What to do if your VPN is Blocked

What to do if your VPN is blocked

Is your VPN blocked at school, work or your favorite streaming platform?

Virtual Private Networks are the perfect tool for unblocking content and staying secure online, but that makes them targets for firewalls and blacklisting too.

There are several reasons your VPN service might be blocked. You’ll learn why you’re VPN is blocked and the most effective methods to bypass VPN blocks.

Best VPNs to bypass VPN Blocks

These are the best VPNs for bypassing firewalls and vpn blocks. They offer advanced features that helps them evade firewalls, packet filtering and other VPN-detection technologies.

They offer unique features such as stealth protocols, VPN over Tor, and dedicated IP addresses to make sure your VPN works almost anywhere.

Why are VPNs blocked?

There are several reasons VPN traffic might be blocked on a network, service, or website.

These are the most common reasons.

1. School & Work

Students working on computers at school

Schools, universities and employers often block VPN traffic. There are a variety of reasons they might elect to do so. In general in boils down to a few things:

  • Distraction – If your network admin blocks social media apps and streaming sites to keep you focused at work or school, it makes sense to block circumvention technologies as well.
  • Security – Because VPNs are encrypted, packet filtering technologies like DPI don’t work. This can prevent a cybersecurity risk, especially at the office.
  • Liability – Some VPN uses can have legal risk, such as torrenting copyrighted files.

2. Licensing & Copyright

Best VPNs for Netflix

Many streaming services try to detect and block VPN usage. Netflix, Hulu, and Disney+ are a few examples of streaming apps with anti-VPN technology.

Content licensing is incredibly complicated and usually has different contracts for each geographic region. Because VPNs let you access content from multiple regions, they’re often targeted by streaming platforms.

VPNs may also be used to evade restrictions on account sharing by people that don’t live in the same location. This is something Netflix is cracking down on recently, asking account holders to pay for their shared accounts.

Fortunately, many VPNs have built workarounds that evade Netflix’s detection technology. Even better, such usage isn’t likely to be illegal, merely a terms of service violation.

3. Censorship

Government censorship is widespread outside of western democracies. You’ve no doubt heard of the ‘Great Firewall of China’. Numerous authoritarian regimes around the world attempt to limit access to information as a form of control. This extends to VPN blocking, which can be used to circumvent firewalls.

China isn’t the only country doing this. Russia, Belarus, Iran, Iraq and Turkmenistan are a few examples of countries that have declared VPN usage illegal. Others like Turkey, China, UAE and Venezuela are using firewalls and blocking technologies instead.

4. Fraud & Abuse

Bad actors use proxies & VPNs for DDOS attacks, fraudulent credit card purchases, online theft and other forms of fraud. They use the anonymity and database of IP addresses to commit crimes.

Even though this is a tiny minority of VPN users, many financial and e-commerce sites have taken steps to block VPN connections, especially for users that aren’t logged in.

Examples of sites that have (or currently do) limit VPN traffic:

  • Banks (blacklisted IP addresses)
  • Forum sites
  • Payment processors – Stripe, Paypal, Braintree

But here’s the good news…

Blocking VPN traffic requires identifying VPN traffic. Fortunately, there are several techniques you can use to disguise VPN traffic, making it almost unblockable.

How VPNs are Blocked

Network admins use multiple techniques to block VPNs and other encrypted traffic. These are the tools you’ll see most often:

Port Blocking

Network cables plugged into a router

VPN protocols like OpenVPN often run on the same default ports: 443 for TCP and 1194 for UDP traffic. If a firewall blocks these ports entirely, any VPN running on exclusively on those ports will be blocked as well.

Fortunately, full port blocking isn’t used very often, especially for port 443 which is also used by all SSL traffic (the encryption that protects all secure websites).

Bypass port blocking: Switch to a different tunneling protocol or non-standard port.

Deep packet inspection (DPI)

Even though VPN data packets are fully encrypted, they still contain metadata the tells intermediaries (like your ISP) where to forward them to.

Some VPN protocols even use default data packet headers that allow firewalls fingerprint VPN packets.

Firewalls use advanced software to perform this analysis. IT professionals call this Deep Packet Inspection (DPI) which can analyze the type and destination of every data packet traversing the network.

Deep packet inspection is what allows your ISP to tell the difference between youtube, web browser, VPN, skype or any of 1000+ other types of traffic. DPI is how a network can throttle, restrict, or even block certain types of traffic.

But here’s the key: If you can disguise your VPN traffic as regular web browser traffic, you can make it impossible for a network to block your VPN (unless they’re willing to block all https browser traffic. Not likely).

Bypass DPI: Use stealth protocols to obfuscate packet headers and circumvent fingerprinting.

Blacklisted IP addresses

VPN services rent huge pools of IP addresses which are shared among users with active VPN connections. Often these IPs are from the same ‘c-block’ of IP addresses, e.g. 100.65.192.1, 100.65.192.2 etc.

Services like Netflix attempt to identify which IP blocks belong to VPN traffic and then block those IP’s from streaming. Smaller companies can use 3rd-party IP blacklist databases provided by data brokers and cybersecurity consultants.

Blacklisting is the primary technique used by web-facing services and websites to block VPN traffic since they don’t have access to the raw packet data (like your ISP does).

Bypass IP Blacklisting – Switch to VPN servers, use dedicated IP addresses, use a VPN with integrated SmartDNS

How to Unblock a VPN

To combat VPN blockades, VPN providers have developed sophisticated workarounds to circumvent nearly every technology used by firewalls and websites to detect VPN traffic.

It’s important to choose the correct circumvention technique to match the blocking technology being used and the type of service or firewall that is blocking VPN traffic.

Recommended circumvention techniques:

  • Switch server / IP address
  • Change the VPN protocol or port
  • Use obfuscation (stealth protocols)
  • Use SmartDNS
  • Get a dedicated IP address
  • Change DNS servers

Change VPN Servers (new IP address)

Works for: sites and apps that block VPN usage. If it’s a streaming service (e.g. Netflix) you’re better off using SmartDNS.

Change NordVPN server location (map view)
NordVPN’s server selection (map view)

If you’re getting a VPN error from a specific website, service or app, there’s a good chance your IP addresses is in their blacklist database.

Sometimes, simply switching VPN servers will do the trick, which should put you in an entirely new block of IP addresses. Companies like NordVPN and ExpressVPN offer well over 100 unique server locations.

It’s a good idea to use a server location that matches the app’s visitor demographic. So if you’re visiting a US website, use a server based in the USA. Your Lithuanian IP address looks suspicious.

You may have to try a few different locations until you find an unblocked IP address. If you’re still blocked, try clearing your browser cache & cookies or using a different browser altogether.

Switch Protocols

Works for: Firewalls that block specific ports or VPN protocols (work, school, public wi-fi, in-flight)

Change VPN protocol or port settings (Private internet access)
PIA’s VPN protocol and port settings (Windows client)

By default, most VPN apps use the OpenVPN UDP protocol on port 1194. OpenVPN is pretty obvious with its footprint and is easily blocked by even basic firewalls.

If your VPN app offers it, try switch to OpenVPN TCP which usually runs on port 443 (the same as HTTPs web traffic). This makes it harder to block with port-based blocking.

If that fails, switch to a different protocol altogether. L2TP/IPSec is a good backup option, though you may have to setup a manual connection to use it. Recently, many VPN providers are offering the Wireguard protocol which isn’t targeted by as many firewalls as OpenVPN and is harder to fingerprint.

Wireguard VPNs: Private Internet Access, NordVPN, ExpressVPN, Cyberghost.

VPN providers are aware that some ISPs/networks are blocking VPN traffic. That’s why they invented ‘Stealth’ VPN technology.

A stealth VPN can disguise/scramble your VPN traffic so it’s either not identifiable as VPN traffic, or even better — disguised as regular TLS encrypted web traffic.

Here are the two tried and true techniques to unblock your VPN service on almost any network:

Obfuscation (stealth VPN)

Works for: Firewalls that detect VPN traffic (ISP, School, Work, public wifi)

Shadowsocks obfuscation (private internet access software)

Protocols like OpenVPN don’t have to use default ports. Nor do they need to use the default packet headers that make them vulnerable to Deep Packet Inspection.

Lots of VPN apps now include stealth protocols or other obfuscation techniques that help disguise VPN traffic and make it harder to block.

Enabling this is usually as simple as turning obfuscation on in the VPN software (as with IPVanish) or switching to an obfuscated server (NordVPN).

VPNs can use multiple Obfuscation techniques, such as:

  • changing default packet headers
  • Add additional SSL encryption (disguise OpenVPN traffic as https traffic).
  • Route through an encrypted proxy (e.g. ShadowSOCKS)

Obfuscated Protocols: VPNs like IPVanish and VPN.ac offer obuscation as an in-client option that you can easily toggle on, regardless of protocol.

Some companies have even built stealth protocols from the ground up. Vypr VPN offers their excellent Chameleon protocol (based on OpenVPN) which even works to bypass the Chinese great firewall.

Obfuscated Servers: Other companies have dedicated servers with anti-blocking technology. All you have to do is a choose a compatible server in your VPN apps server selection view. NordVPN and Express VPN are two companies with obfuscated vpn servers.

Also read: The Best stealth VPNs

SmartDNS

Works for: streaming services like Netflix, Hulu, NFL Sunday Ticket, HBOMax

If you want to access websites and streaming services like Netflix, you’ll need more than a simple VPN connection. These services use IP-blocking blacklists, network heuristics and other sophisticated strategies to detect VPN usage. Simply switching IP addresses isn’t going to cut it.

Instead, choose a VPN that uses an integrated smartDNS proxy to bypass VPN-detection algorithms. In fact, you don’t even need to use a VPN at all. Services like ExpressVPN’s mediastreamer DNS can be configured directly on your router, PC or mobile device.

SmartDNS works seamlessly behind the scenes and uses a secret pool of non-banned IP addresses for the initial authentication checks when you access a compatible streaming platform. It’s an elegant way to bypass VPN blocking.

VPNs with built-in SmartDNS: NordVPN, Private Internet Access, ExpressVPN.

Static / Dedicated IP Address

Most VPNs use pools or shared IP addresses, where you’re sharing a single IP address with dozens of other users. This type traffic often appears suspicious to websites and makes it easy to identify which IP blocks belong to VPN providers rather than residential traffic.

Some VPN services offer dedicated IP addresses, where you get your own unique IP that belongs to use you. These IPs are unlikely to be blacklisted and won’t have suspicious usage heuristics that you get with shared IPs.

Static IP addresses are usually a paid upgrade ($3-5 per month). VyprVPN even lets you deploy your own dedicated VPN server to a cloud VPS server which you can access using their app.

Switch to Mobile Data

Instead of using a firewalled wi-fi connection, just user your mobile data from your smartphone. You can even use the hotspot functionality or USB tethering to share your internet connection to other devices. This is perfect for streaming to your laptop at school if the school network is blocking VPNs .

Also read: How much data does a VPN use?

Change DNS

If your VPN doesn’t provide its own secure DNS servers, you’re likely using the default DNS provided by the network you’re connected to. These could leave you vulnerable to VPN blocking, even on simple consumer router models.

Instead, you can force your device to use 3rd-party (free) DNS services such as GoogleDNS (8.8.8.8, 8.8.4.4) or Cloudflare  (1.1.1.1, 1.0.0.1).

This technique will only bypass the simplest of firewalls, but it’s a completely free tweak (and good privacy practice) so it’s worth a shot.

Also see: this list of Free DNS servers.

Advanced Obfuscation Techniques

If you’re trying to circumvent a sophisticated firewall, the above methods to circumvent vpn blocks may not work. In that case, you can try one of these advanced obfuscation techniques.

VPN over Tor

NordVPN is one VPN provider that offers a VPN server that tunnels your VPN through the Tor onion network. This is a network of encrypted, anonymous proxies that help obfuscate the VPN data packets themselves, not just the headers.

Tor was built from the ground up as an anti-censorship and privacy tool, and it makes it nearly impossible for an endpoint or middle-man to identify the original source of the traffic.

In our testing, Tor routing is quite effective at bypassing VPN blocks.

VPNs with VPN-Over-Tor Support

ShadowSOCKS

Shadowsocks proxy

ShadowSOCKS is like a lightweight version of Tor, but doesn’t rely on a 3rd-party network of volunteer proxy nodes. Instead it’s a client that allows user (or VPN services) to tunnel to an encrypted proxy server over SSH. ShadowSOCKS can effectively transport and obfuscate UDP traffic such as OpenVPN.

Compared to Tor ShadowSOCKS offers faster speeds but may be less effective at bypassing the most advanced firewalls because it isn’t resistant to active probing.

Nevertheless, it’s proven highly effective at bypassing the Great Firewall and other national blockades.

Supported VPNs: Private Internet Access now includes a Shadowsocks option directly in their VPN app.

How to know if your VPN has been detected?

Websites that blacklist VPN usage are pretty transparent about whether they think you’re using one. For example, Netflix displays the famous ‘Netflix Proxy Error’ message if they detect your VPN connection.

Netflix proxy error

Other streaming apps aren’t quite so blatant but usually display an error message to the effect of:

“This content cannot be streamed in your region”

– Love, Hulu

And finally, some sites display no message whatsoever, they simply deny access. For example, I found that my online bank account would reject all my login attempts when connected to a certain VPN service.

Summary and additional resources

We’ve learned 3 different ways to unblock your VPN on any network, and get through any firewall.

The easiest solution is often the best, and you’ll find 90%+ success by using either OpenVPN on port 443, or a VPN with built-in obfuscation technology.

And if after exhausting all options you still find yourself blocked, then go with obfsproxy and Tor as the ultimate unblocker.

More useful articles and guides:

FAQ

If you’re VPN is blocked, you typically won’t be able to access the web at all. If a site is blocking VPN traffic, they’ll usually display an error message when you try to access it.

It’s a good idea to check your VPN connection logs, just in case it’s a configuration error and not a firewall that’s causing your issues.

It depends. If you’re using a standard VPN protocol without obfuscation then yes, your ISP can likely detect your VPN traffic based on the packet headers.

If you’re using port 443 or an SSH wrapper for your VPN, it’s less likely that their filtering technology can distinguish VPN usage from standard SSL traffic.

In some countries, yes. In other countries (e.g. China) VPNs are legal but heavily regulated. In most democratic nations, VPN usage is legal and widespread.

As long as your country doesn’t outlaw VPN usage, bypassing blocks shouldn’t be illegal. In cases where a website or service is blocking the VPN (Netflix), circumvention is usually a Terms of Service violation. This is not a criminal offense but could theoretically result in account termination.

To our knowledge, neither Netflix or any other major streaming platform has banned a user for VPN usage.

46 thoughts on “What to do if your VPN is Blocked”

        • I don’t recommend any so-called ‘free’ VPNs, because they’re monetized through other methods that undo any privacy benefit. There are a few paid services that offer a free tier, with limited bandwidth or speeds. Windscribe is a good option and allows up to 5G free data with an account.

          Reply
          • my parents installed MyCircle on my internet, and the only vpn’s I can currently use are browser extensions, which generally only last less than a day before my parents block the ip. Do you have any good vpn extensions?

          • Browser extensions aren’t true VPNs, more like an encrypted proxy for your web browser. So it will only anonymize browser traffic. NordVPN, Torguard, and Private Internet Access all have browser extensions. You also might try Opera VPN which is free and built into opera web browser.

            Also Hide.me VPN has 10GB of free data per month, and has a browser extension. FYI, your parents’ firewall may be blocking OpenVPN traffic, rather than the IPs of the servers. Try a stealth protocol or enable obfuscation if your VPN supports it.

            And stay away from most ‘free’ proxy extensions. A lot of them are malware.

      • You can try using tor or an https proxy like kproxy.com. If those are blocked to, you’ll have to install the VPN while on a different network (not your school).

        Reply
  1. Interesting article, but I couldn’t find anywhere obfsproxy, is it deprecated? I already have an OpenVPN server on pfSense, is it possible to use obfsproxy with it?

    Reply
  2. This could be helpful for the future but it wasn’t helpful for me as of now. While my school has personal chrome book computers, I’m only trying to play apps on my phone using the school’s wifi. I used to use vpn apps like ultra surf, but recently it stopped working. What I need is a solution that will work for mobile.

    Reply
    • Several of the VPNs in this guide as well as our stealth VPN tech article have mobile apps (iOS and Android) as well. IPVanish would be a good choice as they have a mobile app for both platforms with a built-in obfuscation option to get through firewalls.

      Reply
    • The choice of VPN depends mostly on what you want to use it for, not what platform you’re on. Why do you want the VPN?

      Reply
  3. I live in the UK and just need a VPN to access some blocked sites. dropbox.com fr instance.

    I need it to do some work, so I signed up for hidden24co.uk but I cannot connect to it.

    Tried it on my MacBook Air and my iPhoneX

    Reply
  4. I want to use NordVPN at school and I use it at home personally, but when I try to install the software onto my Mac, it needs an admin password to connect…

    Reply
    • Most VPN software requires admin rights to run, but NordVPN has an easy workaround. If you have access to the chrome web browser, you can try installing the NordVPN secure proxy extension which you can connect to using your normal NordVPN username/password.

      Reply
  5. I use Private Internet Access VPN and even your site blocked me. I thought, how ironic, being blocked from this article which was written to specifically tell people how to get around being blocked.

    Luckily I was able to keep my PIA VPN connection active and use the Opera browser’s built-in VPN to access this site with a non-PIA IP address.

    Curious, what do you have against PIA?

    Reply
    • This site does not block PIA. In fact, I frequently use PIA while editing the site and replying to comments. Heck, I’m using it right now. You may have some other issue not related to your VPN at all.

      Reply
  6. I use Nordvpn because IMO it’s super important that a vpn would frequently add new servers as it makes it easy to find a not blocked one. Cooperative client support is also essential, for example, if you want to stream US Netflix – support can give you info about newer and better services to connect.

    Reply
  7. Do proxies work the same? I have access to Oxylabs.io proxies from my work wondering if I can use them for my trip to China this year.

    Reply
  8. Great article! I use VPN a lot when travelling in order to access US Netflix.

    It would be great if you could write an article about residential proxies like Smartproxy and how they work for scraping etc. I’m thinking of purchasing a service but there are way too many paid reviews that I don’t seem to trust and I myself don’t have the right expertise to determine whether Smartproxy would suit my personal needs.

    Reply
  9. I can’t connect to my vpn (nordvpn) no matter what I do on my school wifi. I had tried all of the above techniques but still it wont work. I can’t play games like World of Warcraft while waiting for band to start or etc thanks to the filter. Help?

    Reply
  10. The site is really cool, but sadly, our school went to the point to block EVERY vpn. If there is a way to reach the vpns’ site, that would be great.

    Reply
  11. Nice article, a but too advance for me; I am a simple guy…. Tried to use a VPN and got blocked each and every time trying to log in any of my banks. Tried different servers (even ones located in my home city) but to no avail. So while I tried to be more safe as I am using public wifi, the final outcome is that I can’t do ANY online banking…. Any ideas? (as I said- ideas for a simple guy, without re configuring all my proxies/ports/protocols

    Reply
  12. Nice article, a but too advance for me; I am a simple guy…. Tried to use a VPN and got blocked each and every time trying to log in any of my banks. Tried different servers (even ones located in my home city) but to no avail. So while I tried to be more safe as I am using public wifi, the final outcome is that I can’t do ANY online banking…. Any ideas? (as I said- ideas for a simple guy, without re configuring all my proxies/ports/protocols

    Reply
    • Your bank’s website certainly uses https which encrypts all the text you type (like passwords) with a cipher similar to what your VPN uses. Bottom line: feel free to simply log-off your VPN when you need access your bank account, even on public wifi.

      Reply
  13. Hi guys
    Indian goverment has imposed restrictions on social network like youtube facebook whtsapp etc the have created firewall we used everyvpn and after each day vpns get blocked right now only anonytun works only on andriod but that app is not avaiable on iphone and the goverment hs also limited the internet speed to 2g low speed internet we are not able to download nor surf social media only we can access goverment sites
    even the ones wo paid for vpn they too havebeen blocked after some time
    can u suggest any method so that we can atleast have our right to use internet.Any method for iphonr to surf socials when vpns are also blocked and firewall is there
    it wuld be helpful if u can step by step tell me what to do
    thanks
    from
    KASHMIR

    Reply
  14. I am from Kashmir (India). Our have blocked internet service since August 4. Now, a month ago they have restored 2g network without social media access. We ran vpn for month but now it’s blocked by a firewall… Plzzz help us

    Reply
  15. I know nothing about any of this. Can you please help to use Google Voice, WhatsApp, and Google Chrome (or anything at all) through the Jpay WiFi provided to prisons?

    Reply
    • I’m not knowledgeable about the specific firewalls prisons use, but I expect there are extra strict rules on circumventing them. I can’t recommend any tactics or write a tutorial on that.

      Reply
  16. Hey,

    My school blocked most of the common VPNs I use like Proton etc. I’ve tried Hide.me and Windscribe but they do not work. Is there some sort of good free VPN that can at least let me access websites I want to access like discord etc? if there aren’t is there anything I can change in my vpn setting for windscribe, proton or hide.me?

    Thank you

    Reply
    • Many free VPNs are worthless or legitimately dangerous. You could try 1.1.1.1 which is completely free and has VPN-like functionality. It’s owned by Cloudflare which is a large, reputable company.

      Reply

Leave a Comment