All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPN blocked on my school Wi-Fi — I’ve tried everything, nothing works
tulepera33
Member
Hey everyone, I’m having a problem with my school Wi-Fi that completely blocks any kind of VPN traffic.
I’ve tried almost every method I could find: OpenVPN (from VPNBook with UDP25000, UDP53, TCP443, TCP80), WireGuard, Outline, Psiphon, and WARP by Cloudflare. In all cases, the VPN connects successfully — but once it does, the Wi-Fi stops working. No apps or websites load at all.
I also tested manual DNS changes (1.1.1.1, 8.8.8.8, etc.), but that didn’t help either.
When using WARP, the “1.1.1.1” mode (DNS only) works fine, but the full VPN mode doesn’t. So it’s clear the firewall is blocking encrypted VPN traffic entirely, probably through deep packet inspection (DPI).
I’ve also tried Psiphon Pro and Outline, which can connect at the same time as Wi-Fi, but again — no traffic goes through once connected.
So far, nothing has worked.
It seems my school’s network allows only HTTPS traffic and blocks anything that looks like a tunnel.
Does anyone know of a method, proxy, or tool that can bypass this kind of restriction? I’m open to advanced configurations or stealth protocols, as long as they can work on iPhone.
Any help or ideas would be super appreciated 🙏
Comments
i wonder where you live 😆
my school same have same issue
https://github.com/XTLS/Xray-core is your solution. It can mimic https traffic to large (or specific) websites. See readme/docs.
There are some protocols usually used to bypass restrictive firewalls - xray, vless, vmess, trojan. Most of them work by mimicking HTTPS encrypted traffic coming to some remote server.
There is a 3x-ui panel used to automatically install them on a VPS and then connect to it from an app (pretty sure there such on iOS too). It is usually used in more restrictive countries so expect a lot of chinese documentation/tutorials.
Alternatively, Tor's webtunnel bridge works over HTTPS, but then you have to route all traffic via Tor as well. You can use public bridges for free, no need to set up anything server side.
Also - I think your school may have good reasons to block VPNs. Use a VPN on your private mobile data if you have such possibiltiy. Just to respect their network policies
佛曰:不可说
The school probably uses a transparent proxy, so when you are trying to connect to a VPN, the proxy isn't getting the proper headers and fails to send your data packets, meaning your connection fails.
As many mentioned, fight proxy with proxy. Either use a https proxy like VPN or setup your own web proxy server and connect to it over https.
Are brothers from Iran or brothers from China?
Maybe if he say Ni hao, you will know that he from Iran
Have you tried SSH tunneling?
Generally no one blocks outbound ssh connections.
Really? My experience is the total opposite, everyone blocks ssh.
Why would a school allow outbound ssh? Especially a school that seems to proxy https and even do deep packet inspections.
I've managed quite a few corporate and government firewalls in my days, and any kind of ssh traffic would trigger a considerable amount of alarms in all of them. Ssh is not a protocol that you generally allow except in highly guarded management networks.
https://amnezia.org/self-hosted
try xray protocol maybe
This is a good reminder that I need to enforce SSL Inspection on the Fortigate at the school I work for, cheers.
Second
Perhaps something like this could work? https://github.com/ValdikSS/GoodbyeDPI
Outbound SSH, not incoming.
Please don't get confused.
+1 for Amezia. I currently use the modified wireguard for bypassing ISP level DPI
If I say ssh without stating direction I mean both outbound and inbound.
Again, why would anyone that administers any kind of network serious enough to run a decent firewall allow ssh? Unless you run a $200 "firewall" from Walmart the default has been to deny everything since firewalls were invented.
If I sound confused to you please elaborate on what part of my statement confuses you so that I can clarify.
Not OK at all.
Man I think you should simply ask the school what their policy is before you get yourself in trouble.
But I'm old now.
Because I really don't know what kind of corporate firewalls you maintained, that asked you to restrict outbound ssh.
Outbound ssh are not blocked in most, because without it external servers cannot be accessed.
In fact, I have yet to see a corporate where they blocked ssh port till date, and I have worked for top 10 software companies in the world, across their multiple regions, two of them being top 3 antivirus/spamware company.
Please don't spread misinformation.
Basically none, because it is restricted by default. The correct question would be "that asked you to allow outbound ssh".
Which is the whole idea. 99.9% of corporate users do not need access to external servers, especially via ssh. They do not even know what ssh is.
I find it highly unlikely that any top antivirus or spamware company would allow unfiltered ssh to everywhere in the world, that is just absurd.
Top companies in the world implies thousands or even tens of thousands of employees, to allow every one of them to ssh everywhere would be tremendously stupid, there is no way any administrator on that level would do that.
Well either you are too smart, or the admin team from both (out of top 3) antivirus companies were too dumb, that they allowed it?
You know which side I would bet on.
You're both pretty.
Did you try TOR ? You can try connecting with or without a bridge, you should be able to connect fine. http://www.torproject.org @tulepera33
Mobile hotspot.
AKA: Just don't use their wifi. Other options mentioned will probably work, at least until they don't, and they'll be slow.
If you can get a cell signal, I'd not even bother connecting to their network. Just mobile data + normal VPN.
God where the hell is this school....
I would recommend you to just use mobile data, don't mess with school policies when they are this serious about blocking, they will not take attempts to bypass it lightly.
Transparent proxies require TLS MITM which is pretty unlikely for personal devices. That being said it’s likely just a strict DPI firewall that only allows TLS traffic through, and blocks known TLS VPN protocols like OpenVPN.
No shit. Everyone would understand he's talking outbound. He's at the school. How would someone SSH into a NATd school network? FFS.
You're inexperienced. Any sort of locked down environment has ssh blocked. A corporate environment typically won't unless they have trade secrets to protect. In every single manufacturing environment I've worked in, it's locked down like a motherfucker. Our corporate network requires a trusted service that registers your IP to even get through the firewall and connect to our servers.
You also might work for Mickey Mouse companies with incompetent support or had nothing of value.
Maybe you were the guinea pig for their honeypots. Otherwise, name and shame incompetent antivirus company.
you can use Trojan https
maybe wireguard port 123 works