Bypass VPN blocking on public networks

jbonne

Some public networks seem to block VPN access or just all ports except 80. Is there a way to still be able to VPN into my pfsense from those networks?

Derelict

Put your VPN server on a port that is not blocked by the network you're connecting from.

johnpoz

Most every site I have ever seen that allows internet would allow 443.. So run your vpn on tcp 443.. I do this since I have to bounce off a proxy at work.. And kind of hard to bounce udp off a proxy even if the port was open ;) But 443 is almost always open if there is internet.. Your issue then might be if they are doing mitm on your ssl - if that is the case sure and the hell would not be using that connection for anything anyway ;)

Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

MR-NT

@johnpoz:

Most every site I have ever seen that allows internet would allow 443.. So run your vpn on tcp 443.. I do this since I have to bounce off a proxy at work.. And kind of hard to bounce udp off a proxy even if the port was open ;) But 443 is almost always open if there is internet.. Your issue then might be if they are doing mitm on your ssl - if that is the case sure and the hell would not be using that connection for anything anyway ;)

Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

Dear Sir if you please can clarify this point

Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.

awair

Hi John,

I'm in need of some help here as well with STunnel…

I've read various posts on the forum, some say the pkg is incomplete, but is it complete enough to work? Someone else installed from command line, but is this necessary (or still possible)?

I plan to create a new OpenVPN client to connect on 127.0.0.1:1413: is this the right setup for STunnel?

Also the OpenVPN provider has given a stunnel.crt file - but I cannot import this to pfsense without the key.

Thanks in advance for any pointers.

![Screen Shot 2018-05-05 at 20.42.28.jpg_thumb](/public/imported_attachments/1/Screen Shot 2018-05-05 at 20.42.28.jpg_thumb)
![Screen Shot 2018-05-05 at 20.42.28.jpg](/public/imported_attachments/1/Screen Shot 2018-05-05 at 20.42.28.jpg)

Gertjan

@MR-NT:

Dear Sir if you please can clarify this point

Ok :
@johnpoz=topic=123266.msg794665#msg794665:

Or they are doing dpi and notice that your ssl traffic is not typical ssl, but openvpn - that would be very rare, but can work around that with a stunnel and then openvpn inside the stunnel.