220

Just another option ;o)

Quick edit, which should of been the main point!

I've used ExpressVPN on laptop and mobile for nearly a year with no real problems.

for vpn users, if u want good user experience, turning off QoS will help.

QoS?

for my phone and computer i used astrill its 40 dollar for 6 month, possible domwlod movie, youtube facebook,

So someone registers on the GKmg public forum, then asks a general question about VPNs that could be answered with a simple search and people respond with all sorts of techie information including IP addresses. Naive or what?