My work WiFi blocks WireGuard and OpenVPN connections, which is a huge bummer. I just want to be able to connect to my NAS while I’m at work, but IT doesn’t want to hear that.
At least I can still use IKEv2 with my commercial VPN, so my employer can’t see how much I browse on Lemmy throughout the day.
I may be wrong on how they “detect” VPN traffic but the lazy way would be to block the common “default” ports used by those services. If they are just blocking this port you could change what port you use. While it does come with its own issues as its a common scanned port changing the port to something like 80 or 443 and “look” like normal internet traffic. Might get around their block.
There’s a few ways to “detect” VPN traffic, and you’re missing some but port blocking is one of them. Rerouting over 443 is a possible workaround, but depending on the network architecture they can still detect VPN traffic using deep packet inspection.
Blocking ports is a very simple mechanism to prevent things and it doesn’t take long for a business to grow into IT management that involves more sophisticated methods like DPI.
VPN protocols have distinguishable packet headers/metadata/handshakes/etc. DPI can easily identify and block those, or any other known protocols, if they have it configured to do so.
My work WiFi blocks WireGuard and OpenVPN connections, which is a huge bummer. I just want to be able to connect to my NAS while I’m at work, but IT doesn’t want to hear that.
At least I can still use IKEv2 with my commercial VPN, so my employer can’t see how much I browse on Lemmy throughout the day.
I may be wrong on how they “detect” VPN traffic but the lazy way would be to block the common “default” ports used by those services. If they are just blocking this port you could change what port you use. While it does come with its own issues as its a common scanned port changing the port to something like 80 or 443 and “look” like normal internet traffic. Might get around their block.
There’s a few ways to “detect” VPN traffic, and you’re missing some but port blocking is one of them. Rerouting over 443 is a possible workaround, but depending on the network architecture they can still detect VPN traffic using deep packet inspection.
Blocking ports is a very simple mechanism to prevent things and it doesn’t take long for a business to grow into IT management that involves more sophisticated methods like DPI.
VPN protocols have distinguishable packet headers/metadata/handshakes/etc. DPI can easily identify and block those, or any other known protocols, if they have it configured to do so.
The ones that maintain a whitelist of connections are the hardest to get through