this post was submitted on 18 Jul 2024
9 points (90.9% liked)

networking

2824 readers
2 users here now

Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.

founded 1 year ago
MODERATORS
 

Hi, i have this weird issue where both my IVPN and my AirVPN connection works only if i do the following:

Disabile WiFi Connect to LTE and open either IVPN or AirVPN Connect to wireguard protocol Enable WiFi and Connect to it Disabile LTE

Now it works

If i try to connect to wireguard protocol from WiFi directly (corporate WiFi) it doesnt work

Any idea why?

If i Connect from my home WiFi it works normally

Thanks

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 3 points 4 months ago (1 children)

Your work is likely blocking the domains they use for authentication, but once you're registered and got the peer IP and port, once you're back on WiFi the corporate firewall doesn't catch that.

A lot of VPNs just log in over an HTTPS API which isn't exactly stealthy.

[–] [email protected] 2 points 4 months ago (1 children)

Thanks for the insight, any way of bypassing this block?

[–] [email protected] 4 points 4 months ago* (last edited 4 months ago) (1 children)

Apart from automating the quick hop to LTE to turn it on, not really.

Some VPNs stack two VPNs together, one that's just to get on their network and the other being the real one. It helps a bit.

Although the ones that care about evading firewalls are typically not bargain bin VPNs like AirVPN and IVPN, and typically don't use WireGuard because it's terrible at hiding. It's very good, very secure and very performant, but it also doesn't try to masquerade as just another website or some form of TLS protocol over port 443. The serious ones have things like WebSockets, ShadowSocks, meek, and whatever one works on China today. But do you really need that much? It's usually the kind of stuff where you have to make a choice between performance and bypassing most firewalls.

Sometimes OpenVPN will go through, because it can do that so if the firewall isn't too smart it will miss it. But if WireGuard works by just authenticating over LTE, eh, worth it.

(And even then, if I was in charge of corporate IT and had to lock down the network to prevent exfiltration, you wouldn't get any VPN past me, because I wouldn't care about collateral I can just allowlist as it comes up. That's a tradeoff places like Russia and China can't quite afford.)

[–] [email protected] 2 points 4 months ago

Thank you for the answer. I tried as well to do the same using open VPN protocol but after I drop LTE it disconnect.