I’m a student at a university that’s located a bit far from the city, and the WiFi and mobile data connections here are really spotty. On a good day, we might get 10-15 Mbps at best, and it’s really inconsistent, especially in the dorms. The university library does have a wired fiber connection that gives us 200 Mbps+ on average, but the issue is that they have a Sophos Proxy/Firewall setup that blocks a lot of entertainment websites like Netflix, Prime Video, and Disney+. YouTube is still accessible, though.
I have a problem where I need to update Microsoft Flight Simulator (40 GB worth of updates!) and work with my personal NextCloud Drive, which would sync a lot faster with the faster internet connection at the library. I use Tailscale and an Nginx Proxy Manager to manage my VPS/Raspberry Pis, but unfortunately Tailscale can’t connect on the university network and SSH connections seem to be blocked entirely, even to public IP addresses. I’m looking for ways to bypass this for completely legal purposes, and I’m not too worried about consequences since the IT department is inflexible and said that they can’t make any changes for student convenience. In fact, the Dean/Head of the Faculty of Engineering even encouraged us to find ways around the internet restrictions. The IT department isn’t very strict or effective, so the worst that would happen is that I might get a black dot (an academic punishment) if I do something wrong.
I’ve tried a few things that haven’t worked:
ProtonVPN/ExpressVPN/NordVPN
Privoxy
Tailscale/Zerotier (unable to establish connection)
WireGuard/OpenVPN servers running on my public IP VPS’ (connection doesn’t pass data)
SSH to public IPs (connections appear completely blocked, nothing works)
The only thing that has worked for me so far is Psiphon VPN (https://psiphon.ca/), which has allowed me to access the normally blocked websites. I’m not sure exactly how it works, but I’m interested in finding out if there’s a way to replicate it. Thanks in advance for any answers or advice.
I had the same problem. After some reseaches, I figured out port 1194 wasn’t blocked on my university’s network, so I configured Wireguard to use this one and it worked perfectly fine. Had to change university, and same thing here, default port was not working but 1194 was.
Maybe you could try and see if changing port works for you
Are you from USA? If not plenty 1TB mobile 4g sim can be brought
I remember having the same problems. It os a struggle and if I had to again I might just have brough a small 4g router.
Finally found something softether vpn with vpngate plugin works like a charm for me my college uses sofos firewall so you can try downloading it if your uni uses sophos
Use Open Connect it uses https(yes https so even DPI can’t see it) it has clients for windows, linux, android, IOS and when udp is free it switches to a udp for faster speeds. If you use a proxy you NEED to enable tls passtrough or it won’t work and it has OTP, Basic, Radius and Cert auth that can sometimes be combined.
I’ve heard the SoftEther VPN server can be above average in getting connections through in environments that block most VPN protocols, though I haven’t used it myself
Yeah, I got the same case in my dorm, and maybe even worse because there is a dpi and SSL inspection
At first, I am quite happy that tailscale works, and then the next few months get blocked. Tailscale login and dashboard URL that is needed to establish authentication just get blocked. So I set my head scale server and no luck. They block everything related to wireguard, protocol, signature, and everything
And I got a keepsolid VPN because they have a proprietary protocol that obstructs OpenVPN as tls traffic. I guess Psiphon VPN works the same way. Works for a few months and then gets blocked because they just add dpi inspections
For now, a weird (and maybe not secure) VPN called browse works via chrome extension. That’s enough to access popular file sharing (yes, they block Dropbox, google drive, etc). And I guess in the next months they will be blocked.
Does there is a self-hosted VPN or proxy that works via browser extension? Or any way to host my proxy service?
Another way to access my services (nextcloud, guacamole, etc) is to use vps+reverse proxy or cloud flare tunnel. That way I can use guacamole to remote and ssh to my server in my parent’s house
Thanks for your post I can express my rants and findings. I hope we can find an interesting self-hosted solution
VPNs are generally about securing traffic not hiding it, though some will run over port 443 and do their best to get past any blocks by wrapping themselves in TLS.
Whilst technically a proxy, not a VPN (distinction kind of moot), the most successful I’ve used is Shadowsocks with Xray/Cloak via a CDN, which is literally designed as an anti-censorship tool and therefore literally designed to bypass these kind of blocks. Slightly easier to configure would be Alphabet’s Outline which serves a similar purpose.
If it wasn’t for the fact you want nextcloud syncing I’d actually recommend you use a web-based remote desktop tool to work on your home pc. You’d be far less likely to be reprimanded for using that over a VPN IMO.
My old school used to do deep packet inspection and block VPNs. I set up a VPN server in the cloud but found they would kill my connection. So I used the nuclear option.
Installed a stunnel server. Basically, a TLS proxy. I ran it on port 443 which made it indiscernible from a standard HTTPS connection (except for the fact that it was a persistent connection).
Installed OpenVPN on the stunnel terminus sever and and set it to listen on the stunnel output port.
Set my VPN client to connect on the stunnel input port.
So the traffic flow was VPN client → stunnel encrypted tunnel → VPN server. The network firewall never sees the VPN tunnel.
We use this method (although using Azure) at work specifically because it get’s passed our clients various firewalls without our consultants and stuff needing to ask for special firewall rules or anything else like that.
Can also try running ssh on 443 and tcp tunneling over ssh. It’s not the fastest, but it was my remote access for a decade until tailscale. Easy to try.