What to do if your VPN is Blocked

Is your VPN being blocked by your ISP, university, work, or airplane firewall?

Encryption and circumvention tools like Virtual Private Networks are being used around the world to unblock content and websites, but what about networks that actually block VPN traffic?

Fortunately, there are several techniques/tools you can use to unblock your VPN service and regain full access. And even if your VPN isn’t capable of getting through the firewall, we’ll show you our favorite ‘Stealth VPNs‘ that can!

Who blocks VPN traffic? (and why…)

Networks that block VPNs are usually ones that want more control over their users (or to restrict what their users can do online).

Here are some of the common places you’ll find VPNs blocked:

1. Work – More then ever, employers are blocking unauthorized VPN services to prevent employees from wasting time on sites like Facebook, twitter, or Reddit. Companies also want to know that their employees are doing online (they don’t want you sending emails or messages they can’t read). You can use a VPN to unblock websites at work, but be aware this could be a breach of your work agreement.
2. School – These days, almost every school has internet access, but administrators want to monitor/restrict what students (especially younger ones) do online. They may block social networking sites and gaming sites in addition to VPNs
3. Countries (China, Iran, UAE…) – Internet access brings free access to culture, information, and communication. Many countries want to control what their citizens can read, share, and discuss. Because a VPN is a common firewall circumvention tool, country-wide firewalls like ‘The Great Firewall of China’ always attempt to block VPN access.
4. On-demand Wifi (Gogo in-flight wifi, hotels, etc…) – If you’ve ever tried to use a VPN on a plane to try and access Netflix, Hulu, or Spotify, you may have been surprised to discover your VPN couldn’t connect (or speeds were very slow). Hotel pay-per-day and in-flight wireless services like GoGo often block VPNs because they want you to pay for in-flight or in-hotel movies instead of streaming them yourself for free.

But here’s the good news…

Blocking VPN traffic requires identifying VPN traffic. Fortunately, there are several techniques you can use to disguise VPN traffic, making it almost unblockable.

How VPNs are Blocked

Firewalls use advanced software to perform Deep Packet Inspection (DPI) which can analyze the type and destination of every data packet traversing the network.

DPI is what allows your ISP to tell the difference between youtube, web browser, VPN, skype or any of 1000+ other types of traffic. DPI is how a network can throttle, restrict, or even block certain types of traffic.

But here’s the key: If you can disguise your VPN traffic as regular web browser traffic, you can make it impossible for a network to block your VPN (unless they’re willing to block all https browser traffic. Not likely).

How to Unblock a VPN

VPN providers are aware that some ISPs/networks are blocking VPN traffic. That’s why they invented ‘Stealth’ VPN technology.

A stealth VPN can disguise/scramble your VPN traffic so it’s either not identifiable as VPN traffic, or even better — disguised as regular TLS encrypted web traffic.

Here are the two tried and true techniques to unblock your VPN service on almost any network:

Technique #1 – Run OpenVPN on port 443

Port 443 is the port commonly used by SSL/TLS encrypted web traffic. This is a standard internet encryption protocol that you use every time you access a website with sensitive account data, like your bank, credit card, or tax account.

Since OpenVPN already uses the SSL encryption library, simply by switching the port # to 443, it will easily slip through all but the most rigorous DPI firewalls.

How to use port 443

Most high-quality, paid VPN services will allow you to switch the port # (or have dedicated server locations that access port 443). If you need help setting it up, just contact tech support for you VPN provider.

Technique #2 – StealthVPN / Obfuscation

Even if you use port 443, most VPN protocols still have a data packet ‘header’ which is like a fingerprint that can potentially allow a firewall to recognize traffic as VPN traffic.

By using a VPN service that has Obuscation or ‘Stealth’ technology, your VPN connection can rewrite or obscure the packet headers (smudge the fingerprint) so it’s unrecognizable.

VPNs with stealth/obfuscation technology:

• IPVanish (or read review)
• Proxy.sh (or read review)
• Torguard (or read review)
• VyprVPN (or read review)
• VPN.ac (or read review)

See our Stealth VPN Guide for a full list.

Advanced Obfuscation Techniques

If you really want maximum privacy and unblocking power, you can run your VPN through the tor network. On the upside, this makes your VPN virtually unblockable (and highly anonymous). The downside of using the Tor network is your VPN will now be routed through multiple encrypted proxy layers (of varying speed) so you’ll be lucky to get 5mbps using this method.

Configuring OpenVPN to access Tor via obfsproxy is rather complicated, but fortunately there are several VPN providers that have built vpn-over-Tor support into their service.

VPNs with VPN-Over-Tor Support

• NordVPN
• Proxy.sh
• BolehVPN
• AirVPN

Summary and additional resources

We’ve learned 3 different ways to unblock your VPN on any network, and get through any firewall.

The easiest solution is often the best, and you’ll find 90%+ success by using either OpenVPN on port 443, or a VPN with built-in obfuscation technology.

And if after exhausting all options you still find yourself blocked, then go with obfsproxy and Tor as the ultimate unblocker.

More useful articles and guides:

• Learn how VPN encryption works
• Why your passwords AREN’T strong enough
• The best VPN-capable  wireless routers