The GFW seems to have learned to recognise OpenVPN traffic (likely based on headers) sometime in the past few weeks. You can test this yourself by setting up an OpenVPN server of your own; you'll be able to connect at first, but within a few hours, no new connections will go through until you switch the server's IP. A lot of the commercial VPN providers have been using OpenVPN, as it offers a nice combination of security, speed, and ease of administration. They can get away with killing OpenVPN off because nobody important uses it.

PPTP isn't being automatically blocked by our beloved Net Nannies at present, but there are blacklists of known providers, and it's not as secure as other options.

L2TP/IPsec is the best choice. It's the biggest pain to set up and configure, particularly for the server admins. The Net Nannies won't dare implement a blanket ban on IPsec VPNs, as these are what's used by almost all major corporations. Unfortunately, most commercial VPN providers don't offer IPsec...a handful of the most expensive providers do (PM if you want some names that are tested working here in SH), but using your company's is the best bet.