What To Do If VPN Is Blocked By Your ISP
Internet censorship is a real pain but you can get past it by using a VPN (virtual private network). Normally, all this involves connecting to a VPN server somewhere that isn’t censored and the problem is solved – almost. Unfortunately, people know that VPNs allow people to do this, and put measures in place to block the use of VPNs.
Examples of internet censorship
Many agencies make use of internet censorship, for various reasons. They include:
- • Censorship by governments. In various countries governments try to limit internet access for political and or social reasons. Examples include ‘the Great Firewall of China’, as well as state actions in Iran. The United Arab Emirates have even criminalized the use of VPNs.
- • Governmental censorship to protect copyrights. Piracy has been made easier by the internet in various ways, and governments have blocked access to some websites to prevent copyright infringements. The UK and other European countries have been especially active in this respect, with Russia also taking action to block certain websites.
- • Censorship in the workplace. Apart from blocking websites, such as social media sites that might distract employees and allow them to socialize on work time, some employers block websites with content that might offend other employees. This is done for good reasons and is not sinister censorship, as in other examples.
- • Educational institutions. These commonly block access to websites that are deemed unsuitable and the motivation is to protect, especially when minors are involved. Censorship at universities is a bit more controversial, and strange in the context of an adult learning environment! Often it’s porn, social media and piracy sites that are blocked, but political content may also be targeted. Insensitive censorship can also deny young people access to information that they need, for example regarding sexual health, sexual and racial discrimination and advice on the dangers of drug use.
What the law says
The owner of any private Wi-Fi network or LAN, whether that’s at work, home or in a school or university, is legally entitled to restrict what people do when connected to it. That means that evading legally valid VPN restrictions can be a problem, potentially leading to suspension, disciplinary measures or even dismissal. So think carefully whether evading VPN blocks is worth the risk.
VPN blocks – how they work
There are several ways that VPN use can be blocked, and various methods can be combined to make evasion more difficult. How is internet traffic controlled? In China there are only three access points, which are government controlled. More commonly, governmental VPN blocks and the desired censorship is achieved by imposing requirements on ISPs.
How do they do it?
Access to VPN providers’ websites is a starting point, but is just one of a set of strategies used. That stops people signing up for services or acquiring its software. That may extend to review websites and other websites that are explicitly opposed to fighting censorship and offer relevant information. It’s not easy for the censors though, because there are so many VPN providers out there.
Blocking IP addresses
As well as blocking website access, censors can find the IP addresses of VPN providers’ servers and block those as well. This is the usual method for inhibiting VPN use. Often this, along with blocking the service providers’ websites, is as far as it goes. Most organizations opt for blocking only the most popular VPN service providers. That means that some smaller or less well-known providers can escape the net.
Technical details – blocking ports
OpenVPN uses port 1194 (UDP), though this can be switched to TCP. Different VPN protocols make use of other ports, but the bottom line is that blocking these ports is an easy and commonly used way to prevent VPN use is to block access to the ports with a firewall.
DPI (Deep Packet Inspection)
When data travels across the internet it transfers as ‘packages’ that are inspected at points along the way. Deep packet inspection (DPI) looks at the data, and potentially also the header, of these packets along the route. Different technologies, of varying effectiveness are used for inspection.
One problem for VPN users is that data packaged according to VPN protocols is easily identified. Encryption means that the contents are secure but with DPI it’s quite simple to establish that a VPN protocol is involved in the encryption. Any group using DPI to identify VPN traffic is clearly determined to identify VPN traffic.
Easy ways to respond– Mobile connections can help. This won’t for government-level blocking, but for many other environments, like work or university, it will. With a cellphone you can avoid VPN blocks. The downside is that you’ll have to pay your standard charges for mobile data use, but still – you can check your Facebook with only a small risk of getting punished. Use other VPN servers or providers
Sometimes using a lower-profile VPN service will evade blanket IP blocks. The blockers can’t keep on top of all the IP addresses of all VPN service providers and so a less well-known VPN – even if it’s run by the same provider – can achieve the result you need.IP addresses can be recycled and swapped around, making it really hard for wannabe-censors to keep track of them. It’s a bit like the game ‘whack-a-mole’, and it works. You might ask your VPN provider if it does this. At present, almost all VPN providers use IPv4 IP addresses (32 bit), instead of the newer IPv6 (128 bit). With IPv6 many more IP addresses will be available, which means that, in time, the current basic IP blocks will be increasingly less useful.
Use a VPN of your own
You’ll have to be quite committed for this one, but you can run your own VPN server and connect to it from the censored location, whether that’s work premises or a country. Your own unique VPN IP address can’t be blocked but has fewer privacy protections than you get with a commercial VPN service. A home PC can be set up to work as a personal server, or you can configure a rented VPS (virtual private server). It’s also great for geospoofing (concealing your location so you can access content blocked in your country. This might all be hard work, but there are companies who can do the high tech stuff on your behalf.
Unique UP addresses
You can have a dedicated IP address with some VPNs. Again, this is your own unique IP and so websites like Netflix or the BBC iPlayer probably won’t be able to block it. But the same downside also applies – you’ll lose some privacy benefits.
If you’re visiting a location where VPN blocking might be an issue, you can prepare in advance. Join a VPN service and get the software beforehand. In places where VPN provider websites are blocked, the VPN connections that are provided are often not affected. If you can’t prepare upfront, there are other censorship technologies that can help you access the VPN websites, so you can sign up and get going.
Use different port numbers
You may be able to change the port that your provider uses as standard. The standard port is called TCP port 80. This is used by ordinary, unencrypted internet traffic (HTTP, as opposed to the secure protocol, HTTPS). If this port is blocked the internet would be unable to function, so censors don’t attempt it. Unfortunately, VPN traffic that uses this port is easy to identify.
HTTPS, which is used for secure websites, depends on port 443. As with port 80, blocking this is also rarely done, because it plays havoc with online commerce generally, and so is rarely targeted by blocking systems. The other advantage of port 443 is that it’s nested inside the HTTPS TLS encryption, which makes it hard for DPI to pick it up. For evading VPN blocking, TCP port 443 is therefore the ideal port to use.
Does your VPN provider allow you to change port numbers. Many do, by means of their custom software. This is especially true for those that use the OpenVPN protocol. Your provider may not, or at least at the software level, but the possibility is there at the server level. All it requires is a small change to your .ovpn file, which will alter your OpenVPN configuration. Doing this is something your provider should be able to advise you about. A final option, if it’s available to you, is to use the SSTP protocol, in which the TCP port 443 is the default.
Need Help With Your IT?
Want more? Check out some of our reviews
Can’t say enough about the competent staff at Quikteks! Responsive and extremely helpful, they take the frustration out of all our computing issues. They have smartly guided our business into the right equipment and computer structuring. What was once a huge headache is no longer, thanks!
These guys are terrific! They manage all of our IT needs and do it with a smile on their face. We have never had an issue with response time, the managed services they provide or cost/billing.
A real pleasure to work with.
I have used Quikteks for all of my firm’s IT needs including server, PC, backup and phone system for years. They are terrific! Fast response time when issues arise and always reasonably priced.
We rely upon Quikteks for all of our IT services as well as website development and maintenance. Every member of their team is top notch! Would highly recommend them to any business. And, our website just blew us away!
Quikteks has always been there to help me with technology issues and questions. They are very responsive and extremely knowledgeable. I would highly recommend them to my clients and friends.
Thank You Quikteks for being there again. Your support and service is greatly appreciated. All-Ways knows we can count on you whenever we pick up the phone or email the Quikteks team. You always have the answer we need. Thanks Andrew!
We have had several IT companies before Quikteks so we definitely can give an honest opinion. We have experienced a very high quality of care and expertise as well as a partnership approach. We recently moved to a new location and they were with us every step of the way. The owner, Nick Tammaro, personally came to sit in on meetings with the GC to make sure everything on the IT side was going right. He went out of his way to supply us with data techs to rewire a few temp offices so we had no down time. His staff is always available and work tirelessly to resolve issues as well as being proactive to reduce unforeseen problems. I would highly recommend them.