A VPN makes your network traffic secure, anonymous and can bypass geographical restrictions known as the internet censorship. There are several reasons why online users choose to use a VPN, and maintaining privacy and security while being online is the primary reason.
With the prosperity of the VPN, some government websites and specific services block VPN traffic to retain their intended Internet Censorship. It's a chicken and egg game, and it will continue to evolve. People work around the Internet Censorship via a VPN, and the organizations and governments imposing Internet Censorship block VPN traffic to block unintended audiences. This term is referred to as "VPN Blocking".
If there is a VPN block, you will have to rely on the non-VPN mode to access the online content if the content is viewable on the non-VPN mode in your region. This would result in adding security risks if connected to a public network and prevents anonymous browsing. How do you continue to use a VPN, and bypass VPN blocks?
How does a VPN Block work?
There are several ways in which VPN blocks are implemented, and they are:
- There are specific ports that are used by VPN tunneling protocols – PPTP or L2TP. On specific networks, access to these ports can be blocked. Since these ports are inaccessible, users cannot use these protocols on specific services.
- VPN block can be imposed on specific IP blocks. IP addresses that belong to VPN providers are traced and blocked.
- Monitoring IP address is yet another way to block VPN traffic. If a large number of simultaneous connections is coming from the same IP address, then such IP addresses are blocked.
- Deep packet inspection commonly referred as DPI is used to identify cryptographic signature in data packets that are most commonly used by VPN protocols. By inspecting these meta information, traffic via VPN is blocked.
- Not so popular but yet another way is by implementing GPS based blocks. This means along with IP address even GPS data is tracked for such blocks.
Organizations look for techniques that can be implemented to block VPN based traffic that flows in by bypassing their firewalls. Contrary to this, a lot of VPN providers implement more sophisticated techniques to remain undetected to such VPN blocks.
China implements deep packet inspection to detect VPN protocols. However, there are VPN service providers that use techniques to avoid being detected using DPI. Similarly, there are VPN services that support GPS spoofing to bypass GPS based blocks.
Some of the governments that block VPN are:
- China – VPN usage is detected by the Great Wall of China, which governs internet censorship within the region.
- Iran – Only a few government-approved VPNs can be accessed. Any traffic from non-approved VPN traffic is blocked.
- Syria – Based on VPN protocols, deep packet inspection is implemented to detect and block VPN.
- Russia – VPN is not completely illegal. However, Internet service providers (ISP) have implemented blocking of online portals that offer VPN services. This is more of a conditional VPN blocking where VPN usage for business, legal purpose or personal use is not banned.
There are a few online services that block VPNs:
- Hulu – In 2014, Hulu started blocking VPN based traffic to prevent unauthorized users from viewing its contents outside the USA.
- Netflix – Netflix can detect and prevent VPN traffic. A lot of viewers on Netflix use VPN services to avoid bandwidth throttling that might be imposed owing to the ISP putting bandwidth restrictions while accessing Netflix content. Another issue is that, certain content on Netflix is meant for audiences in only specific geographical regions. To prevent viewers from accessing another geographical region’s content, VPN based traffic is blocked.
- BBC iPlayer – To prevent unauthorized access from other geographical regions, the service blocks VPN.
Reasons to implement VPN Blocks
Based on geographical or government restrictions, there are specific scenarios where VPN blocks are implemented. Some of these are:
- Government Internet Censorship – Certain geographical jurisdictions impose internet censorship. In such cases, the regulatory body blocks VPN based traffic.
- Streaming services – Certain streaming services impose VPN blocks since these services are accessible only from certain geographical locations. To block any unauthorized usage, the VPN traffic is blocked.
- Internet Service Providers – Certain ISPs prevent VPN usage to avoid copyright infringement and online piracy. Also, VPN blocks are implemented in certain cases to implement bandwidth throttling while accessing specific services.
- Workplace restriction – Many institutions, Schools, workplace block VPN usage to restrict access to a specific website such as Facebook or YouTube.
How to bypass VPN blocks?
There are a few well-tested ways in which VPN blocks can be bypassed. Some of these are:
- Dedicated IP Addresses – Dedicated IP is a way in which you can minimize the chances of being blocked while using a VPN. A lot of VPN providers allow users to purchase dedicated IP address in addition to their subscription plan.
VPNs normally provide a shared IP address. So, you would end up sharing your IP with multiple users. Services can look at traffic and block such IP addresses. As a workaround, dedicated IPs can be used.
With dedicated IP, a user will have a unique IP that is not shared. Owing to this, most services will not suspect a VPN traffic and the chances of being blocked on VPN are less. However, this requires a VPN service that provides dedicated IPs.
- Obfuscated servers – Top rated VPN services use obfuscated servers which are servers that implement more advanced features. VPN traffic does not allow intermediate parties to view the actual content of the VPN traffic, however, from the signature it is possible to detect if traffic is being routed through a VPN.
Obfuscated servers use advanced techniques to make it impossible to detect if traffic is being routed through a VPN. It scrambles the data and modifies meta-information to make the traffic look like any other normal internet traffic.
With added anonymity, such obfuscated servers keep VPN traffic undetectable. This can bypass geographical restrictions and internet censorship. Such servers scan for other open ports to send traffic, instead of relying on the most frequently used VPN ports. This again makes it difficult to detect VPN traffic and block it.
- Port Change – Ports are one of the most common ways in which VPN services are blocked. Port switching is provided by several VPN services. VPN services scan ports to avoid blocking. One can also manually switch ports.
HTTPs traffic is sent using port 443. This is one port that can be used for port switching. Since this is a commonly used port, it's less likely to be blocked. Same is with port 80 which will be rarely blocked.
- Protocol Change – OpenVPN uses port 1194, whereas SSTP (Secure Socket Tunneling Protocol) uses port 443 by default. So, you can choose a VPN service that supports SSTP protocol.
While OpenVPN is the most commonly used VPN protocol, this is more prone to VPN blocks. VPN services also support other protocols which can be explored.
Some of these alternate protocols may slow your browsing speed. However, if anonymity and security is a concern over speed, some of the alternate protocols can be checked. Few of the alternate protocols are – L2TP/IPSec, SSTP, WireGuard, IKEv2, PPTP.
Not all of these protocols are supported by all VPN providers. Secondly, you would have to weigh a trade-off between speed and security. For instance, PPTP provides substantial speed but is low on security.
- Server Switching – Some services block specific VPN server traffic or IPs. In such cases you can try switching to another VPN server available with the same VPN provider. This is possible only if the VPN provider has servers in many regions.
Some VPN services also provide regular IP refreshing that can bypass VPN blocks that are based on IPs. It is important to choose a VPN that offers IP refreshing and supports unlimited server switching.
- Mobile Data – If you are facing VPN blocks within the workplace or schools then you can try to bypass by getting connected to alternate data channels such as mobile data. Such restrictions are mostly implemented on Wi-Fi.
- Tor Browser – Tor also referred as Onion router is used for anonymous web browsing. Layers of encryption are implemented on the traffic to maintain anonymity. However, tor browser is not completely secure and IP addresses or location can be tracked at entry or exit nodes.
Many VPN providers are compatible with the Tor browser wherein you use the Tor browser as well as VPN. This maintains anonymity and provides completely encrypted browsing. With this, it's hard to detect the IP address and hence harder to block VPN traffic.
Other software such as Shadowsocks or Psiphon can also be explored to bypass VPN blocks. However, these techniques would require some technical expertise.
- SSL or SSH Tunnel - Using Stunnel one can create SSL or TLS tunnel. This works over port 443 and is supported by most VPN providers. This makes it hard to be detected for VPN blocks. An SSL tunnel setup has to be done at both client and server-side. So, to use this you will have to contact your VPN provider.
Similar to SSL, SSH can also be used to bypass blocks. This again goes undetected and would require you to contact your VPN service provider for the setup.
There are multiple reasons why certain services or geographies implement VPN blocks. However, there are multiple workarounds to bypass VPN blocking. If security and anonymity is your top concern, it’s important to choose a VPN service that can bypass these VPN blocks.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.