With content blocking and subtle censorship on the rise, VPNs have found a home in many of our lives. On top of that, the ever-growing concerns regarding security on the Internet have users take a great liking to VPNs. A VPN isn’t just a simple tool now but an overall privacy and security product. It is the most favorite of users wanting to bypass restrictions on sites like Netflix and Hulu. It has become a commercial appendage; nonetheless. VPNs have indeed changed the way we see and interact with the Internet.
That’s why it saddens us to bring up the topic of VPN blocking. Simply put, it is a practice of banning VPNs. Countries and major websites around the globe alike block access to VPNs for various reasons, which we will explore further down this article.
What do we mean by VPN Blocking?
The beauty of the Internet is that it’s free, once you have the network equipment. This no longer holds with many entities, from giant conglomerates to the government, trying to censor and control the Internet. Due to this, many users started relying on a VPN to recover their rights for privacy and freedom. It led to the development of VPN blocks that ironically can effortlessly block a VPN, a tool meant to unblock contents on the net.
VPN blocking is a practice that prevents the use of VPN tunnels for communication. Be it with another person, machine, or website. It is a technique that blocks encrypted protocol tunneling. By using VPN blocks as a tool for computer security or internet censorship, your government, ISP, or other private entities can prevent the VPN from bypassing the network firewall.
As several organizations have revamped their attempts at blocking VPNs, how can VPN providers not reply in kind? With sophisticated techniques and out-of-the-box thinking, they have been fighting against VPN blocks. In this article, we will explore the reasons behind VPN blocking; Also, the methods employed to circumvent it.
Popular websites that practice VPN blocking
There are numerous websites and online services that block the access of your VPN. We will discuss only a few noteworthy examples. Which are:
- Hulu —This American streaming service started blocking VPNs in April 2014 in a bid to stop unauthorized access.
- Netflix — The service came under fire when it discovered, in September 2014, that more than two hundred thousand Australians were using its services despite not being available on the continent. It has since practiced VPN blocking, which is in effect to date.
- BBC iPlayer — It started to block VPNs in October 2015.
Countries that promote VPN blocking
Anecdotes related to VPN blocking concerning various governments around the globe.
- May 2011 — Users first discovered problems regarding VPN when trying to connect to foreign websites. The same year, businesses and universities started issuing notices to stop using tools to bypass the national firewall.
- Late 2012 — Several VPN providers claimed their inability to bypass the Great Firewall of China as it became able to “learn, discover and block” various encrypted communication methods.
- In 2017 — ISPs in China were ordered to block individual’s use of VPN by Feb 2018.
- The government started blocking Non-governmental VPN in March 2013, few months before the state elections.
- Official use of VPN led to surveillance and inspection of private data.
- July 2017 — State Duma passed a bill asking ISPs to block websites that offer VPN services.
- The government activated deep packet inspection after the 2011 instigation. The targets were VPN protocols such as L2TP. PPTP and OpenVPN.
- Pakistan asked the VPN providers to register their IPs unless they wanted a blanket ban.
- To prevent its citizens from accessing or using social media platforms, the Turkey government has proposed a bill banning VPN apps in July 2020.
Reasons behind VPN blocking
From your ISP to your government, many entities practice VPN blocking for a myriad of reasons. They can be legal, copyright infringement, security, and as a means to control and direct ideologies, morals, and even economic factors play into considerations. Some reasons are detailed below:
Political reasons/Government censorship
Many governments around the globe practice censorship due to political, moral, or economic reasons although it’s unfair for them to do so. Nonetheless, they carry it out in a bid to retain certain information from reaching the public sphere. Such governments can be very strict in imposing policies forthright banning VPNs or blocking access to it.
Internet censorship is indeed prevalent amongst a few notorious countries like China, UAE, Iran, Russia. However, it has come to attention that this practice is an uptrend in certain first-world countries like the USA and UK taking the lead.
A government can, for various reasons, block users from accessing specific content on the Internet. They are even banning or blocking VPNs so that the general users may not have a way around the issue.
Copyright & Economic reasons
The copyright issue has its share of the limelight due to torrents. Sometimes people use a VPN to gain access to blocked content. They then download and distribute said content via superfluous channels. Not only is this a moral dilemma, but it costs the production companies a lot of money.
This is the reason they have long since started practicing the art of VPN blocking. With a VPN blocker in place, copyright holders can remain assured that their content will not be misused or fall victim to illicit dissemination.
Streaming location restrictions
Streaming platforms restrict their services by geographical factors. Why? Because hosting TV shows and movies on their platform require licenses. Therefore, it requires money. A streaming platform can thus host certain shows in a particular area/country for which they acquired a license.
When you use a VPN to bypass these geo-restrictions, the streaming platform and the content creator lose money. That’s why they employ VPN blockers to aid in curbing VPN access.
Schools and workplaces have network firewalls as they do not want users accessing certain websites on-premises during work/study. A VPN can achieve this; hence, they block VPNs.
Using a VPN to access illegal material doesn’t make the process legal. An example is online gambling. Certain countries have deemed gambling illegal. If a user relies on a VPN, he can still easily access such sites. To thoughtfully prevent such cases, many organizations practice VPN blocking.
Many financial websites (like a banking website) employ VPN blocking in fear of fraudulent cases. A site that deals in monetary transactions doesn’t allow anyone to access its services while connected to a VPN.
Some ISPs also use VPN blockers. VPNs can, in rare cases, help with ISP throttling issues. As such, an ISP doesn’t want people using VPNs to circumvent its attempt at throttling. Also, in several cases, ISPs are under an official directive to curb VPN access.
Types of VPN blocking
The advent of technology isn’t limited to tools that aid a user in his daily online activities. There are remarkable latest developments in the field of surveillance and online monitoring. When a user relies on a VPN to ensure his privacy online, numerous countermeasures are already in place, ensuring it doesn’t become a reality.
Some prevalent VPN blocking technologies are as follows:
Your IP (Internet Protocol) address is a unique modifier associated with every single Internet accessing device. As such, websites can recognize and trace you via your IP. A VPN masks your real IP and spoofs it from remote servers. So, that anyone tracing the traffic will only encounter the VPN server’s IP.
IP blocking is when organizations collect and maintain a library of confirmed and suspected IP addresses associated with VPNs. Which they then block access to said IP. Sometimes websites also take heed of unusual and heavy traffic from a particular IP address. It leads them to believe the IP’s association with VPN services.
IP blocking is one of the simplest and easiest VPN blocking methods available. It is popular amongst online streaming platforms and considered a shallow packet inspection (SPI) technique quite the opposite of DPI.
Another Shallow packet inspection technique is port blocking. VPN tunnels use security protocols like PPTP, L2TP, IPsec, OpenVPN, WireGuard, etc., to establish a connection across devices. These protocols use ports to send traffic to and from the network. For example, if you use a VPN with OpenVPN, it will send data via port 1194.
What an anti-VPN firewall does is block any encrypted data from such ports that support VPN protocols. This method may not be as popular as IP blocking, but it gets the job done.
Deep Packet Inspection (DPI)
DPI is one of the most advanced methods used in VPN blocking, although mainly by governments or ISPs. Deep Packet Inspection does not look at the flow of traffic. It doesn’t care for where the data is coming from or where it is going. It monitors the nature of the traffic itself.
You should know that any data travels on the internet in the form of packets. And each of these packets has two parts: a header and payload. What a DPI does is that it detects and examines the header as well as analyzes the payload. Protocols may encrypt data, but that encryption itself has a unique cryptography signature.
Take OpenVPN, for example. It uses SSL like any other HTTPS traffic, but the unique cryptography signature of the VPN protocol is easily recognizable. That’s why OpenVPN is commonly blocked when organizations employ DPI. As major VPN providers rely on OpenVPN, a DPI can render most VPNs useless as they can not bypass it.
Blocking VPN based on the GPS sensor is another advanced method. It relies on the location of the device and looks for inconsistencies between your server location and your device’s GPS. Lots of VPNs scramble your IP but don’t heed the GPS. Ergo, once there’s a difference in your GPS position and originating IP, they’ll block your traffic.
QoS filtering is a somewhat new approach to VPN blocking. It slows down traffic to force a time-out, thus effectively rending a VPN moot.
How to circumvent VPN blocking? (by using VPNs)
We can not underestimate the VPN providers of today. Since the inception of VPN blocking, they have found several unique ways to fool such technologies and circumvent said blocks. They rely on ingenuine methods and unconventional technologies to do so.
Given below are some simple tricks you can employ to block VPN blockers:
This one is a no-brainer. Simply switching servers (and getting lucky) can deal with a couple of VPN blocking techniques. Although, this can work only if the provider has good server density and location around the globe.
If this method doesn’t work, maybe it’s time you switch your VPN provider. However, take note that this method can only redeem you against shallow packet inspections.
An obfuscated server can hide the fact that a user is using a VPN. Also known as stealth VPN, it is an advanced feature that only the leading VPNs offer. When you turn this feature on, the VPN connects you to an obfuscated server (turning Stealth mode or stealth protocol on). It will then scramble your internet traffic entirely, making it look like an ordinary one. An obfuscated server can easily circumvent almost every VPN blocking method available right now, be it SPI or DPI.
This method not only masks and hides your VPN traffic by removing any identifying metadata, but it also doesn’t leave behind any digital signature. It adds a separate layer of security to your VPN as it hides your browser traffic on top of your VPN traffic.
Although an obfuscated server can bypass even the most sophisticated and advanced firewalls, the downside is that it reduces your internet speed by a noticeable margin. However, this can be a price worth paying when you are in a restricted area.
Dedicated IP address/Custom VPN servers
A dedicated IP from your VPN provider can deal with SPI as this IP won’t end on any blacklists. A custom server also works as a dedicated IP.
It is another simple way to overcome some particular VPN blocking. But at the same time, it can be tricky as not every VPN provider allows users to change ports. Most high-priced VPNs change ports automatically to deal with SPI. Some even provide an option for users to change it manually. However, for a tech-savvy user, you can manually switch ports without depending on a VPN provider.
Although this is, by far, a simple method, one has to be prudent in his approach as once discovered; an admin can block each port you use one by one.
The best ports to switch into are:
- Port 443 — Whenever you access a sensitive website (like a banking gateway), the internet switches you over to port 443. This port is seldom blocked as it is mandatory for online transactions. This port can also render typical DPI useless (unless it is a powerful and intelligent one).
- Port 80 — This port is used by HTTP, which runs almost every website. If you change your VPN to this port, chances are you may go unblocked as port 80 is never blocked. However, a DPI can easily pick you up on this port, separate, and lock you out.
Just like ports, some protocols are also on several blacklists. Thus, switching protocols may sometimes help you bypass VPN blocks. Changing protocols is very easy, and almost every VPN on the market provides an option for you to do so. It can deal with DPI effortlessly. However, keep in mind that you switching your protocols is what ISPs and governments want. As some protocols have weaker security, there is a chance of leaks that are traceable. Thus, in the face of VPN blocking techniques, such as DPI, if you select the option of switching protocols, change into one of the more secure ones like SSTP or WireGuard.
- SSTP — Very efficient but not supported by the majority of VPN providers. It uses port 443 by default.
- WireGuard — Latest in VPN technology, WireGuard is a very secure state-of-the-art protocol.
Note — Generally, OpenVPN is a highly recommended protocol, but for the sake of bypassing VPN blocks, we’d say avoid OpenVPN as most VPN blocking technologies target OpenVPN.
Switch to mobile data
Not exactly a game-changer, but highly effective when dealing with a network dedicated to blocking VPN access. Believe it or not, sometimes the VPN blocking happens only on a dedicated network. One can easily circumvent it by simply using their internet connection like mobile data.
This kind of blocking happens in schools and workplaces and is only limited to WiFi.
Freedom on the Internet has long since become a hollow dream. With Internet censorship on the rise, a VPN is one of the crucial tools to aid users in their journey towards freedom on the internet. As such, VPN blocking can never be an acceptable practice. We recommend using the prior mentioned methods to bypass VPN blocking.