Russia’s State Duma is proposing a Russia VPN whitelist that would permit select organizations to operate approved virtual private networks while authorities continue blocking unauthorized VPNs across the country. This marks a significant shift in how Moscow balances its goal of reducing overall VPN usage with growing pressure from businesses struggling under internet restrictions.
Key Takeaways
- State Duma proposes official Russia VPN whitelist to allow legitimate business and technological use.
- Roskomnadzor has blocked over 469 VPNs as of 2026 using deep packet inspection technology.
- Only stealth-capable VPNs like AstrillVPN, ExpressVPN, and AmneziaVPN currently function in Russia.
- From January to April 2025, authorities restricted 12,600 materials promoting VPNs—double the total for all of 2024.
- Organizations seeking whitelist inclusion must submit data on themselves, usage purpose, IP addresses, and protocols.
How Russia’s Deep Packet Inspection Blocks VPNs
Roskomnadzor, Russia’s internet regulator, deploys deep packet inspection (DPI) technology to monitor traffic in real-time, identify VPN protocols, and block them by matching traffic patterns. This approach has proven devastatingly effective—over 469 VPNs now face blocking in Russia, leaving users with only a handful of options. The regulator’s enforcement has accelerated dramatically. Between January and April 2025 alone, Roskomnadzor restricted access to 12,600 materials promoting VPNs, nearly doubling the entire total for 2024.
The few VPNs still functioning in Russia share one critical feature: stealth technology that disguises VPN traffic as ordinary HTTPS connections. AstrillVPN’s StealthVPN mode, ExpressVPN’s automatic obfuscation, and PrivateVPN’s manual stealth settings continue working because they evade DPI detection. Yet even these survivors remain vulnerable. As Mazay Banzaev, founder of AmneziaVPN, noted: only VPN protocols that disguise themselves as other network protocols continue to function, though they could be blocked if poorly configured.
The Russia VPN Whitelist: Balancing Control with Business Needs
The Russia VPN whitelist proposal addresses a genuine problem for Russian enterprises. Internet blocks targeting VPNs have created operational disruptions for legitimate businesses that rely on secure connections for international operations. Rather than permit unrestricted VPN use, the State Duma’s proposal would create an official list of approved VPNs that organizations could use without risking penalties.
To join Roskomnadzor’s whitelist, organizations must submit detailed data about themselves, their intended purpose for VPN use (limited to work and technological functions, not bypassing blocked content), the IP addresses they plan to use, and the connection protocols they require. This approach allows authorities to monitor approved VPN traffic while maintaining the appearance of legitimate business accommodation. Banzaev explained the dynamic: Roskomnadzor uses whitelisting techniques to ensure that selected organizations can still use their business VPN, while all other companies and services face the same problems as ordinary users.
Mandatory VPN Detection Starting April 15
The enforcement landscape is tightening further. Starting April 15 (in the context of 2025–2026), Russian online service providers must detect and block VPNs or lose their IT accreditation. Major mobile carriers have already begun warning customers that applications will not function with VPNs active, pressuring users to disable them entirely. This requirement transforms internet service providers into enforcement agents, essentially deputizing them to monitor their own users.
Yegor Sak, CEO of Windscribe VPN, described the pressure bluntly: they want these companies to check if users have a VPN running on their device and deny access if they do. This shift moves enforcement from the protocol level to the application level, making it harder for users to bypass restrictions even with technically sophisticated tools.
Which VPNs Still Work in Russia?
The protocols that remain functional in Russia rely on obfuscation and stealth capabilities. XRay (supporting VLESS, VMess, and Trojan protocols), NaiveProxy, and Hysteria can still operate if properly configured, while standard protocols like OpenVPN, WireGuard, Shadowsocks, IKEv2, and V2Ray are mostly blocked. AmneziaVPN, a Russia-based provider, released an upgraded AmneziaWG stealth protocol that continues working despite ongoing crackdowns.
The comparison between working and blocked VPNs reveals a clear pattern: stealth-capable services outperform standard ones. AstrillVPN, ExpressVPN, and PrivateVPN function in Russia because they prioritize obfuscation, while blocked services like NordVPN (which ceased Russian operations in 2019 after Roskomnadzor demanded server access), ProtonVPN, and Turbo VPN lack these evasion features. Planet VPN offers a free tier but operates inconsistently in Russia.
The Broader Crackdown on VPN Promotion
Beyond blocking the services themselves, authorities are suppressing information about VPN use. Apple and Google continue facing pressure to remove VPN applications from their Russian app stores. The scale of content restrictions is staggering—12,600 materials promoting VPNs were restricted in just four months of 2025, indicating a systematic effort to make VPNs invisible to ordinary users.
VPNs themselves are not explicitly illegal in Russia, but they have been restricted since 2017. Providers must cooperate with authorities and block prohibited sites, and non-compliant use to access blocked content violates Russian law. This legal framework creates a paradox: VPNs exist in a gray zone where their use is technically permitted for business purposes but practically blocked through technical and regulatory means.
What the Whitelist Means for Russian Businesses
The Russia VPN whitelist proposal could legitimize VPN use for enterprises while strengthening state control over the technology. Organizations that successfully apply for whitelist status would gain legal cover to operate VPNs, but only under conditions set by Roskomnadzor. This arrangement benefits large, established companies with resources to navigate bureaucratic approval processes while leaving smaller businesses and individual users without options.
The proposal also reveals a strategic shift in Russian internet policy. Rather than attempting total VPN elimination—a goal that has proven technically impossible—authorities are moving toward a tiered system where approved usage is permitted under surveillance while all other VPN activity remains illegal and technically blocked.
Can VPN Users Bypass These Restrictions?
Advanced users can still access the internet through Russia using stealth protocols and properly configured tools, but the window is narrowing. The combination of DPI at the network level, provider-level detection requirements, and app store restrictions creates multiple layers of enforcement. Mobile internet restrictions in some Russian regions use combined IP and SNI (Server Name Indication) whitelists that block even spoofed connections if the IP address is not whitelisted.
Is the Russia VPN whitelist actually legal?
The whitelist proposal exists in a legal gray area. VPNs themselves are not explicitly illegal in Russia, but restricted since 2017. The whitelist would formalize an exception for approved organizations, giving them legal protection while maintaining restrictions on unauthorized use. However, the proposal has not yet been formally enacted into law.
Will major VPN providers like NordVPN return to Russia?
Unlikely in the near term. NordVPN ceased operations in Russia in 2019 after Roskomnadzor demanded access to its servers, a demand the company refused. The whitelist system would require providers to submit to similar oversight and data-sharing requirements, making participation unattractive for privacy-focused services.
Russia’s VPN whitelist proposal represents a calculated attempt to maintain internet control while accommodating legitimate business needs. The strategy acknowledges that total VPN elimination is impossible but asserts that state-approved VPN usage can be monitored and restricted. For Russian businesses, it offers a potential path to legal VPN operation. For everyone else, the crackdown continues to intensify.
This article was written with AI assistance and editorially reviewed.
Source: TechRadar
