VPN Blocked

Discussion in 'privacy technology' started by rm22, Oct 24, 2016.

  1. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    I typically do not use a VPN - on the rare occasions I need to encrypt on WIFI, I use Zenmate addon (Firefox) or CyberGhost - both free versions. But, I've recently been forced to work a bit on public WIFI that is not encrypted & CyberGhost and Zenmate are both blocked on the network.

    Any recommendations on how to bypass the block? From what I've read a VPN that uses port 443 should work - a SSL VPN, but it looks these are all paid? I don't typically need a VPN enough to subscribe.

    For now I've been using chrome so the tabs are isolated and for the most part, limiting traffic to HTTPS with HTTPS Everywhere addon - maybe this is good enough... I'd prefer something a bit more secure though
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    If you want to hide traffic destination from WiFi operator, you can use Tor Browser. You will probably have to add "FascistFirewall 1" option in configuration file. HTTPS is also advised for this setup.
     
  3. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    511
    Location:
    Earth .... occasionally
    My work involves a lot of travel to other countries and I often have to rely on public wifi ( eg hotels , airports ).
    I NEVER connect without VPN ( except perhaps to read the news ).

    Since I first read this thread a few hours ago this question has been pinging around in my head .....
    How was the VPN (s) blocked , and WHY ?

    Many years ago , I was working in a popular tourist destination and visiting a cybercafe I saw one customer clearly doing
    online banking , and another booking an airline ticket with a credit card.
    Probably the same sort of people who would use a lighted match to search for a gas leak.

    And it occurred to me then just how easy it would be for a cybercafe owner / manager to key-log every machine .
    In the case you mention , I really have to wonder why .
     
  4. mick92z

    mick92z Registered Member

    Joined:
    Apr 27, 2007
    Posts:
    548
    Location:
    Nottingham
    I use cyberghost free. When i enable web safe ( parental control from my ISP virgin media ) the vpn is blocked. I have used other vpn's (paid ) in the past and they were not affected
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Prudent :thumb:
    Mostly they just block ports. Sometimes maybe IPs, but that's harder, because there are lots of them. Why? Maybe because VPNs get around URL-blocking, ad-injecting, and monitoring.
    ;)
    Mostly about money, I guess :eek:
     
  6. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    thanks for the info - i had not read up on Tor Browser. In this case I think my main concern should be with snooping by other users on the network or the operator with the intention of data theft or infection for data theft at a later time... but it looks like Tor is a good alternative to a VPN for hiding one's IP.

    I had not come across a VPN block before, but apparently this is common - especially in larger institutions like libraries and schools/universities. The reason I've mainly seen is so they can control content - no illegal or inappropriate content - so they use a website filter and block ports that VPNs use...

    @mirimir you have recommended SecurityKiss free in other threads - from what I understand it will have the same result as CyberGhost since they both use OpenVPN - yes/no? Any recommendations on bypassing - is SSL VPN the only way to go and if so, is there a reputable one that is free for occasional use.

    I wouldn't be as concerned if the WIFI was at least secured properly with WPA2, but to have no encryption on the WIFI and block VPNs these institutions are effectively screwing over their users, leaving them vulnerable.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    There are several ways to get around VPN blocks. The first thing to try is TCP port 443, which is HTTPS. Many VPN providers have that as an option, including SecurityKISS, I believe. Then there's tunneling OpenVPN through another protocol. SSL (stunnel) is one. Plain old SSH is another. And then there's Obfsproxy, developed by Tor. There are also various tweaks to OpenVPN that make it harder to block. But for any of that, you'll need to use paid VPNs.
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    Yes Tor is good to prevent snooping from network operator, ISP... and prevent site operator from accessing your real IP address. HTTPS should be used to prevent exit node operators from accessing content of your data in transit.
     
  9. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    Thanks - I didn't know this was possible with OpenVPN based on my readings... knowing this & digging through the CyberGhost support site I found that un-ticking the default "use random port" in 'Settings' fixes CG to port 443 - so now i have it set to TCP on port 443 instead of UDP on a random port - hopefully that works!

    Just curious - why port 443 instead of 80? it's already encrypted right?

    I should be able to change the 'random' port range as well, but i'm not sure how yet - here's this from the support site "The used port range can be changed anytime if needed. All ports are secured internally by Firewall rules.".
     
    Last edited: Oct 26, 2016
  10. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    I'm not sure why. I've just seen TCP port 443 recommended. Maybe it's because encryption is normal for that port. But not for TCP port 80. But that's just a guess.
     
  11. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    ok - thanks.

    Also - did you leak test SecurityKiss? I just read through your VPN testing results
     
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    No, I didn't. I ought to test more, but I keep getting distracted by other projects.
     
  13. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    i was finally able to test today - CyberGhost using TCP on 443 still does not work & unfortunately I can't change the settings with CG blocked... Oh well - I'll report back if I get something to work :)
     
  14. Anonfame1

    Anonfame1 Registered Member

    Joined:
    May 25, 2016
    Posts:
    224
    It is literally impossible for an employer to discern the difference between an SSL tunneled VPN and regular https traffic even if they do deep packet inspection, unless they also watch over a period of time and notice that all of your requests are going to the same IP (the entrance IP of the VPN server). Disclaimer: this is what I have read...

    Do you have one of those "Do you agree to the terms for wifi use?" pages that you must go through first? You might want to connect via unsecured internet first, access that site and agree, then connect the VPN.

    Id be curious to see exactly how "it didnt work" for you. Perhaps- and this is complete conjecture- they've blocked the entrance IP ranges of all the free VPN servers. Getting a paid VPN would make that more unlikely- there is one I know of for sure that offers SSL tunneling (and SSH tunneling) for all its servers, and they have many many access points- I cant imagine your employer could block the IP of them all (unless they bought all the SSL tunneling VPN services just to get the IP addresses- highly unlikely).

    Please if anyone sees I've given any bum advice or have an incorrect understanding, correct me! No pride attached here...
     
  15. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    9,252
    Well, the OpenVPN tunnel establishment dialog is pretty unique. So you can see the pattern, even if it's all encapsulated in SSL or whatever. But seeing that does take some work, so ...
     
  16. rm22

    rm22 Registered Member

    Joined:
    Oct 26, 2014
    Posts:
    357
    Location:
    Canada
    It's a public WIFI connection & no, there is not a "terms" page when connecting. I haven't been on there for a couple weeks, but if I remember right - Zenmate (browser addon) seems to connect to it's servers alright, but then no pages will load in the browers - disconnect Zenmate and everything loads fine again. With CyberGhost I get a "failed to connect to servers" error when trying to launch it & it just never launches.
     
  17. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,290
    Location:
    EU
    I am in the club, too. VPN is always on on my mobiles (iOS and Android), also because sometimes I travel in some places that are not really "the land of the free".

    I have had only once a VPN locking problem in a hotel in Germany (connecting with PC, linux). I was able to circumvent it connecting via SSH (AirVPN client allows that).
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.