How to Set Up and Use Surfshark VPN in China

Published by James Brown on October 22, 2019

Last updated on November 13, 2019

Surfshark is one of the best VPN deals that you will find anywhere.

Get Surfshark for only $1.99/month

But the question you may want to know is: Does Surfshark VPN work in China?

Yes, Surfshark does work in China. In fact, it is currently rated #2 on the Best VPN for China page.

However, it can be tricky to set up. Don't expect too much help from their support (it's about as good as you can expect from a VPN that charges under $2/month). But don't worry, I'm here to help guide you through everything you need to know about how to use Surfshark in China.

You may find that the Surfshark apps do not work in China, especially during VPN crackdowns. At the time or writing this guide, the apps are not working in China. The apps may or may not be working at the time you are reading this, so you could always try them first before following this guide.

If the apps don't work for you, follow these steps to use SurfShark in China.

Method #1 - How to set up manual Shadowsocks

Step 1 - Open the Surfshark website and log into your account

If you are in China, you can use this alternative link to access the Surfshark website.

Step 2 - Enable Shadowsocks

Click on the Devices option as shown below

Choose Devices

Then scroll down to the bottom of the page until you see the Advanced heading. Then choose Shadowsocks.

Choose Shadowsocks

Now click the Enable Shadowsocks button.

Enable Shadowsocks

You should now see a Shadowsocks port and password.

Shadowsocks port and password

Step 3 - Download the Shadowsocks app for your device

Shadowsocks for Windows

Shadowsocks for Mac

Shadowsocks for Android (or download from the Play Store if you have another VPN)

For iOS, download the Shadowrocket app from the Apple App Store. This app costs $2.99 and you will need a non-Chinese iTunes account. If your iTunes account is registered with a Chinese address, you can make a new US iTunes account.

If you don't want to pay $2.99 for Shadowrocket, you can try some free apps such as Potatso Lite. However, these free apps usually have DNS leaks and don't work with VoIP (WhatsApp voice calls, etc). So it's recommended to pay $2.99 for Shadowrocket if you can afford it.

Step 4 - Find working IP addresses

This is the tricky part. You will need to find IP addresses that are not blocked in China. If you don't want to do this yourself, you could check the bottom of this page for some recommended IPs that I found.

Do not follow the instructions on the Surfshark website. You cannot enter the server hostnames directly or ping the hostnames because the DNS requests are poisoned in China.

To find working IPs, copy the server address from the Surfshark website and look up the IPs using the OpenDNS CacheCheck website.

For example, here are the results for the Japan location.

OpenDNS CacheCheck results for Surfshark Japan server

Pro Tip: If the IPs shown are blocked, you can often add +1 from what is shown here.

For example, the first IP is Adding +1, we get (only add +1 to the last of the 4 numbers).

This is a special trick that only works for Shadowsocks connections (does not work for OpenVPN). It doesn't work 100% of the time, but it usually does.

You need to go through the list and find the IPs that are not blocked in China.

You can check if the IP is blocked in China by sending a ping command. Make sure to turn off any existing VPN connections because you need to ping directly from China.

If you don't know how to send a ping command, refer to this article for instructions.

If you are using a mobile device or if you are not in China yet, you can use this ping tool. The tool is in Chinese language, but it's simple to use. Choose only China servers to ping from, as shown below.

Choose China location only

We are not interested in the ping results from regions other than mainland China, so make sure the other regions are unchecked if you use this tool.

As I am already in china, I will directly send a ping command from Windows. Here is what a successful ping test looks like.

Surfshark Shadowsocks server successful ping

The lower the ping time, the better. Try to find server IPs with a low ping time.

Here is what an unsuccessful ping test looks like (server is blocked).

Surfshark Shadowsocks server unsuccessful ping

Build a list of all the IPs that respond to a ping. Not all of them will work (some servers can get blocked and still respond to a ping).

Step 5 - Enter the server settings

Now that you have a list of possible working servers, you can go ahead and try them. Enter the following server settings into the Shadowsocks app for each server IP that you want to set up.

Server address - Enter an IP from your list (step 4)

Server port - Enter the port shown on the website (step 2)

Password - Enter the password shown on the website (step 2)

Encryption - AES-256-CFB

Remark - Enter any name to identify your server

Any other options can be left as default.

The specific name and order of these options may vary on different platforms. Here is what my settings look like on Windows.

Surfshark Shadowsocks settings for Windows

Step 6 - Test the server

The specific steps on how to connect to the server varies on different platforms. On Windows, right click the icon in the taskbar and choose System Proxy ---> Global. To turn Shadowsocks off, right click the icon and choose System Proxy --> Disable.

For Mac, the options are Turn Shadowsocks On and Turn Shadowsocks Off.

Unlike a traditional VPN connection, you will not know if the server works or not until you try to load a website.

Troubleshooting - What to do if your server doesn't work

If your Shadowsocks servers don't work, or if they stop working after some time, you may need to reset your credentials (port and password) on the website. The server management of the Shadowsocks servers seems to have some bugs. Sometimes ports get closed randomly and sometimes the credentials just don't work.

The first thing to check is whether you can still ping the server. If it doesn't respond to a ping, then it was likely blocked in China and you will need to find another server to use.

If the server responds to a ping, but the Shadowsocks connection fails, then you may need to reset your Shadowsocks credentials on the Surfshark website.

To do this, click on Disable Shadowsocks and then Enable Shadowsocks again. You will get a new port and password. Then you will need to update the Port and Password with your new credentials for each server profile in your Shadowsocks app.

Make sure you test several different servers with your new credentials because sometimes certain servers don't get updated properly (or there can be a delay). If none of them are working, then reset again. Sometimes you may need to reset your credentials several times before it works.

Method #2 - How to Setup Manual OpenVPN

You can download the .ovpn config files directly from the Surfshark website. If you are in China, then use this link instead.

After logging in to your account, click on Devices, and then choose Manual under the advanced section at the bottom (beside Shadowsocks).

If you don't know how to use OpenVPN, you can follow the guides on the Surfshark website, with the following exception. 

You will need to edit the .ovpn config file and change the server hostname to an IP address.

To find working IPs, follow the same instructions as Shadowsocks, except do not add +1 to the IP address. You will need to use the IP addresses from OpenDNS CacheCheck results directly.

If you are using Windows 10, you will also need to add the line block-outside-dns to the config file.

Here is an example of my edited config file for a Japan server on Windows 10.

Surfshark modified OpenVPN config file for China

For the latest speed test results using these methods of connecting to Surfshark in China, check the most recent posts on the 2019 China VPN blog.

I hope you found this guide useful. If you have any questions or comments, leave them below.

Surfshark Working IP Addresses

In order to save you some time hunting for IP addresses that are working in China, I will list a few here and try to keep the list updated as best I can. If you find that any of these are no longer working, please leave a comment.

Shadowsocks IPs *




Los Angeles:

* If the above IPs don't work but still respond to a ping, then you likely need to reset your Shadowsocks credentials on the website. See the troubleshooting section on this page for further details.






Your content goes here...

Desktop Site