I typically do not use a VPN - on the rare occasions I need to encrypt on WIFI, I use Zenmate addon (Firefox) or CyberGhost - both free versions. But, I've recently been forced to work a bit on public WIFI that is not encrypted & CyberGhost and Zenmate are both blocked on the network. Any recommendations on how to bypass the block? From what I've read a VPN that uses port 443 should work - a SSL VPN, but it looks these are all paid? I don't typically need a VPN enough to subscribe. For now I've been using chrome so the tabs are isolated and for the most part, limiting traffic to HTTPS with HTTPS Everywhere addon - maybe this is good enough... I'd prefer something a bit more secure though
If you want to hide traffic destination from WiFi operator, you can use Tor Browser. You will probably have to add "FascistFirewall 1" option in configuration file. HTTPS is also advised for this setup.
My work involves a lot of travel to other countries and I often have to rely on public wifi ( eg hotels , airports ). I NEVER connect without VPN ( except perhaps to read the news ). Since I first read this thread a few hours ago this question has been pinging around in my head ..... How was the VPN (s) blocked , and WHY ? Many years ago , I was working in a popular tourist destination and visiting a cybercafe I saw one customer clearly doing online banking , and another booking an airline ticket with a credit card. Probably the same sort of people who would use a lighted match to search for a gas leak. And it occurred to me then just how easy it would be for a cybercafe owner / manager to key-log every machine . In the case you mention , I really have to wonder why .
I use cyberghost free. When i enable web safe ( parental control from my ISP virgin media ) the vpn is blocked. I have used other vpn's (paid ) in the past and they were not affected
Prudent Mostly they just block ports. Sometimes maybe IPs, but that's harder, because there are lots of them. Why? Maybe because VPNs get around URL-blocking, ad-injecting, and monitoring. Mostly about money, I guess
thanks for the info - i had not read up on Tor Browser. In this case I think my main concern should be with snooping by other users on the network or the operator with the intention of data theft or infection for data theft at a later time... but it looks like Tor is a good alternative to a VPN for hiding one's IP. I had not come across a VPN block before, but apparently this is common - especially in larger institutions like libraries and schools/universities. The reason I've mainly seen is so they can control content - no illegal or inappropriate content - so they use a website filter and block ports that VPNs use... @mirimir you have recommended SecurityKiss free in other threads - from what I understand it will have the same result as CyberGhost since they both use OpenVPN - yes/no? Any recommendations on bypassing - is SSL VPN the only way to go and if so, is there a reputable one that is free for occasional use. I wouldn't be as concerned if the WIFI was at least secured properly with WPA2, but to have no encryption on the WIFI and block VPNs these institutions are effectively screwing over their users, leaving them vulnerable.
There are several ways to get around VPN blocks. The first thing to try is TCP port 443, which is HTTPS. Many VPN providers have that as an option, including SecurityKISS, I believe. Then there's tunneling OpenVPN through another protocol. SSL (stunnel) is one. Plain old SSH is another. And then there's Obfsproxy, developed by Tor. There are also various tweaks to OpenVPN that make it harder to block. But for any of that, you'll need to use paid VPNs.
Yes Tor is good to prevent snooping from network operator, ISP... and prevent site operator from accessing your real IP address. HTTPS should be used to prevent exit node operators from accessing content of your data in transit.
Thanks - I didn't know this was possible with OpenVPN based on my readings... knowing this & digging through the CyberGhost support site I found that un-ticking the default "use random port" in 'Settings' fixes CG to port 443 - so now i have it set to TCP on port 443 instead of UDP on a random port - hopefully that works! Just curious - why port 443 instead of 80? it's already encrypted right? I should be able to change the 'random' port range as well, but i'm not sure how yet - here's this from the support site "The used port range can be changed anytime if needed. All ports are secured internally by Firewall rules.".
I'm not sure why. I've just seen TCP port 443 recommended. Maybe it's because encryption is normal for that port. But not for TCP port 80. But that's just a guess.
i was finally able to test today - CyberGhost using TCP on 443 still does not work & unfortunately I can't change the settings with CG blocked... Oh well - I'll report back if I get something to work
It is literally impossible for an employer to discern the difference between an SSL tunneled VPN and regular https traffic even if they do deep packet inspection, unless they also watch over a period of time and notice that all of your requests are going to the same IP (the entrance IP of the VPN server). Disclaimer: this is what I have read... Do you have one of those "Do you agree to the terms for wifi use?" pages that you must go through first? You might want to connect via unsecured internet first, access that site and agree, then connect the VPN. Id be curious to see exactly how "it didnt work" for you. Perhaps- and this is complete conjecture- they've blocked the entrance IP ranges of all the free VPN servers. Getting a paid VPN would make that more unlikely- there is one I know of for sure that offers SSL tunneling (and SSH tunneling) for all its servers, and they have many many access points- I cant imagine your employer could block the IP of them all (unless they bought all the SSL tunneling VPN services just to get the IP addresses- highly unlikely). Please if anyone sees I've given any bum advice or have an incorrect understanding, correct me! No pride attached here...
Well, the OpenVPN tunnel establishment dialog is pretty unique. So you can see the pattern, even if it's all encapsulated in SSL or whatever. But seeing that does take some work, so ...
It's a public WIFI connection & no, there is not a "terms" page when connecting. I haven't been on there for a couple weeks, but if I remember right - Zenmate (browser addon) seems to connect to it's servers alright, but then no pages will load in the browers - disconnect Zenmate and everything loads fine again. With CyberGhost I get a "failed to connect to servers" error when trying to launch it & it just never launches.
I am in the club, too. VPN is always on on my mobiles (iOS and Android), also because sometimes I travel in some places that are not really "the land of the free". I have had only once a VPN locking problem in a hotel in Germany (connecting with PC, linux). I was able to circumvent it connecting via SSH (AirVPN client allows that).