One of the only ways to protect your right to privacy and information online is to use a VPN. Some websites infringe on those rights by blocking VPNs, but they do it for a good reason.
We’ve previously talked about Deep Packet Inspection including it’s usage, Today we’re going to talk about VPN blocking.
VPN BLOCKING
VPN blocking is a technique used to block the encrypted protocol tunneling communications methods used by virtual private network (VPN) systems. Often used by large organizations such as national governments or corporations, it can act as a tool for computer security or Internet censorship by preventing the use of VPNs to bypass network firewall systems.
Blocking VPN access can be done a few different ways. Ports that are used by common VPN tunneling protocols, such as PPTP or L2TP, to establish their connections and transfer data can be closed by system administrators to prevent their use on certain networks. Similarly, a website can prohibit access to its content by blocking access from IP addresses that are known to belong to VPN providers. Some governments have been known to block all access to overseas IP addresses, since VPN use can involve connecting to remote hosts that do not operate under that government’s jurisdiction.
HOW VPNs ARE BLOCKED?
Firewalls use advanced software to perform Deep Packet Inspection (DPI) which can analyze the type and destination of every data packet traversing the network.
DPI is what allows your ISP to tell the difference between youtube, web browser, VPN, skype or any of 1000+ other types of traffic. DPI is how a network can throttle, restrict, or even block certain types of traffic.
But here’s the key: If you can disguise your VPN traffic as regular web browser traffic, you can make it impossible for a network to block your VPN unless they’re willing to block all https browser traffic. Not likely.
COUNTRIES BLOCKED USAGE OF VPNs
As organizations have ramped up efforts to block VPN access which bypasses their firewalls, VPN providers have responded by utilizing more sophisticated techniques to make their connections less conspicuous. For instance, as the Chinese government began using deep packet inspection to identify VPN protocols, Golden Frog began scrambling OpenVPN packet metadata for its popular VyprVPN service in an attempt to avoid detection.
1. China
Chinese internet users started reporting unstable connections in May 2011 while using VPNs to connect to overseas websites and services such as the Apple App Store.
Universities and businesses began issuing notices to stop using tools to circumvent the firewall.
In late 2012, companies providing VPN services claimed the Great Firewall of China became able to “learn, discover and block” the encrypted communications methods used by a number of different VPN systems. In 2017, telecommunications carriers in China were instructed by the government to block individuals’ use of VPNs by February 2018.
2. Iran
The government of Iran began blocking access to non-government sanctioned VPNs in March 2013, a few months prior to the 2013 elections, to “prosecute users who are violating state laws” and “take offenders to national courts under supervision of judiciary service”. Use of VPNs approved by the government reportedly led to surveillance and inspection of private data.
3. Russia
In July 2017, the State Duma passed a bill requiring the Internet providers to block websites that offer VPNs, in order to prevent the spreading of “extremist materials” on the Internet. It’s unclear exactly how Russia plans to implement their new regulation; though it seems like both the Federal Security Service (FSB) and ISPs will be tasked with identifying and cracking down on VPNs.
Russian internet users have also reported a block on the ExpressVPN VPN service. In November, 2017 BBC made it clear that Russia has not banned VPN usage entirely. VPN usage is only banned when attempting to access sites already blocked by Roskomnadzor or Russia’s governing body for telecommunications and mass media communications, Using a VPN for business or personal reasons to access legal sites in Russia is permitted.
4. Syria
The government of Syria activated deep packet inspection after the uprising in 2011 in order to block VPN connections. The censorship targeted different VPN protocols like OpenVPN, L2TP and PPTP.
BYPASS VPN BLOCKING
VPN providers are aware that some ISPs/networks are blocking VPN traffic. That’s why they invented ‘Stealth’ VPN technology.
A stealth VPN can disguise/scramble your VPN traffic so it’s either not identifiable as VPN traffic, or even better — disguised as regular TLS encrypted web traffic.
Here are the two tried and true techniques to unblock your VPN service on almost any network:
#1 – Run OpenVPN on port 443
Port 443 is the port commonly used by SSL/TLS encrypted web traffic. This is a standard internet encryption protocol that you use every time you access a website with sensitive account data, like your bank, credit card, or tax account.
Since OpenVPN already uses the SSL encryption library, simply by switching the port # to 443, it will easily slip through all but the most rigorous DPI firewalls.
How to use port 443
Most high-quality, paid VPN services will allow you to switch the port # (or have dedicated server locations that access port 443). If you need help setting it up, just contact tech support for you VPN provider.
#2 – StealthVPN / Obfuscation
Even if you use port 443, most VPN protocols still have a data packet ‘header’ which is like a fingerprint that can potentially allow a firewall to recognize traffic as VPN traffic.
By using a VPN service that has Obuscation or ‘Stealth’ technology, your VPN connection can rewrite or obscure the packet headers (smudge the fingerprint) so it’s unrecognizable.
VPN with stealth/obfuscation technology:
- TrueVPN (Score: 4.9 out of 5)
#3 – Use WireGuard Protocol
Use a VPN that supports WireGuard protocol, such as TrueVPN
WireGuard is a security-focused virtual private network (VPN) known for its simplicity and ease of use. It uses proven cryptography protocols and algorithms to protect data. Originally developed for the Linux kernel, it is now deployable on Windows, macOS, BSD, iOS and Android.
Why to use WireGuard? We’ve talked about why you should use it in this article.
Summary
We’ve learned 3 different ways to unblock your VPN on any network, and get through any firewall.
The easiest solution is often the best, and you’ll find 90%+ success by using either OpenVPN on port 443, or a VPN with built-in obfuscation technology.
And if after exhausting all options you still find yourself blocked, then go with obfsproxy and Tor as the ultimate unblocker.