You could set up your own VPN and if it works great, if it doesn't that's life.<p>I think the question that's more important is how big of a target are you? If you/your company/your co-worker are all ultimately nobodies, then it probably doesn't matter.<p>If you have highly desirable state secrets or advanced tech, then from a technical perspective you're probably out of luck.<p>Your problem might not even be the connection, but the device connecting.<p>Chinese (PRC) people will almost all have WeChat on their phone. It's not hard to imagine keeping a list of all Chinese citizens in the US who come back to china, catch messages that say "I have to work for several hours" and launch a targeted attack with Pegasus like software.<p>A border agent could say "your data or else."<p>If you buy an iPhone in China, that data, like complete backups, is probably open to the Chinese government probably unencrypted. I am not sure what happens when a person who bought an iPhone outside of china and brings it to china, or who sets their locality to PRC.<p>A password vault could be compelled to be opened.<p>So to answer your question, first we have to understand what you have of value and what your threat model is.<p>From an ultra paranoid perspective, no physical device with privileges should enter China and even the employees personal devices shouldn't have anything company related like 2fac codes.<p>From a completely practical perspective, connecting to a vpn on a laptop while tethering through a "state approved" vpn is probably fine.<p>I think most valley companies would give completely new devices for e-mail and meetings and maybe local development, but completely restrict prod access, then destroy those devices when the employee comes back, but maybe I misremember.