Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bypass VPN blocking on public networks

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 6 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jbonne
      last edited by

      Some public networks seem to block VPN access or just all ports except 80.  Is there a way to still be able to VPN into my pfsense from those networks?

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        Put your VPN server on a port that is not blocked by the network you're connecting from.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          Most every site I have ever seen that allows internet would allow 443.. So run your vpn on tcp 443.. I do this since I have to bounce off a proxy at work.. And kind of hard to bounce udp off a proxy even if the port was open ;)  But 443 is almost always open if there is internet..  Your issue then might be if they are doing mitm on your ssl - if that is the case sure and the hell would not be using that connection for anything anyway ;)

          Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1

          1 Reply Last reply Reply Quote 0
          • M Offline
            MR-NT
            last edited by

            @johnpoz:

            Most every site I have ever seen that allows internet would allow 443.. So run your vpn on tcp 443.. I do this since I have to bounce off a proxy at work.. And kind of hard to bounce udp off a proxy even if the port was open ;)  But 443 is almost always open if there is internet..  Your issue then might be if they are doing mitm on your ssl - if that is the case sure and the hell would not be using that connection for anything anyway ;)

            Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

            Dear Sir if you please can clarify this point

            Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

            1 Reply Last reply Reply Quote 0
            • A Offline
              awair
              last edited by

              Hi John,

              I'm in need of some help here as well with STunnel…

              I've read various posts on the forum, some say the pkg is incomplete, but is it complete enough to work? Someone else installed from command line, but is this necessary (or still possible)?

              I plan to create a new OpenVPN client to connect on 127.0.0.1:1413: is this the right setup for STunnel?

              Also the OpenVPN provider has given a stunnel.crt file - but I cannot import this to pfsense without the key.

              Thanks in advance for any pointers.

              ![Screen Shot 2018-05-05 at 20.42.28.jpg_thumb](/public/imported_attachments/1/Screen Shot 2018-05-05 at 20.42.28.jpg_thumb)
              ![Screen Shot 2018-05-05 at 20.42.28.jpg](/public/imported_attachments/1/Screen Shot 2018-05-05 at 20.42.28.jpg)

              2.4.3 (amd64)
              and given up on the SG-1000

              1 Reply Last reply Reply Quote 0
              • GertjanG Offline
                Gertjan
                last edited by

                @MR-NT:

                Dear Sir if you please can clarify this point

                Ok :
                @johnpoz=topic=123266.msg794665#msg794665:

                Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

                No "help me" PM's please. Use the forum, the community will thank you.
                Edit : and where are the logs ??

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.