hi guy i haven’t ported in … well a looong time i was just wondering if any one had any idea on how to do something better then i did it
so the reason i came to work on this is most free wifi around where i live have a lot of restriction
a. they block ports 53, 1194 - 1197 and maybe a few more
b. they block all known ip and webpage for vpn providers
i needed to circumvent this limitation
so on my pfsense box at home i setup PIA vpn client
then i setup openvpn server over port 25 (i couldn’t use port i would normally use so i decided to use smtp as it isn’t blocked for obvious reasons)
i didn’t want the vpn to have access to my internal network just send it right back out the pia pipe, while my normal home network use my regular isp gateway
the thing is it’s working perfectly now from anywhere (weirdly even my internal wifi can connect to the vpn using my gateway public ip and then going back out the pia pipe afterward)
the main drawback with the way i did things is that in the process i had to sacrifice a physical interface
i had to set an override from the vpn server to access the disconnected sacrificial interface with dhcp unable, a default gateway pointing at the pia pipe and dns set to the sacrificial interface ip
last had to setup nat mapping from the vpn ip range to the pia pipe
this seams a lot more convoluted that it needs to be …
if what your saying is to use the app alternate port option (80,110,443) this will not help as not only the port is block the ip is also block
you can not ping any pia server(out of them 10 i tryed 0 suceeded)
you can not resolve www.privateinternetaccess.com (edit: i also tried expressvpn, nordvpn and tunnelbear url just for the heck of it they are also blocked)
you can not easily resolve a different dns server as port 53 is also blocked
Ahh, so they block PIA IPs, not only non-standard ports, gotcha.
Are you sure they’re blocked on port 443? Perhaps your network only blocks ICMP and their DNS. VPN providers have a ton of IPs, so it would be a lot of work to keep up with them. Netflix does it of course, but it would be difficult for a college or workplace.
as far as i can tell short of going in with a kali linux and poke around yes they have a pretty extensive blocking list
icmp seams to be working, for example i can connect my phone use fing to scan the whole network, from that i can tell they don’t use client isolation, they don’t block access to other subnet in there network but they control your flow to the internet it’s a little weirdbut they probably just farm user data making it worth the effort…
the other thing i didn’t figure out how to fix is when the connection is bridge in pfsense the dns request are all sent to my house pi-hole, before going out the pia pipe rather then using the pia dns overall not a huge problem but still technically a dns leakage issue