The ExpressVPN Taiwan 3 manual OpenVPN server is now working again in China using this method.
The great firewall of China has blocked almost all VPN servers this afternoon around 3pm including the ExpressVPN Taiwan 3 manual OpenVPN server. I will still leave this tutorial up in case someone might find it useful in the future.
Many VPN services are currently 100% blocked without a single working server.
I'm happy to confirm that my top 3 recommended VPNs for China have been restoring servers for users in China very quickly and they each have a few servers that are working good right now.
See the 2018 VPN in China blog for daily updates and server speed tests.
If you are having trouble connecting to ExpressVPN, you will need to log out of your account and then re-authenticate using the activation code from your account setup page on the ExpressVPN website. Hong Kong 4, Los Angeles 2, Los Angeles 3, Tokyo, and Singapore Jurong and a few others should be working after you do this.
If you are having trouble with VPN.ac, you will need to restart the app to refresh the server list. Then you should be able to connect to Los Angeles 4, Los Angeles 5, Tokyo 2, Hong Kong 2, and Germany.
12VPN with tested with the Shadowsocks protocol on the China Optimized 2 (HK) and China Optimized 4 (SG) servers. Both were working very well.
Published on June 24, 2018
In today's tutorial I am going to show you how to connect to ExpressVPN using manual OpenVPN configuration files with third party OpenVPN clients for Windows, Mac, Android, and iOS.
As the best VPN for China, ExpressVPN has some seriously fast servers for China and very nice dedicated apps to connect to them with. Unfortunately, the fastest servers have been blocked in China for the last few days.
I was experimenting with different server locations and connection methods trying to find the fastest server to use and I discovered that Taiwan 3 was not blocked when connecting with the manual OpenVPN configuration (although it's blocked when using the app).
ExpressVPN appears to be using separate IP addresses for the app servers and the manual OpenVPN servers. If a server IP used by the app is blocked, sometimes the manual OpenVPN connection for the same server location will still work.
As these manual OpenVPN servers get used much less often, I suspect that they tend to stay "under the radar" of the GFW and don't get blocked as easily.
Another reason for using third party OpenVPN clients is that most of them are open source and considered the safest to use by security experts. Although I trust the ExpressVPN app, I often use the OpenVPN GUI app with manual OpenVPN configs when testing other VPN services that I don't know or trust.
The disadvantage of using these third party apps is that they lack many of the nice features of the ExpressVPN dedicated apps such as built-in server speed testing, kill switch, nice user interface, etc.
Most VPNs will not work at all in China using manual OpenVPN connections. This is because most of VPN providers have not figured out how to make the standard OpenVPN protocol work in China.
Only ExpressVPN and a few others have managed to figured this out.
Ok, let's get started.
Download the latest version of the OpenVPN GUI client and install it.
Download from here if you are in China without an existing VPN.
Go to the ExpressVPN website and log into your account.
If you don't already have another VPN installed, you can access the ExpressVPN website using the link on the China-accessible VPN links page.
After you log into your account, go to the setup page and choose Manual Config as shown below.
Download the configuration files for the servers that you want to connect to. I am just doing Taiwan 3 for this tutorial but you may want to set up a few different locations. Leave this page open because you will need to come back here later to copy your username and password.
If you are using Windows 7 or Windows 8 then you can skip this step.
Windows 10 is notorious for DNS leaks and the VPN will not working properly unless we add the block-outside-dns directive to the configuration file.
Open the .ovpn file in a text editor and add a new line with the text block-outside-dns as shown below.
Now save the file. If you rename the file, make sure that the file extensions stays as .ovpn and not .txt.
Open the OpenVPN GUI app and then right-click on the icon in the taskbar and choose Import file...
After importing the file, you should see a new server on the right-click menu. If I recall correctly, it won't show you the file name when you only have 1 configuration imported. It will just say "connect" or something. In my case, I already have many configurations imported so I can see the name of the file I imported on the bottom of the list.
Choose the Connect option as shown below.
You will need to enter your username and password (shown in step 2) the first time you connect.
The instructions are almost exactly the same as Windows except there is no need to edit the configuration file to block DNS leaks before importing it.
There is no official OpenVPN client for Mac, but you can use the open source Tunnelblick app.
Android is a little more difficult.
The standard .ovpn configuration file from ExpressVPN will not work on the official OpenVPN Connect Android app because the OpenVPN Connect app does not support connecting to a server that uses the fragment directive. And ExpressVPN is using the fragment directive in their config.
I later found out that there is another OpenVPN app for Android that does support the fragment directive. You can use the OpenVPN by Arne Schwabe app (alternative download here) with the config files directly.
For this tutorial, I am going to show you how to modify the config file for TCP so it can be used with the official OpenVPN Connect app (I will need to do this for iOS anyway because there is no OpenVPN app for iOS that supports the fragment directive).
Download OpenVPN Connect from the Play Store.
Or, download it here if you are in China without another VPN already installed.
You can either download the .ovpn file on your computer to edit (and then transfer it to your Android). Or, you can download and edit directly on your Android.
I am going to download the file directly on my Android and edit it using the QuickEdit app.
Save the .ovpn file to your Android's storage after you have made the changes.
Open the OpenVPN Connect app and then tap on the + symbol to import a new server.
Then choose the .ovpn file that you edited in step 3 and tap IMPORT on the top right.
Now enter your username and password shown in the ExpressVPN setup page (see the Windows instructions for screenshot).
Note - To enter the password, you need to choose the option "Save password". Otherwise, you can only enter the username and it will ask you for the password each time you connect.
After you have entered everything, tap on ADD on the top right.
Now that you have imported and saved your profile with your username and password, just choose the profile and tap the toggle switch to connect.
I found the iOS setup the most difficult (probably because I don't normally use iOS). At first I couldn't find a way to edit the .ovpn config file on the device, so I thought I could edit the file on my computer and then transfer it with a USB cable. I found out that such a simple task is not possible on iOS. What a stupid POS operating system.
Maybe it would have been possible if I installed iTunes on my computer, but that isn't going to happen.
Anyway, I was finally able to do it by downloading the Documents by Readdle app.
If you have a Chinese iTunes account, you will need to make a US iTunes account first before you can download the OpenVPN Connect app (Apple removed all VPN apps from the China App store).
Open the setup page and choose Manual Config and then choose the configuration file that you want to set up.
After you tap on the config file that you want, Choose the More... option. Do not choose "Open in OpenVPN".
After you choose More.. then you should see a list of programs. Choose Copy to Documents. If you don't see it then you haven't installed the Documents app yet.
Now you should have the config file opened in the Documents app.
We need to make the same changes as shown in the Android instructions.
Make the changes and then tap the ... symbol on the top right and then choose Share.
Now choose Copy to OpenVPN.
You should see a message in the OpenVPN Connect app that a new profile is available for import. Tap the + button as shown below.
You will need to get your username and password from the ExpressVPN setup page and enter them in the OpenVPN Connect profile.
This part is a little difficult. If you paste your username and then go back to Safari to copy your password, your username will be erased when you come back to the OpenVPN Connect app.
You can only copy and paste either your username or password. I suggest copying and pasting your password because you can't see the characters when you enter it (easy to make a mistake and impossible to check).
After you paste your password from the clipboard, enter your username manually (I suggest writing it down on a piece of paper or viewing it on another device because it's too long to remember).
After you enter your username and password, choose the option to save your password so you don't have to enter it every time you connect.
Finally, you can connect using the Connection button.
This tutorial wouldn't be complete without doing some speed tests.
These tests were done throughout the day today (June 24, 2018) from Zhuhai, Guangdong on a China Telecom 100/20M Fibre connection. Taiwan 3 server.