How would you solve ISPs blocking VPNs?

I was having a wireguard server hosted (and working well for about 1.5 years)over home internet thru Bell Canada, which “suddenly” stopped yesterday. Since using VPN to work was important for me, I researched and figured out they had blocked traffic on port 51820.
I tried to change IP, but again the same behavior. This happened at the same time for me and 4-5 other people in my vicinity.

I then tried wireguard on port 443, which again didn’t work.
Finally openvpn over 443 was working, and I have been using.

Since many other people are using Wireguard on same internet provider, I don’t understand why only my wireguard was blocked, and what can I do to prevent this from happening in future?
Given that Canada is a liberal country and VPNs are 100% legal, could this be because ISPs want me to purchase a higher service tier?

Could we use obfuscation in any way to ensure that this does not happen again ?

Have you tried putting the isp router into modem mode and spoofing the isp mac address to the glinet?

Did you use TCP 443 port (not UDP) and were there any error messages in the System Log? If OpenVPN works on TCP 443, then WireGuard should also work.

EDIT: I just remembered that WireGuard only uses UDP and not TCP.

Please post the System Log. Is the client not able to connect to the WireGuard server, or is it able to connect to the WireGuard server, but you cannot reach the Internet? If it is able to connect, try a test to open in case there is a DNS issue.

EDIT: Did you also post the same issue on Reddit? That post stated that the client is still able to “connect” to home VPN server, but there is NO internet on the client side.

I do not work for and I am not directly associated with GL.iNet

Seems that block udp

Actually I didn’t cause it may not be a permanent solution, I gathered. If ISP is implementing DPI, they might do it on the new MAC address.
Also I wasn’t sure of the legality of MAC spoofing.

Regardless, I guess my goal is simple - I want to defeat DPI using something like obfsproxy or stunnel, so that I don’t get a surprise that my VPN was blocked while I am in another country.

I am a little bit confused on this one actually. Wireguard can easily be inspected by DPI and blocked but OPENVPN is ,less obvious to ISPs. That is the reality I am living by lol

The client is able to reach and connect to the wireguard server. ITs like handshake is happening,
but post that there is no INTERNET. What could the reason?
Okay let me try this DNS and update here.

I am not sure where I can read this from. I am using the older 3 version, not upgraded to 4 version just yet. I have a beryl.

Okay, but are they blocking all UDP communications, or just the traffic that is doing WIREGUARD, I wonder.

If you can reach and connect to your home WireGuard server, then UDP 51820 is not being blocked because that port is only for the inbound connection to the router.

Internet access from the WireGuard server on the router would go out on outbound ports (e.g., TCP 443 for https), which would not be blocked by Bell Canada. If you can open, then the Internet is accessible, but there may be a DNS issue not resolving domain names. It may also be a firewall/routing issue.

You can get the System Log from the route on Firmware 3, you can either:

Log into LuCI, go to Status → System Log and copy&paste the output
Log into SSH and run the logread command and copy&paste the output

1 Like