Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 52%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
Hi Calvyn Lee,
Thanks for reaching out in Microsoft Q&A forum,
Yes, there’s a very good chance that China’s Great Firewall will block or severely disrupt a self-hosted OpenVPN server in Azure Hong Kong when you try to use it from mainland China.
Standard OpenVPN (especially on common ports and protocols) is well-known to be detected and blocked by the Great Firewall. Based on long-standing experience from users and the OpenVPN community, if you set up an OpenVPN server on a VPS outside China (including Hong Kong), it might work for a few days and then get permanently blocked. OpenVPN has been actively blocked in China since around 2012.
Even if you put OpenVPN over TCP on port 443 to look like normal HTTPS traffic, deep packet inspection can still identify and block it over time unless you add strong obfuscation.
Azure workloads in Hong Kong are technically reachable from mainland China, but Microsoft explicitly warns that:
Azure cannot guarantee the availability of VPN protocols from within mainland China, and behavior may differ depending on the ISP and region. Traffic between mainland China and regions outside China is subject to the Great Firewall and related regulations, which can introduce latency, bandwidth limitations, and potential restrictions on certain types of connectivity.
In practice, this means:
- Your connection may work initially, then suddenly stop.
- Performance can be very poor and inconsistent, depending on your city and ISP.
- You cannot rely on a simple OpenVPN server as your only way to access non-Chinese internet while in China.
If you still want to try it
- Run OpenVPN over TCP on port 443.
- Enable obfuscation:
- Use
--tls-cryptor--tls-authin your OpenVPN configuration. - Consider wrapping OpenVPN in stunnel, obfsproxy, or using variants that scramble OpenVPN traffic.
- Use
- Test as soon as you arrive in China and be ready with alternatives.
Many travelers find these work better than plain OpenVPN:
- Outline (Shadowsocks-based) servers
- V2Ray/Xray, Trojan, or Shadowsocks with realistic TLS camouflage
- Reputable commercial VPN apps that actively update obfuscation (e.g., Astrill, LetsVPN)
Also be aware that using or operating a VPN in China can be legally sensitive and may require permits; enforcement varies, but personal use still carries some risk.
Official Microsoft documentation links:
- Azure in China – cross-border connectivity and interoperability https://learn.microsoft.com/en-us/azure/china/overview-connectivity-and-interoperability
- FAQ: Frequently asked questions about Azure in China https://learn.microsoft.com/en-us/azure/china/resources-faq
- OpenVPN Support Forum: Work in China? (practical experience with OpenVPN and the Great Firewall) https://forums.openvpn.net/viewtopic.php?t=28364
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to 
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.
