Ever wondered what VPN Blockers are, how they work and by which means it is possible to avoid them? This is what I will try to elaborate in this blog post.
Why do VPNs get blocked?
There are many reasons why some services attempt to block VPNs. A government might want to enforce censorship, a public WiFi provider wants to see what is being done over their network, and your employer wants to take all possible distractions away from you; because there are always more fun things than working, right?
To know how you can avoid such blocking of your VPN, we will first try to understand how the blocking works. Different methods are used and each has its own strengths. The most common ways are explained below.
Blocked IP
Probably the easiest way to block a connection is to blacklist IP addresses. Each VPN service has a limited, although usually growing set of IP addresses. IP addresses known to belong to a VPN service can simply be blocked by a firewall. Major VPN services are more likely to be the target of IP blocking.
Some services also go the other way round and whitelist IP addresses, which they know not to belong to a VPN server. The network then simply doesn’t allow contact to any IP that is not on that list.
IP addresses can be used to determine the position of the corresponding server. Some services or governments use this knowledge to block all connections to or from certain geographic areas. This can be used by services that do not want to allow connections to servers in specific areas.
If you want to check whether your IP is blacklisted, go to whoer.net and look for the result of the “Blacklist” check.
Blocking ports
A computer has a large number of ports over which applications can communicate. A given port on the source computer can then communicate with a port on the destination computer. This is, by the way, the reason why different applications can use the internet at the same time. Since the application only gets the information that is sent to its port, mix-ups do not happen between applications (usually). Data transmission occurs according to two different protocols called TCP (Transmission Control Protocol) and UDP (User Datagram Protocol).
TCP is a reliable way to accurately transmit data. When using TCP, the receiver has to confirm that he received each data packet that has been sent. If the sender does not receive this confirmation within an appropriate period of time, it assumes that the packet was lost on the way and sends it again. This is somewhat time consuming but ensures accurate and complete transmission.
UDP does not expect arrived data to be acknowledged, but simply sends on the go. If something doesn’t arrive, well … too bad. This protocol is less reliable, but much faster, making it well suited for real time applications.
Now let me come to the point: A VPN usually uses UDP for data transmission, while web browsing is done over TCP connections. Blocking outgoing UDP connections therefore blocks most VPN connections, while still allowing to browse the internet, though with strong limitations. So a possible work around against UDP blocking might be to use a VPN Server that supports both tunneling over TCP and UDP.
Deep Packet Inspection (DPI)
DPI is a technique used to examine the data that are sent through a network. When transmitting data, a router is supposed to only look at the destination and transmit the data packet. It is possible though that a network wants to know, analyze or monitor all data passing through it. Therefore, the data’s meta data are inspected to different degrees and even the content of the data could be exposed. This is quite a demanding procedure and slows down the traffic, but it can be done in order to filter connections. The user is not able to notice, whether or not his traffic has been inspected.
What you can do
Accept it: You could simply live with it, but this is not the point of this post.
Try reconnecting to the VPN: VPN providers may have multiple servers at the same location. Try to disconnect from your VPN and reconnect again. You might connect to another server, whose IP is not affected by the VPN Blocker.
Use a VPN running on TCP port 443: VPN connections don’t usually use TCP to establish connections; so running a VPN over the TCP port 443 might bypass simple firewall rules. Port 443 is used by default for all HTTPS connections. The transmission using TCP is more time consuming, as a reliable transmission is expected. This is why we suggest using it only when there is a need to circumvent blocking. SnowHaze VPN offers a VPN running on TCP port 443, which is called “Firewall Bypass” and runs on the Swiss server.
Use cellular network: Connecting to the internet over your mobile carrier will usually solve all local VPN blocking techniques. If you have unlimited data and bandwidth, this might be the best way to go. Browse from your phone or turn on your hotspot.
Conclusion
As for most restrictions, VPN blockers can usually be bypassed. This post of course does not present all existing possibilities. Some VPN blockers cannot be tricked using the above methods, but require techniques that are more advanced. I am not trying to support or encourage illegal activities with this article. The internet is such a wonderful place and I just want everybody to enjoy it without restrictions in freedom and privacy.
Related Posts
Download SnowHaze
