this post was submitted on 18 Jul 2024
9 points (90.9% liked)
networking
2805 readers
1 users here now
Community for discussing enterprise networks and the ensuing chaos that comes after inheriting or building one.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Your work is likely blocking the domains they use for authentication, but once you're registered and got the peer IP and port, once you're back on WiFi the corporate firewall doesn't catch that.
A lot of VPNs just log in over an HTTPS API which isn't exactly stealthy.
Thanks for the insight, any way of bypassing this block?
Apart from automating the quick hop to LTE to turn it on, not really.
Some VPNs stack two VPNs together, one that's just to get on their network and the other being the real one. It helps a bit.
Although the ones that care about evading firewalls are typically not bargain bin VPNs like AirVPN and IVPN, and typically don't use WireGuard because it's terrible at hiding. It's very good, very secure and very performant, but it also doesn't try to masquerade as just another website or some form of TLS protocol over port 443. The serious ones have things like WebSockets, ShadowSocks, meek, and whatever one works on China today. But do you really need that much? It's usually the kind of stuff where you have to make a choice between performance and bypassing most firewalls.
Sometimes OpenVPN will go through, because it can do that so if the firewall isn't too smart it will miss it. But if WireGuard works by just authenticating over LTE, eh, worth it.
(And even then, if I was in charge of corporate IT and had to lock down the network to prevent exfiltration, you wouldn't get any VPN past me, because I wouldn't care about collateral I can just allowlist as it comes up. That's a tradeoff places like Russia and China can't quite afford.)
Thank you for the answer. I tried as well to do the same using open VPN protocol but after I drop LTE it disconnect.