Russia Killed VPNs. Here's What's Actually Happening.

12 min read
vpn russia censorship privacy regulation surveillance dpi
Table of Contents

Russia has escalated from blocking VPN services to blocking protocols themselves. We break down what’s actually working, why commercial VPNs failed, and what this means for internet freedom worldwide.

Timeline: How Russia Went from Blocking Services to Blocking Protocols

YearEventDetails
2017 VPN law signed Putin signs law requiring VPN providers to register with Roskomnadzor or face blocking. Law takes effect November 1.
2017-2023 The cat-and-mouse phase Roskomnadzor blocks service IPs. VPN providers rotate servers. Users adapt. Repeat.
2024 Q1 VPN promotion ban March 2024: Discussing, promoting, or reviewing VPNs becomes illegal. Fines up to 200,000 rubles for entities.
2024-2025 Protocol fingerprinting OpenVPN (100% detection by mid-2024), WireGuard (blocked by late 2024). Traditional protocols no longer viable.
2025 Q3 Decree 1667 signed October 2025: Government authorizes direct DPI blocking across all ISP network nodes. AI-powered detection announced.
2025 Sep-Present Penalty law effective September 1, 2025: Fines for VPN use (50k-80k rubles), promotion (up to 500k), searching for 'extremist' content via VPN (5k rubles).
2026 Q1 439+ services blocked By January 2026, Roskomnadzor had restricted access to 439 VPN services—a 70% increase in 3 months.

30-Second Verdict

Russia didn’t just block VPNs—it blocked the protocols they run on. OpenVPN, WireGuard, and traditional VPN handshakes are now identified and throttled to unusable speeds within minutes. NordVPN, ExpressVPN, and Surfshark don’t work. ProtonVPN works inconsistently on any given day. Standard commercial VPNs are built for privacy, not for resisting state-level protocol fingerprinting. Only tools using cutting-edge obfuscation (VLESS/Reality, Amnezia), Tor bridges (WebTunnel, not obfs4), or decentralized networks have a fighting chance. The playbook Russia is perfecting is being copied by Australia, Iran, and Myanmar. The honest truth: there is no easy tool. What works today will likely be blocked in 6-12 months.

The Escalation: From Service Blocking to Protocol Blocking

2017-2023: The First Wave (Service Blocking)

When Russia passed the VPN law in 2017, it was a crude instrument. Roskomnadzor maintained a blacklist of IP addresses and domain names. When a VPN provider’s server was discovered, the IP got blocked. When the provider moved to a new IP, it worked again—for a while.

For a decade, this was a game of whack-a-mole. VPN users and providers adapted. It was cat-and-mouse, but the mouse had cheese.

2024: The Promotion Ban Changes the Game

In March 2024, Russia criminalized VPN promotion. Sharing guides, reviews, or even mentioning that a VPN works became illegal. This wasn’t just about blocking—it was about silencing the community that helps people find solutions.

Roskomnadzor restricted access to 12,600 materials promoting VPNs between January and April 2025 alone. That’s double the total for all of 2024.

But the real blow came in a different form.

2024-2025: Protocol Fingerprinting

Roskomnadzor didn’t need to identify every VPN service. It just needed to identify the protocols they used.

Here’s how it works:

OpenVPN’s fatal handshake: Every OpenVPN connection begins with the same recognizable pattern—a specific Opcode (P_CONTROL_HARD_RESET_CLIENT_V2), Session ID, and Packet ID. Even encrypted, the header structure is constant. Deep Packet Inspection (DPI) systems can recognize this signature within 30 seconds of connection. By mid-2024, OpenVPN had a 100% detection rate. Not “often detected.” Not “usually blocked.” 100%.

WireGuard lasted longer, but not much longer. Its modern cryptography made fingerprinting harder initially. But by late 2024, statistical analysis of its handshake initiation (always starting with type field 0x01) caught up. Connections were throttled to unusable speeds within minutes, then blocked entirely. Current detection rate: 100%.

Russian authorities call this system TSPU (Technical Means of Countering Threats). It’s installed on all major ISP network nodes. It doesn’t just block—it inspects, classifies, and throttles.

2025: Decree 1667 and AI-Powered Detection

In October 2025, Putin signed Decree No. 1667, giving Roskomnadzor direct authority to block content using DPI technology across the entire network. This wasn’t a law requiring ISPs to install systems—this was the government itself operating the censorship apparatus.

At the same time, internal planning documents revealed that Roskomnadzor is integrating machine learning models into TSPU to classify encrypted traffic patterns that resemble VPN connections. Not specific protocols. Patterns. This is a harder target.

On September 1, 2025, Federal Law No. 281 took effect. It introduced fines:

  • Citizens advertising/promoting VPNs: 50,000–80,000 rubles ($500–$800 USD equivalent)
  • Officials: 80,000–150,000 rubles
  • Legal entities: 200,000–500,000 rubles (repeat offenses up to 1 million)
  • Citizens searching for “extremist” content via VPN: 5,000 rubles ($50 USD)

By January 2026, Roskomnadzor had restricted access to 439 VPN services—a 70% increase in three months.

Which VPNs Still Work (Honest Answer: Not Many)

Dead on Arrival

NordVPN: Completely non-functional. NordVPN shut down its Russian servers and has stated it has no plans to return. Attempting to connect from Russia results in connection failures on all protocols.

ExpressVPN: Blocked. Attempts to connect are throttled to unusable speeds within minutes.

Surfshark: Blocked across most ISPs. Inconsistent on some mobile networks, but not reliable.

AdGuard VPN, Psiphon, Lantern, TurboVPN: All blocked.

Inconsistently Working

ProtonVPN: ProtonVPN’s status is the most honest reflection of the current situation. It works sometimes, on some ISPs, on some protocols, on some days. A ProtonVPN spokesperson confirmed the service “still works for many users, though reliability varies on any given day.” This is not a recommendation. This is a coin flip.

What Actually Works (Barely)

The only tools with consistent functionality use obfuscation protocols that disguise VPN traffic as regular HTTPS:

  • VLESS Protocol (with Reality handshake): Disguises traffic to look like TLS/HTTPS connections to standard websites. Detection is harder because the traffic looks like normal web browsing. Tools like XRay-core implement this. It works—for now.

  • Amnezia: A newer tool that uses AmneziaWG, an obfuscated variant of WireGuard. The team continually adapts the protocol in response to blocking. Reliability: moderate, but improving with updates.

  • Tor with WebTunnel bridges: Tor’s WebTunnel bridges route traffic through HTTPS connections to less-recognized server providers. Unlike standard obfs4 bridges (which are now fingerprinted), WebTunnel disguises Tor as regular web traffic. Works inconsistently but more reliable than commercial VPNs. Speed: extremely slow, but functional.

  • Snowflake: Tor’s browser-based bridge system. Works through peer-to-peer connections using other people’s browsers as relays. It’s slow and unreliable, but it works.

Real talk: None of these are easy. None of them are fast. And none of them will work indefinitely. As soon as one obfuscation method gains traction, Roskomnadzor will develop fingerprints for it. The cat-and-mouse game hasn’t ended—it’s just moved to a different arena.

How Russia Actually Blocks VPNs: The Technical Arsenal

Deep Packet Inspection (DPI)

TSPU uses DPI to inspect encrypted traffic. Even though the payload is encrypted, the packet headers reveal information about the protocol being used. DPI systems can:

  • Identify protocol types based on handshake signatures
  • Detect patterns in packet size and timing
  • Classify encrypted traffic types based on statistical analysis
  • Throttle or block specific traffic classes (not just specific services)

This is why blocking individual VPN services doesn’t work anymore—Russia isn’t blocking services, it’s blocking protocols.

Protocol Fingerprinting

Every protocol has a handshake—a way of saying “hello” to establish a connection. OpenVPN’s handshake is always identical, even if the rest of the traffic is encrypted. WireGuard’s handshake always starts with the same type field. These are fingerprints—as recognizable as a face.

Once a fingerprint is known, DPI systems flag it for throttling or blocking. This is how Russia achieved 100% detection rates for OpenVPN and WireGuard.

Throttling as a Censorship Tool

TSPU doesn’t always block—sometimes it throttles. YouTube was slowed to 128 kbps in 2022, making it unusable without technically “blocking” the domain. This gives plausible deniability while achieving the same effect.

AI-Powered Detection

The most recent development: Roskomnadzor is deploying machine learning models to detect traffic patterns that resemble VPNs, even if they don’t match known signatures. This moves from signature-based blocking to behavior-based blocking. It’s harder to bypass because there’s no single “fingerprint” to obfuscate—just suspicious patterns.

Why This Matters Outside Russia: The Global Playbook

Russia isn’t unique. It’s a test ground.

China’s Great Firewall

China has been perfecting this for 30 years. Its Great Firewall blocks over 10,000 websites using DPI, active probing, and machine learning. China declared unauthorized VPNs illegal in 2017—the same year as Russia. The difference: China’s infrastructure was designed for censorship from the ground up. China’s internet is more controllable than Russia’s because it centralized gateways in the 1990s. Russia has dozens of international transit points and hundreds of autonomous systems peering directly with foreign networks. Even Russia’s censorship infrastructure is decentralized—which is why TSPU had to be deployed to every major ISP.

China’s censorship works. Russia’s is catching up.

Iran’s Approved-VPN Model

Iran took a different approach: VPNs are legal only if the government approves them. Approved VPNs allow monitoring and censorship. The Iranian government began blocking non-government-sanctioned VPNs in 2013. By design, there is no escape.

Russia is moving in this direction.

Australia’s Social Media Ban

Australia’s Online Safety Amendment (Social Media Minimum Age) Act 2024 banned users under 16 from social media platforms effective December 10, 2025. Platforms are expected to detect and block users using VPNs to circumvent the ban. The Australian government is explicitly developing VPN detection mechanisms, using signals like geotagging, app location data, and device fingerprinting.

Australia copied Russia’s playbook: not block VPNs globally, but detect them in specific contexts and enforce consequences. This is more feasible for democracies because they’re targeting specific behaviors, not censoring wholesale.

It’s a template. Other democracies will copy it.

Myanmar, Vietnam, Turkey

Each country is adopting variants of this approach. VPN blocking is becoming standard practice globally. Russia isn’t leading—it’s part of a global trend toward state-controlled internet.

The Honest Truth About VPNs vs. State-Level Blocking

VPN companies will never tell you this. We will.

Commercial VPNs are not designed for resisting authoritarian censorship. They’re designed for privacy from your ISP and for bypassing geographic content restrictions. They encrypt traffic and rotate IP addresses. These techniques work against ordinary censorship.

They don’t work against DPI.

When a government controls the network infrastructure and deploys Deep Packet Inspection on every node, encryption doesn’t matter. The handshake is visible. The protocol is identifiable. The connection is classifiable even if the content is encrypted.

The Tor Project’s own analysis shows that even Tor is being fingerprinted in Russia. Obfs4 bridges (which Tor recommends for censored regions) are being blocked because the obfuscation pattern itself became recognizable.

The real problem: There is no commercial VPN that will work in a country with state-level DPI deployed at national scale.

What works is:

  1. Decentralized infrastructure (Tor, not operated by any single company)
  2. Constantly evolving obfuscation (VLESS/Reality, which requires active development)
  3. Distributed trust (bridges run by volunteers, not corporations)
  4. Acceptance that it will be slow and unreliable

What Actually Works: Obfuscation, Tor, and Decentralized Tools

If you need connectivity in Russia right now, here’s what works:

VLESS/Reality Protocol

Tools like XRay-core implement the VLESS protocol with Reality handshake, which disguises VPN traffic as standard TLS/HTTPS connections. Because the traffic looks like regular web browsing, it’s harder to fingerprint. But it requires:

  • Manual configuration (not a one-click app)
  • Technical knowledge
  • A server outside Russia (or a relay point)
  • Active maintenance as blocking techniques evolve

This is not user-friendly. But it works.

Amnezia

Amnezia is an obfuscated VPN tool developed with Russian users in mind. It uses AmneziaWG, a modified version of WireGuard with obfuscation. The team actively adapts the protocol in response to blocking. It’s more usable than XRay-core, but still requires manual setup.

Tor with WebTunnel Bridges

Tor’s WebTunnel bridges route traffic through HTTPS connections to less-known providers. Unlike obfs4, WebTunnel disguises Tor as regular web traffic. From The Tor Project’s analysis: WebTunnel bridges are working more consistently than traditional obfs4 bridges, but the advantage is temporary.

Setup: Download Tor Browser, enable Bridges, select WebTunnel. It’s slow (1-3 Mbps on good days), but it works.

Snowflake

Tor’s Snowflake bridges use peer-to-peer connections through volunteer browsers as relays. It’s slower than WebTunnel and less reliable, but it requires no infrastructure and works through browser-based connections. If every other tool is blocked, Snowflake might still work.

The Global Pattern: Why This Matters to You

Russia’s VPN crackdown isn’t an isolated event. It’s a proof of concept for a global model of internet control.

China perfected it with 30 years of centralized infrastructure.

Iran refined it with the “approved VPN only” model.

Russia is scaling it with decentralized DPI and AI-powered detection.

Australia is adopting it for social media enforcement.

Other democracies will copy it for content moderation, copyright enforcement, and regulatory compliance.

The pattern:

  1. Block obvious services (easy, low effectiveness)
  2. Block protocols (requires DPI, moderate effectiveness)
  3. Fingerprint obfuscation methods (requires AI, high effectiveness)
  4. Deploy behavior-based detection (requires machine learning, very high effectiveness)
  5. Make it normal (regulate it, legislate it, integrate it into the network)

Each step becomes harder to circumvent. Each step becomes more politically acceptable. Each step becomes easier for other countries to copy.

The honest conclusion: Commercial VPNs are not designed to resist state-level network censorship. They’re designed for privacy and geolocation bypass. If you need to communicate in a censored environment, you need decentralized tools (Tor, Snowflake), evolving obfuscation (VLESS/Reality, Amnezia), or both.

But even those are temporary. As soon as one tool gains traction, governments will develop fingerprints for it. The arms race is ongoing, and it’s asymmetrical: governments have the entire network infrastructure; circumvention tools have innovation.

Don’t Trust Me—Verify Everything

We don’t have access to classified Russian intelligence, Roskomnadzor’s technical specifications, or real-time blocking data. Our analysis is based on:

  • Public statements from Roskomnadzor
  • Reported user experiences (Twitter, forums, Reddit)
  • Technical analysis from Tor Project, OONI, and academic researchers
  • Vendor claims and tool documentation

This information is current as of March 2026, but the situation changes constantly. What works today may be blocked tomorrow. What’s blocked today may work tomorrow if the tool is updated.

For the most current information:

Understand the broader context:

The Bottom Line

Russia didn’t kill VPNs by blocking the apps. It killed them by blocking the protocols. It’s a technical escalation that moves the goalpost from service-level blocking to protocol-level blocking to behavior-level detection.

Commercial VPNs can’t compete with state-level Deep Packet Inspection. They were never designed to. What works requires obfuscation, decentralization, and constant evolution.

And even that is temporary.

The real lesson isn’t about VPNs. It’s about the asymmetry between network infrastructure and circumvention tools. Governments control the pipes. Circumvention tools control the tricks. The pipes are always winning.

Our recommendation: If you need to communicate in a censored environment, use Tor with WebTunnel bridges. Accept that it’s slow. Understand that it will eventually be blocked. Prepare alternatives.

If you’re outside a censored environment and just want privacy, a traditional VPN (like Mullvad) is fine. It protects you from your ISP. It protects you from network eavesdropping. It doesn’t protect you from a government that controls your ISP.

That’s not a failure of VPNs. That’s a fact of network architecture.

Last updated: March 27, 2026

Sources

The Angry Dev

Do NOT trust review sites. Affiliate commissions dictate their rankings. This is an affiliate site too, but I’m being honest about what I earn and I rank by quality instead of payout. Even if it means I get paid $0. Read about my approach and why I stopped bullshitting. Here’s the raw data so you can fact-check everything.

VPNs | Hosting | Storage | Tools

Related Posts

Need a trustworthy VPN?

MullvadNo logs, no account, no nonsense
ProtonVPNSwiss privacy, open-source apps
NordVPNFast, audited, 6 simultaneous devices
Affiliate links — I may earn a commission