Helping a friend - I use gl.inet beryl router in a university setting to connect to my OpenVPN server at home. WireGuard seems blocked so OpenVPN is only option. Games are blocked so I use OpenVPN to get around the block. Been doing this for several years. Lately, seems university network equipment has gotten a lot better. They keep blocking ports I use for OpenVPN. So far, I’ve changed port 4 times and it works for 2 days before they block it. Is there anything I can do? Can I run vpn on port 443? Doesn’t seem easily doable with gl.inet.
Pretty sure they will block OpenVPN protocol and not the port directly. So I would doubt that changing to TCP/443 will solve the issue for real.
Maybe ZeroTier or Tailscale could be a solution.
I and others have numerous times requested that GL iNet allow the GUI port to be moved and allow ports 80 and 443 to be used for VPNs, as some sites limit outgoing traffic to just these two ports. These requests have fallen on deaf ears.
On your OpenVPN testing, are you using UDP or TCP? I have found that TCP is less likely to be blocked. You may want to try OpenVPN using TCP on port 8080, as it is a standard alternative HTTP port.
There are multiple obfuscated VPN protocols, including Shadowsocks, Amnezia, SoftEther, V2Ray, and others that can bypass deep packet inspection. GL iNet seems reluctant to provide any of these, and there have been indications that, as a Hong Kong-based company, they do not wish to support these protocols.
For speed, I normally use WireGuard as my VPN protocol, but when I get blocked, I use SoftEther on port 443. SoftEther is an open-source project out of Japan. They do some cool tricks to make their native VPN protocol look just like web traffic. Unfortunately, to use it, you will probably have to use generic OpenWrt or other Linux distributions.
1 Like
As @admon points out, they can block it if the network is using network attached packet analyzers. Those devices can distinguish that the encrypted traffic is not using HTTPS (SSL) encryption so they could block it if it isn’t.
Anyway, I was able to do it on two gl.inet devices running version 4.1 firmware before upgrading one of the devices to gl.inet firmware version 4.5 which now has the settings available in the GUI to change the Web GUI TCP/443 port so that TCP/443 could be used on the OpenVPN server instead. Check out the below thread for setting the OpenVPN TCP port manually on gl.inet firmware versions before version 4.5 to see if it’ll work on your router.
1 Like