On Wed, Mar 26, 2025 at 10:16:19AM -0400, Stefan Monnier wrote: > > I was once sitting at a $(DAYJOB) where they blocked everything but > > 443 (and 80). I tunneled ssh over socat (with TLS, so that the handshake > > didn't look suspect, in case their firewall sniffed that). > > Reminds me: I have an OpenVPN running on port 443, specifically to > minimize the chances that it's blocked by a firewall. > > Yet, sometimes it *is* blocked (e.g. at the public wifi in the > hospital), presumably because it's not actually using TLS. > [ Funnily enough I can still use SSH from that hospital. ] > > I know there's a fair amount of "work" trying to recognize VPNs to block > them for censorship purposes, but I don't expect the local hospital to > be part of such games. Any idea why OpenVPN-on-TCP/443 would be blocked > while other HTTPS connections work just fine?
No idea. But knowing enough about those "security" departments, the folks doing the job usually don't get a chance to learn but get some firewall "product" shoved down their throats whose buy decision has fallen two (or more) layers up their hierarchy based on some golf course evaluation. But you sure can check TLS connectivity with curl or similar. Or, perhaps they have a target address whitelist (I've seen *that*, too). Or something. Call me cynic, if you want ;-) Cheers -- t
signature.asc
Description: PGP signature
