Corporate VPNs are going to create some level of problems, but there are definitely countries that are doing VPN restrictions even though corporate VPNs exist.

Corporate VPNs have come up before as something that Russia’s policies could create issues with, and my guess then — though I haven’t dug into the situation — was that what Russia was going to do is not actually crack down on VPN use unless there are a lot of users using one VPN provider. That’s enough to make life a pain in the ass for the average user. They can’t go use something like NordVPN.

And…that’s good enough for the Kremlin. That is, they don’t need to get censorship of content to 100% of users to achieve their political goals. They just need to ensure that it’s not available to the bulk of users out there.

There are gonna be people who go get some VPS abroad and tunnel traffic over ssh or something. But…those people don’t really matter from the Kremlin’s standpoint. That is, their model isn’t “there is some deep secret that is only available on the outside world’s Internet and if one copy of that gets in, everything falls apart”. They just need to be able to generally crack down on servers in Russia and make sure that content that they specifically don’t like outside of Russia is hard to get at for most users in Russia.

kagis

I can’t find discussion on Russia, but here’s some on China, and it does sound like that’s basically what the situation is there:

https://old.reddit.com/r/sysadmin/comments/12dehxu/corporate_vpn_in_china/

We have a Chinese office and an IPsec VPN to our main office in Belgium (for our ERP), it works but the legality is a question mark.

This is what we did for like 7+ years. We never got bothered, but TBH I would have rather the CCP found out we were running a VPN and shut our business down. That way I wouldn’t have to be on call from 7pm-3am every fucking day.

Funny side story- there were “drivers” and “security guards” who sat outside of our business all day in Shanghai that were constantly on our wifi. When we did MAC whitelisting, they just gave our staff another wifi router and asked them to plug it in somewhere. We blocked that too, so the staff started using their cellphones as hotspots for the drivers and security. We asked why they needed internet access and our staff said “Because they can get onto facebook with our internet.”

Further down:

S2S VPN tunnels are on but you need to fill in appropriate paperwork.

You also need to have a local person designated as the contact for encryption keys if they are ever requested - and they must hand these over when requested (never actually had a request in 29 years - either current life or previous lives - then again - customers haven’t been doing anything that raises flags…)

I can’t believe that China is actually unable to detect (non-steganographicly-concealed) VPNs at the border, like the Belgian IPSec VPN above. So they probably know perfectly well that there are unregistered, illegal corporate VPNs. They just aren’t going to bother cracking down down on an organization unless they feel that it’s reached the scale to be a problem, and if they do, then they’ve got a legal basis to do so.

I would bet that the Chinese government does have a list of detected unregistered VPNs and how much traffic moves over them.