I used a setup script for Libre Swan that I found online and it worked fine on my phone. Then when I tried it at my school it was blocked. I did some research and found that SSL VPNs are very hard to block but they mostly need apps. Is there any way I can do this without an app
If your school won’t block IKEv2, IPsec or L2TP then you can set up an iOS-native VPN. SoftEther may be a user-friendly solution to start with, and it supports IPsec and L2TP.
Otherwise you need an app - to provide the components that iOS will utilize to use the VPN protocol. A VPN app on iOS is mostly a container for these components. The app itself is just a GUI for easy setup; the routing is done by iOS itself.
What’s the problem with installing an app? Wireguard app is very lightweight, and the vpn connection itself is VERY hard to block (afaik)…
Nope. Ios built in vpn options are extremely limited and ancient protocols that are easy to block and detect.
I would suggest a different approach than vpn for most things any way. What content are you trying to reach that’s blocked or you need extra privacy for? I’m sure we can get it, just maybe not a vpn solution.
If it’s an IP or URL block a simple VPS hosted reverse proxy would do the trick that you can access any website via that proxy that would normally be blocked by your local firewall due to FQDN or IP.
Please remember that network and system administrators often have good reason to block things - we do not care what you do in your machine unless it breaks policy or the law, but the second you start trying to circumvent rules, you create extra work, draw scrutiny on everyone and make an enemy out of the already-overworked administrators.
You can have good intentions all you want, but remember it’s their entire job (among probably 394772291 other things) to maintain these networks and systems. You might get a short term win, but it’s not worth the extra scrutiny you could draw.
Depending on what/why you need a VPN at school, you could just look at a VPS with a public IP to access whatever it is you need/want to.
If I found you trying to get round my policies and rules, I’d go out of my way to just straight up block all your devices from the WiFi. Or severely limit your speed.
With that out of the way, you’re not really going to find a solution without an app. The solutions built into iOS are pretty easy to block. You can try and download an OpenVPN profile for a vpn provider that uses port 443. That would get around it if they are just blocking all ports other than a couple of required ports. But if they are blocking protocols you’ll be SOL.
I’m assuming since you’re in school you may have a locked down iPhone and don’t want to ask your parents to download an app that they may or may not like.
If you just need to access websites, an HTTP proxy would do just fine doesn’t need an app, just a browser. You could also go the route of setting up a desktop you can RDP into and use guacamole to access it via a broswer.
SofEther doesn’t support IOS though.
They mentioned they are using OpenSwan and that it is getting blocked. Openswan is IPsec with IKEv2.
If OP is in school it’s possible parents get to decide what apps they install, for example.
Social Media specifically Snapchat which they blocked
I might be misunderstanding, but I’m trying to use an app that uses the internet. Could you be a bit more specific
but not necessarily a good reason.
To be exact i was using text. Which uses ipsec
Guys, why are you downvoting an honest reply to a simple question?
I mean I know it’s probably not “the library” or whatever answer you were expecting, but at least tell OP what you feel is wrong with the answer
As my pervious poster mentioned: It depends on what you try to achieve/circumvent. If it’s a block of websites, you can use a reverse proxy, if its remote access to your home then you need any VPN that will and can be blocked by anyone, because I think you mean IP access and not like a VNC solution where you remotely access stuff via GUI.
Would a proxy work system-wide on apps like Snapchat
school admin decision are not above judgement.
Apps use different endpoints (API) which you would have to proxy too, so no, with an app like snapchat that would not work so easily like with a normal website. If you need to access blocked content from within that network you need to find a VPN that is not blocked by that firewall. Wireguard comes to mind, on port 53, you can easily test this if you can use another DNS server from within that restricted network, if you can, you can setup a wireguard server on port 53 too. That’s what I do. I offer the normal wireguard port and UDP and 443 and 53 for restricted clients behind locked down firewalls.