Avoid ISP blocking VPN connection

networking vpn isp vps blocking

PPTP can be blocked by ISPs because it (1) runs exclusively on port 1723 and (2) uses non-standard GRE packets which are easily identifiable. See PPTP on Wikipedia.

The solution is using OpenVPN protocol instead of PPTP. Here's a tutorial by BestVPN that covers setting up OpenVPN on a linux VPS.

There are increasing degrees of obfuscation that can make OpenVPN traffic pass under your ISP's radar. Ordered from easiest implementation/detection (they correlate) to most difficult:

  1. Default Configuration - Just install open VPN. It runs on TCP Port 80 by default, same as regular web traffic. Many operators block encrypted packets on this port, so this is the probably the first step covered in the ISP's VPN-blocking strategy.
  2. Use TCP Port 443 - Running OpenVPN through TCP 443 (same as HTTPS/SSL traffic in the browser) is the next step. This puts your encrypted VPN traffic in the same bucket as the data you exchange with secure sites such as your bank. Certain deep packet inspection methods can filter out VPN traffic on this port, so your ISP might have that covered too.
  3. Obfsproxy - Easier than it sounds. It's a a project developed by Tor to allow access to relays being blocked, but works for VPN traffic as well. Needs to be installed on both VPN server and client machine.
  4. Via SSL Tunnel - Now the bigger guns. Using stunnel one can send one's VPN traffic through a second layer of SSL encryption, effectively masking VPN traffic as standard SSL traffic. This method is imperceptible to known deep packet inspection methods.
  5. Via SSH Tunnel - Stealth Bomber. Even in highly censored environments, SSH will almost always go through, as it is a core functionality of modern server architecture and the censorship tactics themselves involve SSH.

These methods are covered in another tutorial by BestVPN here.

You can start with a plain vanilla OpenVPN setup. If it works for your ISP, all done. Otherwise, try each step in order, checking back to see if you can get through after each configuration change. Note that SSL/SSH tunneling methods are more secure than Obfsproxy, but do cause a performance hit from the double encryption.

Related

How to disable message sorting on Thunderbird?
Samba: Read only for guests with a write list
What is the ffmpeg command to convert 3gp to ulaw?
Processing YouTube video in ffmpeg
A few questions about leveling in Final Fantasy 6 [closed]
How do you make minecraft run smoother and get more FPS? [duplicate]
Items don't appear at Rangers Safe-house fater updating to patch 1.4.0525
Does crimson spread in the mobile edition?
What contributes to generating guilt?
Can't sell Steam Cards, Can Sell Booster Packs?
Is Shao Kahn Raiden's brother?
What are the benefits of merging a unit?