Is your VPN being blocked by your ISP, university, work, or airplane firewall?
Encryption and circumvention tools like Virtual Private Networks are being used around the world to unblock content and websites, but what about networks that actually block VPN traffic?
Fortunately, there are several techniques/tools you can use to unblock your VPN service and regain full access. And even if your VPN isn’t capable of getting through the firewall, we’ll show you our favorite ‘Stealth VPNs‘ that can!
Who blocks VPN traffic? (and why…)
Networks that block VPNs are usually ones that want more control over their users (or to restrict what their users can do online).
Here are some of the common places you’ll find VPNs blocked:
- Work – More then ever, employers are blocking unauthorized VPN services to prevent employees from wasting time on sites like Facebook, twitter, or Reddit. Companies also want to know that their employees are doing online (they don’t want you sending emails or messages they can’t read). You can use a VPN to unblock websites at work, but be aware this could be a breach of your work agreement.
- School – These days, almost every school has internet access, but administrators want to monitor/restrict what students (especially younger ones) do online. They may block social networking sites and gaming sites in addition to VPNs
- Countries (China, Iran, UAE…) – Internet access brings free access to culture, information, and communication. Many countries want to control what their citizens can read, share, and discuss. Because a VPN is a common firewall circumvention tool, country-wide firewalls like ‘The Great Firewall of China’ always attempt to block VPN access.
- On-demand Wifi (Gogo in-flight wifi, hotels, etc…) – If you’ve ever tried to use a VPN on a plane to try and access Netflix, Hulu, or Spotify, you may have been surprised to discover your VPN couldn’t connect (or speeds were very slow). Hotel pay-per-day and in-flight wireless services like GoGo often block VPNs because they want you to pay for in-flight or in-hotel movies instead of streaming them yourself for free.
But here’s the good news…
Blocking VPN traffic requires identifying VPN traffic. Fortunately, there are several techniques you can use to disguise VPN traffic, making it almost unblockable.
How VPNs are Blocked
Firewalls use advanced software to perform Deep Packet Inspection (DPI) which can analyze the type and destination of every data packet traversing the network.
DPI is what allows your ISP to tell the difference between youtube, web browser, VPN, skype or any of 1000+ other types of traffic. DPI is how a network can throttle, restrict, or even block certain types of traffic.
But here’s the key: If you can disguise your VPN traffic as regular web browser traffic, you can make it impossible for a network to block your VPN (unless they’re willing to block all https browser traffic. Not likely).
How to Unblock a VPN
VPN providers are aware that some ISPs/networks are blocking VPN traffic. That’s why they invented ‘Stealth’ VPN technology.
A stealth VPN can disguise/scramble your VPN traffic so it’s either not identifiable as VPN traffic, or even better — disguised as regular TLS encrypted web traffic.
Here are the two tried and true techniques to unblock your VPN service on almost any network:
Technique #1 – Run OpenVPN on port 443
Port 443 is the port commonly used by SSL/TLS encrypted web traffic. This is a standard internet encryption protocol that you use every time you access a website with sensitive account data, like your bank, credit card, or tax account.
Since OpenVPN already uses the SSL encryption library, simply by switching the port # to 443, it will easily slip through all but the most rigorous DPI firewalls.
How to use port 443
Most high-quality, paid VPN services will allow you to switch the port # (or have dedicated server locations that access port 443). If you need help setting it up, just contact tech support for you VPN provider.
Technique #2 – StealthVPN / Obfuscation
Even if you use port 443, most VPN protocols still have a data packet ‘header’ which is like a fingerprint that can potentially allow a firewall to recognize traffic as VPN traffic.
By using a VPN service that has Obuscation or ‘Stealth’ technology, your VPN connection can rewrite or obscure the packet headers (smudge the fingerprint) so it’s unrecognizable.
VPNs with stealth/obfuscation technology:
- IPVanish (or read review)
- Proxy.sh (or read review)
- Torguard (or read review)
- VyprVPN (or read review)
- VPN.ac (or read review)
See our Stealth VPN Guide for a full list.
Advanced Obfuscation Techniques
If you really want maximum privacy and unblocking power, you can run your VPN through the tor network. On the upside, this makes your VPN virtually unblockable (and highly anonymous). The downside of using the Tor network is your VPN will now be routed through multiple encrypted proxy layers (of varying speed) so you’ll be lucky to get 5mbps using this method.
Configuring OpenVPN to access Tor via obfsproxy is rather complicated, but fortunately there are several VPN providers that have built vpn-over-Tor support into their service.
VPNs with VPN-Over-Tor Support
Summary and additional resources
We’ve learned 3 different ways to unblock your VPN on any network, and get through any firewall.
The easiest solution is often the best, and you’ll find 90%+ success by using either OpenVPN on port 443, or a VPN with built-in obfuscation technology.
And if after exhausting all options you still find yourself blocked, then go with obfsproxy and Tor as the ultimate unblocker.
Great site/info, I wish I found it sooner.
Also wish there were more sites like this for other techs, oh well.
Love hearing positive feedback. Glad we could help!
Agreed!!!
I’m using a vpn at work right now which was blocked until I read this article
my school has all of your links blocked? what do I do?
You can try using tor or an https proxy like kproxy.com. If those are blocked to, you’ll have to install the VPN while on a different network (not your school).
Interesting article, but I couldn’t find anywhere obfsproxy, is it deprecated? I already have an OpenVPN server on pfSense, is it possible to use obfsproxy with it?
Take that shitty library wifi!
Thanks guys, great info, super helpful!
This could be helpful for the future but it wasn’t helpful for me as of now. While my school has personal chrome book computers, I’m only trying to play apps on my phone using the school’s wifi. I used to use vpn apps like ultra surf, but recently it stopped working. What I need is a solution that will work for mobile.
Several of the VPNs in this guide as well as our stealth VPN tech article have mobile apps (iOS and Android) as well. IPVanish would be a good choice as they have a mobile app for both platforms with a built-in obfuscation option to get through firewalls.
none of these vpns worked for me all either says its blocked or says connection cut but only when i go to those sites
Do you mean the VPN sites themselves are blocked?
Yes my school has blocked these sites as well
which is the best for mac pro?
The choice of VPN depends mostly on what you want to use it for, not what platform you’re on. Why do you want the VPN?
I live in the UK and just need a VPN to access some blocked sites. dropbox.com fr instance.
I need it to do some work, so I signed up for hidden24co.uk but I cannot connect to it.
Tried it on my MacBook Air and my iPhoneX
Can’t connect to dropbox? Or the VPN?
I want to use NordVPN at school and I use it at home personally, but when I try to install the software onto my Mac, it needs an admin password to connect…
Most VPN software requires admin rights to run, but NordVPN has an easy workaround. If you have access to the chrome web browser, you can try installing the NordVPN secure proxy extension which you can connect to using your normal NordVPN username/password.
I use Private Internet Access VPN and even your site blocked me. I thought, how ironic, being blocked from this article which was written to specifically tell people how to get around being blocked.
Luckily I was able to keep my PIA VPN connection active and use the Opera browser’s built-in VPN to access this site with a non-PIA IP address.
Curious, what do you have against PIA?
This site does not block PIA. In fact, I frequently use PIA while editing the site and replying to comments. Heck, I’m using it right now. You may have some other issue not related to your VPN at all.
I use Nordvpn because IMO it’s super important that a vpn would frequently add new servers as it makes it easy to find a not blocked one. Cooperative client support is also essential, for example, if you want to stream US Netflix – support can give you info about newer and better services to connect.
New NGFW can see TOR, and are now able to see the traffic on 443..