GFW Connectivity Diary
The GFW is not a static wall; it is a dynamic weather system. This diary tracks daily fluctuations in censorship pressure to help you adjust your protocols accordingly.
2026 GFW Activity Log
Pre-Qingming Festival Throttling Begins
As anticipated, China Mobile and China Telecom have begun aggressive UDP throttling ahead of the Qingming Festival (April 4). WireGuard-based connections reporting 80%+ packet loss across Guangdong and Zhejiang provinces since March 26.
Hysteria2 connections on China Mobile are intermittent — port-hopping helps but doesn't fully resolve. VLESS-Reality remains stable at 98% success across all three carriers. ExpressVPN's Lightway (TCP mode) also holding at 85%.
Analyst Recommendation:
Switch to TCP-based protocols (VLESS-Reality, Lightway TCP, StealthVPN) until April 7. UDP tunnels will remain unreliable through the holiday period.
TLS 1.3 Fingerprint Rotation Detected on China Telecom
GFW appears to be deploying updated JA4 fingerprint matching on China Telecom's AS4134 backbone. Several Trojan-Go and naive proxy setups reported sudden blocks starting March 17. The new detection targets non-browser TLS Client Hello patterns.
VLESS-Reality unaffected — its uTLS fingerprint (Chrome 120+) passes the new checks. Xray-core users should update to v26.3.15 which includes refreshed browser fingerprints.
Countermeasure Release:
Xray-core v26.3.15 released with updated Chrome 124 uTLS fingerprint and improved ALPN negotiation. Self-hosted users: update immediately.
Two Sessions Crackdown: NPC/CPPCC Censorship Surge
Annual Two Sessions (两会) censorship escalation in full effect (March 4–11). GFW tightening confirmed across all three carriers with elevated keyword filtering and SNI-based blocking expanded to additional CDN endpoints.
VPN impact: VyprVPN Chameleon dropping to ~60% success this week (down from 74% baseline). ExpressVPN Lightway holding at 82-85%. Astrill StealthVPN remains at 98%. Surfshark NoBorders experiencing intermittent handshake failures on China Mobile.
Analyst Recommendation:
Expect elevated censorship through March 11. Stick with proven protocols (VLESS-Reality, Lightway, StealthVPN). Avoid new server deployments until sessions conclude.
CAC Minor Protection Rules Take Effect
The Cyberspace Administration of China's "Regulations on the Protection of Minors in Cyberspace" officially enforced as of today. Domestic platforms required to implement real-name age verification and content filtering. International VPN traffic not directly impacted, but increased DPI activity observed as domestic platforms upgrade their compliance infrastructure.
Connectivity note: China Unicom AS4837 remains the most stable carrier for international traffic. Tokyo and Singapore endpoints performing well with <120ms latency.
Cybercrime Prevention Law: Exit Bans & Extraterritorial Enforcement
Ministry of Public Security announced draft Cybercrime Prevention and Control Law (网络犯罪防控法) on February 2. Key provisions: 3-year exit bans for cyber-offense convictions, fines up to 20x illegal income, and extraterritorial jurisdiction targeting foreign VPN providers and overseas facilitators.
Enforcement Target: VPN operators, payment processors, and "human infrastructure" — not personal end-users. Zero reported cases of foreigners penalized for personal VPN use as of April 2026.
Technical Impact Assessment:
No change to protocol detection capabilities. This is a legal framework update, not a technical GFW upgrade. WireGuard and OpenVPN were already blocked before this law. VLESS-Reality (98%) and Hysteria2 (68%) remain effective because they bypass detection at the protocol level, regardless of legal penalties.
Read full technical & legal analysis →Escalation: Whitelists & Education Net Blocks
Critical Update: Reports (Jan 27) confirm
GFW "Small Whitelist" testing in select provinces, dropping
all unverified overseas traffic. Additionally, CERNET (Education Net) has deployed specific blocks against TLS record fragmentation.
Regional Alert: Users in Henan Province face a secondary firewall blocking ~4.2M domains (5x national
average).
Also in the Feed:
- CAC "Minor Protection" Rules (Jan 23): New regulations targeting content affecting "minors' values" effective March 1. Expect keyword tightening on social platforms.
- GitHub Degradation (Jan 26): Coinciding with global Actions failures, China-based devs report a 17% block rate for API requests and package registries.
Countermeasure Release:
Xray-core v26.1.23 released with native port-hopping. This is the primary mitigation for China Mobile's 8PM-11PM UDP throttle.
Proactive IP Throttling Detected
As of 18:00 CST, we are seeing a spike in TCP Reset (RST) packets originating from China Telecom's 163 backbone for all UDP traffic on port 443. This appears to be targeting standard WireGuard fingerprints.
Analyst Recommendation:
Switch to VLESS-Reality or Astrill StealthVPN (Port 443). Avoid UDP-based tunnels until further notice.
Unicom AS4837 Resilience
Peering between China Unicom and NTT/GTT backbones remains high-performance. Let'sVPN and VLESS nodes hosted in Tokyo/Hong Kong are reporting < 150ms latency. This is currently the most stable route for international CDN access.
Shadowsocks Entropy Block Wave
Massive wave of Shadowsocks IP bannings reported in Shenzhen (China Mobile). The GFW's entropy analyzer is effectively flagging high-entropy data chunks exceeding 1500 bytes. Users are advised to enable obfs-tls or migrate to VLESS-Reality immediately.