![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Service that works even in coffee shops that block VPNs ?
- Thread starter ng4ever
- Start date
Nicklebon
Gawd
- Joined
- May 22, 2006
- Messages
- 982
Almost all businesses these days will block outbound ipsec completely. Lots of places also block known non-ipsec vpn service endpoints. This is the great advantage of running a self managed ssl/tls based vpn.
Had time to look more. I looked in my firewall and it seems the local db has about 19K IP addresses that would be blocked by proxy avoidance or vpn blocking. I have no easy way to get a list of what the cloud categorization service has other than it is much larger than the local db. In the end it is a cat and mouse game as services add and remove endpoints frequently. Again self hosting is a MUCH better choice.
Had time to look more. I looked in my firewall and it seems the local db has about 19K IP addresses that would be blocked by proxy avoidance or vpn blocking. I have no easy way to get a list of what the cloud categorization service has other than it is much larger than the local db. In the end it is a cat and mouse game as services add and remove endpoints frequently. Again self hosting is a MUCH better choice.
Last edited:
Agreed with self-hosting--always best to tunnel back into home base versus some service that's basically a wormhole that puts you into some other area of cyberspace and that's it. It's like the improbability drive (for those Hitchhiker fans out there 
)...
)...The answer depends on why you want VPN. Download torrents and such from a typical VPN provider? Not much you can do and you probably shouldn't be doing that from Starbucks anyway.
Want a VPN just to "get off" the public WiFi and encrypt your data? Self-host something. Cisco AnyConnect uses DTLS and OpenVPN uses udp/1194 by default, but it can be changed.
Banking.
SSL is not enough?
Nicklebon
Gawd
- Joined
- May 22, 2006
- Messages
- 982
Since the stated goal is to not be blocked it would be best not use dtls which is basically tls over udp. TLS running over tcp 443 would be best option for success.
Nicklebon
Gawd
- Joined
- May 22, 2006
- Messages
- 982
Banking on a mobile device is already bad enough. A mobile device on a public network?? Remember, you're one bad cert away from being owned and a vpn will not help that. FWIW I bank from a dedicated device that only does such things. Years ago I had a coworker that would be in a coffee shop twice a week while her kid had appointments. To relieve boredom she would run a wifi pineapple and spoofed the shop's AP. Most users would accept her certs while browsing which allowed her to watch what they browsed. Fortunately she was just bored not malevolent.
MrGuvernment
Fully [H]
- Joined
- Aug 3, 2004
- Messages
- 21,812
Yup,exactly, it is that easy.
ng4ever a VPN does nothing more to protect, SSL is more than enough. And as noted above, banking on a mobile device (which has no AV or other real forms of protection and people install boat loads of random crap apps they should not) a VPN is the least of your concerns.
Instead just use your cell data if you have to bank. sure you can afford the couple mb of data that may use.
I do use cell data always.