Bunker Buster VPN: 10 Tips for Effective Web Unblocking With A VPN

Written and curated by Captain Thermobaric
HOME Situation Report Free OpenVPN Configs Status of Circumvention Services Why Use VPNs and Proxies?


Advertisement
Censorship's Grave
How autocrats lost the fight to block your internet.

We earn a commission if you make a purchase, at no additional cost to you.

Update, 04/2015: Save yourself the time and effort of manually configuring your VPN as shown here. Use one of the newer obfuscating and self-configuring VPNs that are shattering censorship barriers. You no longer need to manually pick through server lists, set up obfuscation, and do the tedious task of starting a VPN session. Tools like Psiphon and Bitmask will do it all for you in mere seconds.

The list of VPN user tips geven here have developed out of experience traveling to many countries and using VPN services to maintain connectivity to sites and services in the webmaster's home country. In particular, using the internet in China has been a struggle. Rather than adapt to barriers like the Great Firewall of China, the webmaster has chosen to fight the internet censorship. Suggestions given below are considered effective means of using VPN conventional services in non-permissive environments.

  1. Subscribe to a service with many gateways. If you run your own servers, have them on many IP addresses, and prepared to abandon IPs as they are blocked by the adversary sysadmin / government.
  2. Use ports that are most inconspicuous. Ports 443 and 1194 are well known to carry VPN traffic in addition to their other common uses (SSL and online gaming, respectively), and are often blocked by countries like China or Saudi Arabia.

Here are some common ports with enough traffic to make your presence harder to detect:

PROTOCOLPORTSAPPLICATION
TCP or UDP 6970-6969BitTorrent
TCP993Encrypted IMAP
TCP3389Windows Remote Desktop
UDP123Network Time Protocol
UDP or TCP531, 5190-5193AOL Instant Messenger
UDP666Doom, Online Game
UDP or TCP 749Kerberos Administration
UDP or TCP1503Windows Live Messenger
TCP4664Google Desktop Search
TCP5050Yahoo Messenger
TCP16080MAC OS X Server
TCP19294Google Voice

Other randomly chosen ports between 1025 and 64000 will work as long as your firewall will permit the traffic and the remote server is configured to accept data on that port. Here is a very good list of ports and applications.

  1. Whenever you attempt to access sites with sensitive content, use the VPN. Never go to such pages in the clear, then try the VPN after finding them blocked. That merely gets the attention of traffic analysts and makes denial of access more likely. Some countries will detect this and cut off your access (or worse). Some will send police to visit you.
  2. Use the VPN only whe needed. Deep packet inspection can be used to detect VPN traffic, and when constant usage is found, access is often restricted for the user's IP address. Adversaries can't easily determine what was in the data, but they can choke it off as in item (3) above.
  3. Two hop VPNs sound sophisticated, but offer limited increases in security. For better security, use better encryption and stronger keys. OpenVPN does a very good job with 256 bit Blowfish and 2048 bit RSA keys. Don't expect the NSA to crack your codes during the lifetime of the world.
  4. Don't forget to use a trustworthy DNS server. Google DNS and OpenDNS are great, and there are others as well. Continuing to use the internet service provder's DNS, in countries such as Iran, Syria, or China, will result in denied access.
  5. Avoid VPN services claiming to have their own, special, uncrackable encryption. The largest providers do not make such claims, but smaller companies, offering a cheaper product have been known to make this ridiculous claim. Note that SoftEther and OpenVPN are free and open sourced. They use protocols known to be strong, proven robust through peer review. Why take risks with a proprietary system closed to professional scrutiny?
  6. For highest speed, use a server located near you, for access to the world. For access to systems sensitive to location and IP address (Facebook, Google, banks, etc), stay with one server near the remote system. Sending your internet data packets on long, world spanning round trips will reduce your bandwidth.
  7. For the most secure protection of your internet traffic, use a service with SoftEther or OpenVPN SSL tunneling. As a secondary choice, LT2P is widely used and almost as secure.
  8. Always bear in mind that security and anonymity are two different things. Your VPN provides security between your computer and the distant gateway server. It also provides anonymity to the extent that your traffic enters and exits the internet at a remote IP address and not your actual address. The VPN doesn't time-shift your traffic, nor does it prevent your other software from giving you away. If you publish an expose of your local perverted, cannibalistic, bestial dictator on the internet, please remember to not let your software sign the document with your actual name!
  9. A bonus tip: Use your "hosts" file to directly access blocked websites, by IP address, without the need for DNS lookups. Facebook and many others have SSL secured pages that are difficult to block, since the data is encrypted and resistant to blacklist screening.
SAMPLE HOSTS FILE DATA FOR ACCESSING GOOGLE SERVICES FROM CHINA:

203.208.46.200 apps.google.com
203.208.46.200 books.google.com
203.208.46.206 drive.google.com
203.208.46.206 0.drive.google.com
203.208.46.206 1.drive.google.com
203.208.46.206 2.drive.google.com
203.208.46.206 3.drive.google.com
203.208.46.206 4.drive.google.com
203.208.46.206 5.drive.google.com
203.208.46.200 groups.google.com
203.208.46.200 play.google.com
203.208.46.200 scholar.google.com
203.208.46.149 mail.google.com
203.208.46.146 www.google.com
203.208.41.144 google.com.hk
203.208.41.145 google.com.hk
203.208.46.200 www.youtube.com
203.208.46.200 youtube.com 
  1. Another bonus tip: In countries most hostile to VPNs, consider using additional software to obvuscate or hide the protocol from deep packet inspection. Stunnel and Obfsproxy are effective add-ons which make OpenVPN data packets difficult to detect and isolate. SoftEther VPNs are also coming under sophisticated attacks by Chinese censors and need obfuscation.



© 2015 - 2024 BunkerbusterVPN.com, All Rights Reserved.
About, Contact, Privacy Policy and Affiliate Disclosure, XML Sitemap.

This website is reader-supported. As an Amazon affiliate, I earn from qualifying purchases.