How to Bypass VPN Blocks With Ease
(Content Manager & Technical Writer)
Using a VPN may not always be enough to bypass internet blocks; there are ways in which governments and companies can block VPN use (e.g. IP blocking, port blocking, Deep Packet Inspection). But there are as many solutions as there are problems, which we reveal to you here. Share
As you well know, if you want to freely access websites around the world while still maintaining your privacy, all you need is a VPN connection to a server located in an uncensored area, right? Wrong.
You see, over the years, censored websites figured out this little trick and have subsequently developed VPN detectors in order to block you from bypassing their censorship, preventing you from surfing where you please. This is why vpnMentor has put together this detailed, yet simple guide, to help you bypass VPN blocks and surf freely.
Let’s start at the very beginning (a very good place to start):
Internet censorship can result from government censorship for political, social or copyright reasons, from your workplace or school wanting you to stop gabbing on Facebook or surfing porn sites during your workday/classes, or even at home, from protective parents or a jealous partner.
Though we are definitely not here to encourage slacking off, cheating or breaking your country’s laws, vpnMentor is a firm believer in both freedom and privacy. Therefore, we will supply you with the tools and leave the decision on how, when and where to use them, entirely up to you.
LEGALITY & SAFETY
Before reading any further, we want to make sure you understand that, as much as the websites using VPN-blockers frown upon people who attempt to bypass them, the use of VPNs is rarely illegal (although the content you access when using the VPN may be), even in VPN-blocking countries such as China, Syria or Iran.
That being said, as of July 2016, using a VPN service whilst in the United Arab Emirates is illegal and punishable by jail time and fines of between 500,000 and 2,000,000 UAE dirham (136,130 – 544,521 USD). So, if you’re planning a trip to the UAE in the near future, we would strongly advise bringing along some magazines instead.
As for VPN-blocks incurred by your school or workplace, you would do well to consider that, if caught bypassing VPN restrictions on a private WiFi or LAN network (slim as the chances may be), you could be facing suspension, termination or other disciplinary measures, depending on the policies in place for such instances. This should be taken into account when deciding whether bypassing a VPN block is actually worth it.
COMMON VPN-BLOCKING TACTICS
IP Blocking – The most common method of preventing VPN use is simply discovering the VPN server IPs and blocking their access. However, as there are now hundreds of VPN service providers, most places focus on blocking only a handful of the more popular VPN providers, subsequently overlooking the less known services and thusly enabling surfers using their services to go undetected.
You can go to whoer.net to determine if your IP is blacklisted or from a proxy.
Port Blocking – Another effective way to block VPNs is to use a firewall to block the ports commonly used by VPN protocols, such as 1194 (UDP), 1723 (TCP), 500 (UDP), 4500 (UDP), 1701 (UDP) etc.
DPI (Deep Packet Inspection) – A form of computer network packet filtering which examines a packet’s data part and/or header when passing an inspection point. Using DPI to detect VPN traffic is quite effective, as it will normally recognize data which has been encapsulated by VPN protocols.
DPI is what allows your ISP to differentiate between YouTube, web browser, VPN, Skype or any of 1000+ other types of traffic. This tactic has been used by the government of Syria since 2011 and targets VPN protocols such as OpenVPN, L2TP and PPTP.
COMMON VPN-BLOCKING WEBSITES
- Media streamers – more and more video streaming websites are blocking viewers who use VPNs to bypass the geographical restrictions on their services, so that copyright holders can maximize their profits by segregating the world market. In these cases, you will normally see something like this:
- Pay-per-day wireless services – Hotel and in-flight wireless services, such as GoGo, often block VPNs because they want you to pay for in-flight or in-hotel movies instead of streaming them yourself for free.
For your convenience, we’ve broken this final section down to two levels of tech-savviness:
- Cell away – By far the simplest solution for bypassing a VPN block is either to surf using your cellphone or to open a mobile hotspot in order to access websites blocked by your workplace, school or hotel abroad. You will, of course, be charged the normal rate by your cell provider, but it is a simple, elegant and virtually undetectable solution.
- Polyserver – Rather than committing to just one VPN provider or server, try switching to a lower-profile VPN service, or changing to a different server IP run by the same provider. Ask your provider whether it regularly recycles its IP addresses, making them harder to block.
- DIY – Instead of relying on VPN providers and their servers, run your own VPN server and connect to it from the censored location. A VPN sever owned by you will provide you with your own unique IP address, making sure you avoid basic IP blanket-blocking.Step 1: Click the Start button. In the search bar, type VPN and select ‘Set up a virtual private network (VPN) connection‘.Step 2: Enter the IP address or domain name of the server to which you want to connect.Step 3: If you want to set up the connection but not connect, select ‘Don’t connect now‘. Otherwise, leave it blank and click ‘Next‘.Step 4: On this next screen, you can either put in your username and password, or leave it blank. You’ll be prompted for it again on the actual connection. Click ‘Connect‘.Step 5: To connect, click on the Windows network logo on the lower-right part of your screen and select ‘Connect‘ under ‘VPN Connection‘.Step 6: In the ‘Connect VPN Connection‘ box, enter the appropriate domain and your log-in credentials and click ‘Connect‘.
- Tor – An implementation of onion routing, which encrypts and then randomly bounces communications through a network of relays, run by volunteers around the globe. Tor aims to conceal its users’ identities and online activity from surveillance and traffic analysis by separating identification and routing. Tor bridges can be used to bypass IP blocks on Tor nodes, and obfsproxy can be used to hide Tor traffic from Deep Packet Inspection.
- Lahana – An auto-build script that creates a basic OpenSwan VPN using PSK and routes all outbound TCP and DNS traffic through Tor. Lahana does not attempt to implement any form of secrecy/privacy whatsoever beyond that afforded by a PSK-based IPSEC/L2TP VPN. Running a Lahana node shouldn’t cost more than $20/month.
- Shadowsocks – An open-source proxy application, widely used in mainland China to circumvent internet censorship. Basically, it’s a SOCKS5 proxy that is available for most major platforms.
- Psiphon – An open-source internet censorship circumvention tool that uses a combination of secure communication and obfuscation technologies (VPN, SSH and HTTP Proxy) to bypass censorship. If you encounter a block when using VPN, for example, you can switch to SSH or obfuscated SSH (SSH+) instead. If you are surfing from a place where the Psiphon website is blocked, you can ask them to email you the software by writing to: firstname.lastname@example.org.
If you can disguise your VPN traffic as regular web browser traffic, you can make it impossible for a network to block your VPN. Here are some techniques for unblocking your VPN service on almost any network:
- TCP Port 443 – This is the standard internet encryption protocol you use every time you access a website with sensitive account data, such as your bank or credit card account.Since most high-quality, paid VPN services already use the SSL encryption library, switching the port number to 443 will let you easily slip through all but the most rigorous DPI firewalls. You can set it up by contacting your VPN provider’s tech supportTo change the port number:
- Find the correct configuration file. It has the extension .ovpn and is located …
- on Windows XP/Vista: C:\Programs\OpenVPN\config
- on Windows XP/Vista 64-Bit: C:\Program Files (x86)\OpenVPN\config
- on Macintosh OS X: Library/openvpn (in the Home folder of the respective user)
- Open the configuration file with WordPad or TextEdit. On Vista you have to start the editor with the option “Run as Administrator”.
- Delete any line containing “proto udp”
- Put a “#” at the beginning of the line “remote vpn1.hideway.eu”
- Add a line or remove the “#”: “remote vpn2.hideway.eu 443 tcp”
- Save the file
- Find the correct configuration file. It has the extension .ovpn and is located …
- Stealth VPN / Obfuscation – Even when using port 443, most VPN protocols have a data packer header, which can make it possible for a firewall to recognize the traffic as VPN traffic.
VPN service providers are obviously aware that some networks are blocking VPN traffic. That’s why they invented ‘stealth’ VPN technology, which scrambles or disguises your VPN traffic, making it unidentifiable as VPN traffic, or disguising it as regular TLS encrypted web traffic. VPN providers who offer stealth/obfuscation technology include: IPVanish, Proxy.sh, Torguard, VyprVPN, APN.ac and more.Using a VPN service with obfuscation or ‘stealth’ technology can allow your VPN connection to rewrite or obscure the packet headers, so it’s unrecognizable.
- SSL Tunneling – Is when an internal client application requests a web object using HTTPS on port 8080 through the proxy server. For example, when you are using online shopping.
The internet connection to the relevant e-commerce website is tunneled to by you through a proxy server. The client communicates with the target web server directly after the initial connection has been established by proxy server, by means of communication within the SSL tunnel that has been created after SSL negotiation has taken place.SSL tunnels are usually made using the Stunnel software, which must be configured on both the VPN server and on your computer. If you want to use SSL tunneling, you must discuss it with your VPN service provider. The OpenVPN data is wrapped inside an additional layer of TLS/SSL encryption. DPI techniques are unable to penetrate this extra layer of encryption, so they cannot detect the OpenVPN encryption inside.
- SSH tunneling – An SSH tunnel consists of an encrypted tunnel created through a SSH (Secure Shell) protocol. It is similar to SSL tunneling, except that the VPN data is wrapped inside a SSH encryption. SSH is mostly used in the business world for accessing shell accounts on UNIX systems, and is therefore nowhere near as popular as SSL. As with SSL tunneling, you will need to talk to your VPN provider in order to activate it.Both SSL and SSH tunneling are more secure than obfsproxy, as they wrap the traffic in encryption. However, obfsproxy is easier to set up and configure, and has a significantly lower bandwidth overhead, as it does not carry an additional layer of encryption.
In this day and age, any lock can be picked and any block can be tricked. At vpnMentor, we encourage you to stay safe, stay free, stay anonymous.
For our list of best & worst VPNs and their reviews, please click here.