For what it is worth, the free software Bitmask VPN client (OpenVPN) is specifically designed to prevent IPv6 leakage, DNS leakage, and DNS hijacking. It also "fails closed" meaning that it blocks all traffic if the VPN connection dies. It does this with a strict egress firewall that rewrites all DNS traffic.
Although most of the code is cross platform, it is currently Linux only because Windows and Mac have really different schemes for firewalls and running privileged processes. Mac and Windows support are in the works, but not ready.
Any reasonable OpenVPN client needs to run as user "nobody" and be strict about what configuration options the client will accept. Otherwise, the server can root your device without much trouble.
Also, many VPN servers will use the same IP address for the gateway and for egress traffic. This makes it so that the traffic between two users are the same gateway will be leaked in the clear (since the default route to the VPN gateway must necessarily bypass the encryption).
Anyway, it is very hard to actually write a sane VPN client and provide a good VPN service, because there are a million little gotcha's that most people don't think about.
I've just discovered Bitmask, though it looks to be in early beta. Looks like it might be okay for day-to-day use, if you're not Edward Snowden. But yeah, that's exactly the type of thing I'm looking for. If anybody knows about any other programs like this I'd appreciate it.
> If you are a linux user, follow the steps below.
You have my attention...
> Get Bitmask: https://bitmask.net
Okay!
> Run Bitmask and select mail.bitmask.net as your provider
Aaaaand no longer interested.
Which VPN do you use, out of curiosity? For me, the Calyx VPN app drains a substantial amount of battery, even with the 'Save battery' toggle on, so I can't really use it for extended periods. I am willing to bet Riseup VPN has the same problems, because they're both built on the same foundation (BitMask).
Would be interested to hear your experiences, OP!
https://bitmask.net/ shows a windows version avail? I have not tried it on the privacy/security nightmare that is Windows. Works fine on Linux which also covers a rarely used KVM hosted Windows VM :).
It's just a Java wrapper around OpenVPN...
I didn't try it yet (I will soon, just didn't have the time) but Bitmask allow you to connect to some free VPNs but the server list is limited right now. Also it's only compatible with Linux and android systems (others in development). Sounds like it could be a decent option for you since you can probably deal with slower connection (vpn servers being a bit far from your location) if it's for some casual use. cryptography details
Psiphon still works, but not as well - you must go into options and pick countries instead of "best performance".
Bitmask works too.
I have a question for anyone who knows: does Shadowsocks still work? What about Hydra Proxy? These are said to use methods similar to Psiphon, but from different developers.
If you have a spare USB stick laying about, you can install a bootable Linux system called MOFO Linux 4 which has Tor Browser, Thunderbird / Enigmail, and Bitmask VPN installed, working, and tested from within China. There's a caveat, though, in that each ISP censors a little differently than the others. It means wat works in Shenyang may not work in Changsha.
Either way, seek and ye shall find. Seek better and find better.