If you’re reading this FAQ, you’re probably aware of the multitude of risks to your online privacy and safety—which is why you’re thinking about using a VPN in the first place. Many active and potential VPN users are impressed by the idea of VPN security and privacy technology.
Hopefully you’ve read the rest of our FAQ section, which details all the ways VPNs protect you online— and why they are such a useful tool for keeping hackers and government spies away from your important data and browsing history.
This all sounds great, but are there drawbacks— like organizations being able to block VPN signals?
Can Some ISPs or Companies Block a VPN?
In some cases, yes.
There are several controlled environments like the workplace, a church, school, wireless café or library where the IT administrator can attempt to block VPNs with firewalls so they know members of the public aren’t accessing any content they philosophically disagree with.
Obviously, these firewalls make legitimate sense for certain environments. Universities don’t want bored students torrenting copyrighted movies, nor does a workplace want employees wasting time on social media or watching offensive content on their servers. Not to mention, if a few customers used a coffee shop’s public WIFI to downloaded large files, then the shop’s WIFI speed would slow to a crawl, and other users wouldn’t be able to enjoy Internet connections.
Commercially, there are good reasons to block VPNs— namely, profit. Streaming services like Hulu and Netflix have attempted to regionally block certain content they want consumed only by American audiences, but for many who travel or live abroad and want to enjoy such content, they have been able to find certain loopholes.
Many Internet Service Providers dislike VPNs because they want to be able to collect and sell your browsing history and other data to marketers and advertisers.
Of course, there are also more authoritarian countries like China and Saudi Arabia that attempt to ban ALL VPN signals to prevent their citizens from viewing content they deem objectionable—whether it be uncensored journalism or pornographic material—or anything in between. China has been somewhat successful in blocking VPN access its national boundaries, but several VPNs have found ways around their firewalls.
How Are They Able to Block a VPN?
When successful, an organization or government blocks a given VPN’s security protocol technology, like the outdated “PPTP” tunneling protocol. Companies can write a script that blocks the ports used by PTPP and thus the VPN has no ports to tunnel through over that connection.
A second blocking method is a sweeping ban of IP addresses associated with the best-known VPN companies. Sometimes this means a company or government blocks IP addresses that shouldn’t be blocked, but they opt for overkill rather than risk letting anyone see content they forbid. In cases like China, they attempt to ban any IP addresses sourced from servers outside of China, which is more successful than just banning certain ports.
How Can Users Bypass these Firewalls?
Imagine a scenario where a GM dealership didn’t want any Mercedes cars to enter their gated parking lots. They could design an advanced camera recognition software that recognized the Mercedes hood ornament design, and deny entry to any cars found to have that symbol.
However, there are VPN signatures that obfuscate any tell-tale signs of VPN IP addresses. Continuing the analogy, this would be like a Mercedes that covers up any hood ornaments— or other identifying symbols that suggest it is a Mercedes—which means GM’s security camera won’t flag them, and the car is able to bypass the gates.
Circumventing firewalls that block VPNs can be done, but first you should ask yourself whether doing so would (a). break any local laws or (b). violate consumer terms of service or workplace regulations that you agreed to contractually.
If you are comfortable that your VPN activity would be legal and ethical, you can try the following methods:
- Use a VPN that supports OpenVPN technology. This tech prevents the VPN’s associated IP addresses from properly identified by an ISP or IT administrator, and thus won’t be blocked as a potential VPN signal.
- Ask your VPN provider how to configure your VPN to use Port 443, which will mask your VPN identity and simply make it look like you are accessing secure websites like bank accounts or government websites.
- Use a VPN that has built-in “stealth” technology that obscures the security packet information so that firewalls don’t recognize and block it.
- If all else fails, try running your VPN through a Tor browser, which will give you total anonymity and should prevent any technology from being able to block your VPN’s addresses and ports. To read more about VPN vs. Tor, please read our FAQ explainer.
- NordVPN vs ExpressVPN (2019): Which One Wins?
- SurfEasy VPN Review (2019): Is It a Steal?
- Celo VPN Review (2019): Is it Good Enough?
- SpyOFF VPN Review (2019): Worth It or Not?
- The Congressional Hearing on Privacy & Technology on March 1, 2016: Records & Testimonies