How do VPN's work (and workarounds)?

      Hi,  I was wondering if anyone had a link or would be willing to explain how vpn's work (tunneling, ports, connection to server). Also if anyone has any suggestions on how to get around a network that seems to block ssl forced browsers (puffin, tor (rip-off)) and vpn servers (which "can't connect to server"). I hope to learn more about vpn's and networking, and to be able to use blocked features such as pandora radio and other items banned because of "music" "forums" "security" and other items which are blocked that I find to be overkill.

  Note: i am on an Ipad on the network, so the possibility of downloading tor browser seems to be impossible and If a vpn or tunnel of some sort if possible that would be nice for other apps to run though like the Pandora or soundcloud app which doesn't load.

  also some people also on the network are suggesting looking into finding a vpn specific to which port is open and they believe all the other ports are closed.

   Thanks!

           Wolfe

If VPN servers are blocked on your network, that probably means that whoever setup the network knows that IP belongs to a VPN and blocks it.  Find a less popular VPN and try it out, perhaps?

My networking knowledge is extremely limited, so take this with a grain of salt.

A VPN basically creates a virtual network connection between you and the server. Kind of like of you ran a cable from your computer to the server but instead of using a dedicated cable it uses an existing network (such as the internet) and creates an encrypted tunnel to the server.

So once you're connected you can use the vpn for your internet traffic. It will go through the vpn tunnel and use the gateway on the other end rather than using your local gateway. This means that anyone between you and the vpn server won't be able to see your traffic and it also means that you IP address will be the IP of the vpn server. That's the gist of it anyway.

If you want to connect to a vpn on a network with a strict firewall you can try using one which uses port 443 as this is the same port used by https so it won't be blocked. You'll also probably need to find one which can use TCP instead of UDP because chances are they will only allow TCP 443 and not UDP. But there's not really any guarantee that it will work as I imagine if they really want to block vpn traffic they will find a way.

I'm afraid that I have next to no useful information on iPads what so ever (they are a complete waste of space), but I can still try to explain how VPNs work. I am going to attempt to explain this in a practical sense whilst still going into enough detail that you will be able to understand the theory too. If anyone spots something I got wrong, please tell me.

There is something called an SSH protocol, it's like a remote version of the terminal (linux version of the command line)

If you have ever used SSH, you are already half way there to using a VPN. The SSH protocol supports SSH tunneling (it's where you send packets of data through an SSH connection, in your case web traffic)

By using an SSH tunnel you are sending your traffic between your client and server in a form that a router / firewall cannot understand (it looks nothing like web traffic and the fact that it's all encrypted means even if it could tell what it was, it wouldn't be able to do a damn thing to it)

Imagine that you were to set up a linux box at your home and install PuTTY (an SSH client) onto your laptop / a USB stick

In PuTTY, navigate to Connection > SSH > Tunnels, set the Source port to anything you want (personally i use port 1337), set the destination to Dynamic, and click "Add". Next go session Category, type your server address into the Host Name box. NOTICE: The port number here is typically 22, unless you changed this on your server, leave that on 22, this number should NOT be the same as the one you set in the "Tunnels" tab. All you have to do after this is click Open / Start / what ever it is

Finally, open your browser of choice and set up a proxy in it to localhost (127.0.0.1) on the port you put in the "Tunnels" tab of PuTTY, in my case 1337. You are now successfully running all your internet traffic to and from your browser via your linux server in an encrypted form that any firewall / router will not be able to read

What you have just done is told your browser to run all it's network traffic into PuTTY which will encrypt it and send it off to your linux server which will send it onto the web, unaltered. The full step by stepp process can be seen below:

Without proxy:
1. Web browser (sends a request for a website, this connection has to pass through the networks router / firewall)
2. router / firewall (passes the connection onto the "internet", it's more complected that that but this will do fine for our understanding. The router may be programed to block the traffic if it is trying to access a website your network administrator does not want you to access)
3. Internet (where your desired website resides)

With a proxy:
1. Web browser
2. Proxied to localhost (this effectively runs your browser traffic back into your PC into PuTTY)
3. PuTTY sends it out (PuTTY packages the traffic into it's own fully encrypted packets and sends it on it's way)
4. router / firewall (has no idea what this encrypted traffic is, cannot decrypt it, most likely lets it pass freely)
5. Your linux server (decrypts the SSH traffic and retrieves the web browsers traffic)
6. Internet (The server sends out the traffic onto the web, as it was sent out from your PC)

Potential problems:
- The firewall may have blocked port 22 (if so change it to one that is not blocked)
- The firewall may not allow traffic that it can't read (Very unlikely, would block a lot of traffic and annoy a lot of people)
- The ip address of your server may be blocked (The firewall may not know what the traffic is but it does know whhere it's meant to go. If you IP address has been blacklisted, it will not deliver the packets)

Once again, I have ho idea how you would do this on a tablet (especially one made by apple), but I hope you now have a better understanding of networks and how data is transmitted through them

I spent way too long writing this didn't I