1

Well I have spent last 48 hours trying to debug this but I'm about to give up now.

Mobile carrier in our country has a daily social bundle in which we can use ONLY whatsapp, facebook and snapchat & twitter unlimited.

All other domains and IPs are in accessible on this package. This means they have some kind of firewall or URL filtering which only allows these specifics URLs.

But there is a paid android VPN which can connects successfully through their firewall.

So I configured my own OpenVPN server but it is unable to connect to target VPN server on this package. I cannot ping the IP from their firewall.

Normally my openvpn works like a charm on wifi & other data bundles which don't have such firewall.

So my question is how this other paid VPN is able to bypass the ISP firewall in which only domains like whatsapp facebook is allowed.

I think there must be some sort of proxy or firewall hole. How can I find that hole from other VPN? i tried to capture packets from android but cannot see any packets because the packets capturing tools also setup vpn like monitor in android & they cannot capture such packets.

Umar Hayat
  • 13
  • 4
  • other paid VPN says it is using HTTP Connect method. Here is what they say " Lightweight High Speed HTTP Tunnel for Android using HTTP CONNECT Method" – Umar Hayat Oct 27 '17 at 13:09

2 Answers2

0

Analyze the traffic of the other VPN software. Use tcpdump or wireshark or something similar. Don't guess, look.

ptman
  • 27,124
  • 2
  • 26
  • 45
  • The other VPN is android APK. I will try to find rooted Firewall app to trace its initial proxy ping details. Thanks – Umar Hayat Oct 27 '17 at 10:59
  • You don't have to root the app itself, just wireshark the WLANs traffic. WLAN ist WIRELESS, so all packet are in the air. – bjoster Oct 27 '17 at 14:48
  • Yes I found it. I analyzed te traffic via wireshark and found that other VPN was expoliting a firewall hole. I have used that gateway too and now I'm able to connect. – Umar Hayat Oct 31 '17 at 14:51
0

My guess would be that some traffic on port TCP 443 (HTTPS) is allowed. OpenVPN uses UDP:1194 (and a properitary handshake) so it will not work.

Try SSTP (like Microsoft does in its RRAS) or another SSL-Tunneling VPN.

Otherwise follow ptman's answer. You don't have to root the app itself, just wireshark the WLANs traffic.

bjoster
  • 4,423
  • 5
  • 22
  • 32
  • Thanks. I'll try to configure openvpn with TCP 443 and then check. Actually the application is android bases. So isn't SSTP windows only. – Umar Hayat Oct 27 '17 at 12:58
  • That other paid VPN says it is using HTTP Connect method. Here is what they say " Lightweight High Speed HTTP Tunnel for Android using HTTP CONNECT Method" – Umar Hayat Oct 27 '17 at 13:02