I would think that traffic heuristics -- volume of packets, frequency of packets, persistence of TCP sessions, volume of data transferred, types of TCP connectivity would provide some hints of a VPN session versus other kinds of encrypted traffic -- would possibly provide a way to compare it to known types of encrypted traffic and see VPNs. It's not like the Chinese don't have terabytes or even petabytes of real-world wild sample traffic to compare against.
I wonder if there would be some way to beat it by combining steganography and encryption to make a VPN's traffic look like some kind of unencrypted web browsing session. Embed encrypted data into retrieved pages as GIFs and plaintext mixed in with nonsense plain text and pace the traffic patterns to more closely resemble the pace of actual page views, forcing new TCP sessions for each view.
About the only weakness would be consistently contacting the same server.
It might be less useful for the kinds of normal VPN uses (low data volume, long latency as traffic was fetched) but I would think you could beat the expectations of what VPN traffic is supposed to look like.