Jump to content


Photo
- - - - -

Extremely Hostile Network

DNS hostile network ssh timeout

  • Please log in to reply
10 replies to this topic

#1 colleenjoy

colleenjoy

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 16 October 2016 - 01:29 PM

So my girlfriend has recently started her masters in Germany, and her internet provided to her flat is from the University. She wanted a VPN and AirVPN seemed to be the most flexible choice, so we started there.

Right off the bat, it seemed that the network was blocking all VPN traffic (it was impossible to connect to VPN, or even authenticate credentials while on the university network, but tethered to my phone we could connect to the VPN with no problems). It turned out to be even worse than that: even VPN over SSH is resulting in timeout errors, which seems to imply that the network is specifically blocking connections to AirVPNs hosts, as opposed to just VPN traffic (though I'll be the first to admit I'm relatively new to this and might be misdiagnosing).

It turns out that the University actually had her manually set up her network with a self-assigned IP address, gateway, and manually specified DNS servers. I'm sure that's somehow related, but all I could think to try was adding another DNS (which didn't appear to help, but it also seems that the host names are being correctly resolved anyway). Any ideas would be greatly appreciated, I'm rather baffled here.



#2 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2205 posts

Posted 16 October 2016 - 01:37 PM

What about VPN over SSL?

This should work in case the network allows regular browsing to top 100 sites.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#3 mehāniskākaravīrs935

mehāniskākaravīrs935

    Advanced Member

  • Members
  • PipPipPip
  • 146 posts
  • LocationUranus

Posted 16 October 2016 - 03:01 PM

So my girlfriend has recently started her masters in Germany, and her internet provided to her flat is from the University. She wanted a VPN and AirVPN seemed to be the most flexible choice, so we started there.

Right off the bat, it seemed that the network was blocking all VPN traffic (it was impossible to connect to VPN, or even authenticate credentials while on the university network, but tethered to my phone we could connect to the VPN with no problems). It turned out to be even worse than that: even VPN over SSH is resulting in timeout errors, which seems to imply that the network is specifically blocking connections to AirVPNs hosts, as opposed to just VPN traffic (though I'll be the first to admit I'm relatively new to this and might be misdiagnosing).

It turns out that the University actually had her manually set up her network with a self-assigned IP address, gateway, and manually specified DNS servers. I'm sure that's somehow related, but all I could think to try was adding another DNS (which didn't appear to help, but it also seems that the host names are being correctly resolved anyway). Any ideas would be greatly appreciated, I'm rather baffled here.

 

If VPN over SSH isnt working i would try SSL, and also i would reccomend using the latest version of the client under the experimental downloads. I believe the new client supports higher port ranges for SSL and SSH. If they are indeed blocking connections to the AirVPN host i would attempt to use the alternate IP option in the client for SSH and SSL. At your stage i would only attempt SSH and SSL connections as it appears that any attempt to use standard TCP or UDP connections would be futile. 



#4 mehāniskākaravīrs935

mehāniskākaravīrs935

    Advanced Member

  • Members
  • PipPipPip
  • 146 posts
  • LocationUranus

Posted 16 October 2016 - 03:05 PM

One other thing, AirVPN supports Tor over AirVPN, although slower it would be harder to block with the support of obfs4 technology in the Tor browser. If you can get through using Tor then you should be able to use AirVPN over it. When doing this remember to configure Tor to use custom obfs bridges as the public ones are most likely blocked. 



#5 colleenjoy

colleenjoy

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 16 October 2016 - 06:54 PM

If VPN over SSH isnt working i would try SSL, and also i would reccomend using the latest version of the client under the experimental downloads. I believe the new client supports higher port ranges for SSL and SSH. If they are indeed blocking connections to the AirVPN host i would attempt to use the alternate IP option in the client for SSH and SSL. At your stage i would only attempt SSH and SSL connections as it appears that any attempt to use standard TCP or UDP connections would be futile. 

 

SSL doesn't seem to be working either. I just tried the experimental client with the higher ports (for both SSH and SSL) and neither worked. Also, it might be worth noting that I just found that I can't SSH into my server at home on this network either, it seems not impossible that all SSH traffic is being blocked (though that seems insane to me).

 

One other thing, AirVPN supports Tor over AirVPN, although slower it would be harder to block with the support of obfs4 technology in the Tor browser. If you can get through using Tor then you should be able to use AirVPN over it. When doing this remember to configure Tor to use custom obfs bridges as the public ones are most likely blocked. 

 

I don't know much about Tor, do you have any resources for getting started? I'll try this next. Thank you so much for your help!



#6 colleenjoy

colleenjoy

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 16 October 2016 - 07:37 PM

Looked into Tor a bit. Got it installed, it seemed to work perfectly fine on its own, and then tried to connect with AirVPN which promptly failed. Clicking the "Test" button in AirVPN settings returned a "Success" dialog, but then connecting to a server timed out. Also, after a bit of rooting around, it doesn't really seem like Tor is the right solution for what she wants to get out of a VPN (which includes standard internet access like streaming content).



#7 mehāniskākaravīrs935

mehāniskākaravīrs935

    Advanced Member

  • Members
  • PipPipPip
  • 146 posts
  • LocationUranus

Posted 16 October 2016 - 08:01 PM

If VPN over SSH isnt working i would try SSL, and also i would reccomend using the latest version of the client under the experimental downloads. I believe the new client supports higher port ranges for SSL and SSH. If they are indeed blocking connections to the AirVPN host i would attempt to use the alternate IP option in the client for SSH and SSL. At your stage i would only attempt SSH and SSL connections as it appears that any attempt to use standard TCP or UDP connections would be futile. 

 

SSL doesn't seem to be working either. I just tried the experimental client with the higher ports (for both SSH and SSL) and neither worked. Also, it might be worth noting that I just found that I can't SSH into my server at home on this network either, it seems not impossible that all SSH traffic is being blocked (though that seems insane to me).

 

>One other thing, AirVPN supports Tor over AirVPN, although slower it would be harder to block with the support of obfs4 technology in the Tor browser. If you can get through using Tor then you should be able to use AirVPN over it. When doing this remember to configure Tor to use custom obfs bridges as the public ones are most likely blocked. 

 

I don't know much about Tor, do you have any resources for getting started? I'll try this next. Thank you so much for your help!

 

 

This page should give you some basic info on setting it up for Tor.

 

https://airvpn.org/tor/

 

Websites such as Facebook and Google and Airvpn.org all use SSL, if SSL traffic is blocked these sites should be inaccessible. It is possible certain SSL sites could be whitelisted but i cannot know. 

 

May i ask for some logs from your client to see what error it's throwing? That might give a slight indication to whats going on. 

 

Worst case scenario this German University has a complete list of all entry and exit ip's including alternate IP on a blacklist, in which case private obfs bridges in Tor may still yet work.

 

Also, attempt pinging one of the servers, such as "ping pavonis.airvpn.org", if it times out the domain or the ip could be blocked. if it times out try this in cmd instead "ping 149.255.33.154" and let us know if that times out or not. These results could tell us if they have blocked the servers or merely the connection via OpenVPN.

 

PS: Just saw the reply. I understand that she might want to stream and have good speeds etc. But if the network is as hostile as it sounds you might not be able to have it both ways here. If you can only get through on Tor she will have to choose between using the VPN or having the speeds to stream content. Trust and believe that if AirVPN cannot work on this network no other VPN service will, i personally went through several other crappy providers before i got here. 



#8 serenacat

serenacat

    Advanced Member

  • Members
  • PipPipPip
  • 235 posts

Posted 17 October 2016 - 01:13 AM

It might be worthwhile tracking down one of the staff system or network admins and buying them a beer to find out what is going on, and another beer for how to get around it. Or maybe there is some published directive from the social controllers. Or maybe the network admin guys just want everyone to use plaintext so they can check emails and photos etc to find which women to try to chat up or blackmail into favors.



#9 giganerd

giganerd

    I shall have no title

  • Members
  • PipPipPip
  • 2484 posts
  • LocationGermany

Posted 17 October 2016 - 09:41 AM

Which university is that, may I ask?


Always remember:
There's a guide to AirVPN,

Amazon IPs are not dangerous here,
running TOR exits is discouraged,

using spoilers for your logs is the proper way to heaven.
Same issues are rare! Search for solutions and if not successful open your own threads.

~ Furthermore, I propose that your paranoia is to be destroyed. ~

 


#10 altae

altae

    Advanced Member

  • Members
  • PipPipPip
  • 120 posts
  • LocationSwitzerland

Posted 17 October 2016 - 11:17 AM

What about port 80 (TCP)? They cannot really block that one without blocking all internet traffic.



#11 ɹoɹɹǝ

ɹoɹɹǝ

    Advanced Member

  • Members
  • PipPipPip
  • 94 posts

Posted 19 October 2016 - 01:49 PM

Perhaps someone else using the university network used AirVPN before and got the IP's blocked on the network. But try all of the 80/443 connection methods on different servers. For example, if your university is in the US, try connecting to Canada or UK.


"I don't see myself as a hero because what I'm doing is self-interested: I don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity." - Edward Snowden

"The Internet is by the people, for the people." - Kim Dotcom






Similar Topics Collapse


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 13442 - BW: 39273 Mbit/sYour IP: 54.224.11.137Guest Access.