Hey reddit, so as you all remember, school internet sucks, they block everything and anything within a week max. Now this is what started this whole internet sinkhole. Not only do I want to access all of my home LAN network, like nas, servers and game servers, I also want to browse reddit and play some tetris too. I need help, I have a wireguard vpn server running on a raspberry pi which I might upgrade soon, but I also read that some paid vpns use obfuscated servers. Is is possible to run a obfuscated server at my house so I can bypass the stupid firewall? Or for the more experienced users, what are your setups looking like and also what tips do you offer?
What exactly your school is blocking? VPN traffic or the whole internet? If the internet works just fine you can take a look at v2ray and use it as a proxy or hide your VPN tunnel inside the v2ray.
If they are specifically watching you it’s going to be hard. I suspect they’ll have all vpn traffic locked down.
What might work us to setup an http proxy (squid or tiny proxy are ones I’ve used). Then set your browser to use that proxy and all browser traffic will go through the proxy. To the school it will just look like http traffic, but if they are watching they might kill it because you’re sending lots of traffic there.
You could try see if Tailscale works. If you can connect your Pi and computer to it you can setup the Pi as an exit node and route all your traffic though it as if you were browsing at home. You can put all the services you host at home in your Tailscale network so you can access them as well.
Have a look at udp2raw. It hides you WireGuard udp VPN traffic in an encrypted TCP channel.
What I’ve done is run OpenVPN on my pihole(pivpn) on tcp port 443, and set the config to pass through non-vpn data to my proxy to access my services at home. Then as long as I have my IP or a hostname to look it up by, I can connect.
The performance won’t be as good as wireguard is, but that was blocked too from where I connect.
You can try running wireguard on port 80 or 443, no need to get any ports other unblocked.
In the worst case try wireguard on some public cloud server. They can not rally block encrypted traffic on 443 to a aws/digital ocian/etc server, this could be anything.
And I doubt they do some fancy deep package inspection to scan for VPN-looking traffic on 443.
Need more info. What happens when you activate your vpn @ school? What is your wireguard configuration? Do you know what your school blocks?
Here is something I did back when I had the same problem:
I had a school project and I convinced the schools IT department that I need ssh (think of a believable story that fits your case). My argument was git. Since I wanted to use my git server with pub key Auth. A few social engineering minutes later I got port ssh open. Now you can connect to an ssh server of your choice and tunnel all the stuff you need through this server. Just don’t create to much traffic. Watching YouTube allday will raise some flags.
These 2 options will likely get blocked fast BUT it is worth a try:
-
Something like guacamole. You can use a PC at home via vnc in your browser.
-
Also https://www.kasmweb.com/ could be worth a try. You can self host it and it is faster then vnc.
Hey op did anything work?
I work at a school and they blocked VPN access out of the network as of today. Tried both protocols of openvpn and wireguard with private internet access, but no luck with either of them. However I know tailscale uses wireguard but that is actually working for some reason. I know its somehow different but I am connected to my personal machine at home as an exit node and all is good. Is anyone able to elaborate on why tailscale is the work around for this? Because my backup options were an SSH tunnel if not a remote desktop app. I am a Linux user btw.
Encapsulate your VPN traffic in an SSL/TLS tunnel.
Have a look at this discussion from a few years ago about that topic with many possible solutions: https://www.reddit.com/r/homelab/comments/8v4sre/how\_to\_disguise\_vpn\_traffic\_as\_https\_traffic\_over/
If you’re running your own VPN, just change the port to 443 and you’ll be fine. I got busted playing Minecraft (I was running my own server), so I reconfigured it to use 443 and it was never an issue lol.
So glad you asked, my school blocks all VPN traffic plus some “restricted” websites which includes category’s of, adult websites (makes sense), websites that are classified as games, security vulnerabilities, etc… my friend and I are kinda being watched, if we visit a website frequently in one week, in the next week it will be blocked forever for everyone. It sucks.
I’ll check out that v2ray. Thanks!
Interesting, I’ll look at that.
I just posted about this. I am using tailscale in that situation and YES it does work.
Came here to mention this too
So, when I activate my vpn, it says it’s activated. However, it’s really isn’t. My ip is the same as it would be without vpn, everything takes FOREVER to load. It’s weird, I’ll disconnect from the wifi and use cellular, turn on vpn and my ip is the same as my home, and everything loads.
My WireGuard vpn config, is honestly defaulted to whatever it is when you install it in a raspberry pi using pivpn. I am planning on changing the config around, but honestly I don’t know where to start.
Unfortunately not. I just ended up going with a paid VPN service. It’s been working great. Check out Windscribe.
Thanks, I’ll look into that
It’s weird, cause I tried that. However, I learned that our school doesn’t block Windscribe, apparently on stealth mode, and a classmate of mine used port , I think, 8080. I don’t know how it works, but it does.