VPN Articles and News

Can A VPN Be Blocked?

Tuesday, May 30th, 2017

In the last few years, Virtual Private Networks have become the defacto standard for bypassing all forms of restrictions and censorship on the web. Nowadays, VPNs are being used by corporates for security reasons; by expats and business travelers to access geographically blocked streaming content; by mobile users to remain secure from hackers while using Wi-Fi networks as well as by the citizens of repressive regimes (where access to internet remains tightly controlled) to bypass censorship and surveillance.

Since the use of VPNs enables bypassing of restrictions set by governments and corporations, these entities have started taking measures to block encrypted communications made possible by VPNs. These days governments, ISPs, educational institutions and big corporations are using one or more of the following techniques to block the use of VPNs.

1) Port Blocking – This refers to the technique where ISPs or network administrators block VPN traffic by blocking specific ports. Since VPN protocols carry network packets via specific ports, port blocking is an effective way of blocking the use of VPNs. In particular, this method works well against VPNs which make use of PPTP or L2TP protocols. Since these two protocols route traffic via specific protocols (TCP port 1723 and 1701 respectively), that are far easier to block. However, this method is largely ineffective against OpenVPN and SSTP protocols since these carry traffic via TCP port 443; the same port which is used for HTTPS traffic. Some VPN providers have started offering a choice of ports to their customers to get around port blocking.

2) IP Blocking – This method involves blocking traffic from IP addresses which are known to belong to VPN service providers. Since VPN companies typically own a pool of IPs, governments as well as companies like Netflix can simply add those IPs to their blacklist. However, since there are hundreds of VPN providers and established VPN companies keep adding new servers and IPs, the method cannot block VPN traffic in totality. In particular, the method may not work against IP addresses belonging to small VPN companies since they not widely known and their customer base is small.

3) Deep Packet Inspection – This blocking method involves inspection of network packets in order to understand the type of data contained within them. This method is being used by governments (such as the government of China) to identify VPN traffic as well as by companies who want to safeguard their corporate secrets. However, it is possible to bypass this mode of inspection by using more secure protocols (such as OpenVPN) as well as by scrambling metadata of the underlying traffic.

While it is certainly possible to block VPN traffic, there are always workarounds available. Many governments (including those of China, Iran and UAE) have declared the use of VPNs illegal but a large percentage of population residing in these countries are still using them to bypass censorship and access restricted content. So it can be safely said that currently there is no foolproof method which can block VPN traffic altogether.

May 30, 2017

Leave a Reply

Your email address will not be published. Required fields are marked *

2 + 9 =