My work WiFi blocks WireGuard and OpenVPN connections, which is a huge bummer. I just want to be able to connect to my NAS while I’m at work, but IT doesn’t want to hear that.
At least I can still use IKEv2 with my commercial VPN, so my employer can’t see how much I browse on Lemmy throughout the day.
I may be wrong on how they “detect” VPN traffic but the lazy way would be to block the common “default” ports used by those services. If they are just blocking this port you could change what port you use. While it does come with its own issues as its a common scanned port changing the port to something like 80 or 443 and “look” like normal internet traffic. Might get around their block.
There’s a few ways to “detect” VPN traffic, and you’re missing some but port blocking is one of them. Rerouting over 443 is a possible workaround, but depending on the network architecture they can still detect VPN traffic using deep packet inspection.
Blocking ports is a very simple mechanism to prevent things and it doesn’t take long for a business to grow into IT management that involves more sophisticated methods like DPI.
VPN protocols have distinguishable packet headers/metadata/handshakes/etc. DPI can easily identify and block those, or any other known protocols, if they have it configured to do so.
Ah nice to know. I’m just an amateur hobbyists. I just remember years ago the company I worked for(somewhat large) blocked ports 80 and 443 but left almost everything else open. Stop employees from browsing the web. I went home hosted a web page served on some random high port that worked as a proxy and loaded pages I wanted then used it to play flash ( shows my age) games at work to kill time. Looking back guess I could of gotten into some shit but no longer work for them. It was a fun time though.
My work WiFi blocks WireGuard and OpenVPN connections, which is a huge bummer. I just want to be able to connect to my NAS while I’m at work, but IT doesn’t want to hear that.
At least I can still use IKEv2 with my commercial VPN, so my employer can’t see how much I browse on Lemmy throughout the day.
I may be wrong on how they “detect” VPN traffic but the lazy way would be to block the common “default” ports used by those services. If they are just blocking this port you could change what port you use. While it does come with its own issues as its a common scanned port changing the port to something like 80 or 443 and “look” like normal internet traffic. Might get around their block.
There’s a few ways to “detect” VPN traffic, and you’re missing some but port blocking is one of them. Rerouting over 443 is a possible workaround, but depending on the network architecture they can still detect VPN traffic using deep packet inspection.
Blocking ports is a very simple mechanism to prevent things and it doesn’t take long for a business to grow into IT management that involves more sophisticated methods like DPI.
VPN protocols have distinguishable packet headers/metadata/handshakes/etc. DPI can easily identify and block those, or any other known protocols, if they have it configured to do so.
Ah nice to know. I’m just an amateur hobbyists. I just remember years ago the company I worked for(somewhat large) blocked ports 80 and 443 but left almost everything else open. Stop employees from browsing the web. I went home hosted a web page served on some random high port that worked as a proxy and loaded pages I wanted then used it to play flash ( shows my age) games at work to kill time. Looking back guess I could of gotten into some shit but no longer work for them. It was a fun time though.
The ones that maintain a whitelist of connections are the hardest to get through