wireguard.lists.zx2c4.com archive mirror
 help / color / mirror / Atom feed
* Re: Traffic on port 53 fails on LTE but works on WiFi
@ 2018-11-19 15:25 Jacob Schooley
  2018-11-19 20:24 ` John
  0 siblings, 1 reply; 8+ messages in thread
From: Jacob Schooley @ 2018-11-19 15:25 UTC (permalink / raw)
  To: wireguard


[-- Attachment #1.1: Type: text/plain, Size: 2654 bytes --]

Finally, something I can actually help with.

Yes, Verizon is actively blocking data through port 53.

Back in 2015 I discovered by accident that VPN traffic through port 53 on
Verizon was not monitored by whatever they use to calculate data usage.
Even better, it worked on deactivated sim cards for a few months after they
were deactivated. Basically this meant I could dig around in the local
Verizon store's dumpster every few months to find sim cards, pop them into
a portable hotspot, and use a VPN over 53 for completely free, unthrottled
data on Verizon without even having an account with them. I was a broke
high school student and my parents wouldn't allow me to have service on my
phone at the time so this was a life saver.

Fast forward to a couple months ago, someone else gets root on the mifi
6620L, finds the loophole, and decides to sell mifi's with a VPN client or
proxy installed that redirected everything through port 53. Basically
resulting in a seamless experience for free unlimited data. These hacked
devices sold for $300+ on eBay. Of course, after it was in the wild Verizon
started DPIing port 53 and now nothing gets through.



On 11/19/18, John <graysky@archlinux.us> wrote:
> I have a simple WireGuard VPN setup I use running WG on a home Linux
> box and connecting to it with several iOS clients. The server peer is
> setup on port 53 since a the networkadmins of some remote WiFi
> networks my mobile devices seems to block udp traffic on higher ports.
> Encrypted connections work fine on WiFi as I have setup, but do _not_
> work when I connect via LTE (Verizon supplying the data). On LTE, I
> am no longer able to transfer data to/from the server peer but I can
> handshake with it.
>
> If I inspect the output of `sudo wg` on the server peer, I see the
> endpoint IP address changes to reflect my Verizon LTE IP and the time
> since the last handshake reset to a few seconds which is consistent
> with my ability to connect to the WireGuard peer server.
>
> I am unable to transfer data (pull up a web site or check email etc).
> It's as/if Verizon is blocking my data flow on port 53. If I change
> the port from 53 to 123, it seems to work fine although I do not have
> universal connectivity on the various WiFi networks I visit on port
> 123. The optimal port would be 53 for my use case.
>
> So the questions:
> 1) What can I try on the server peer side to diagnose?
> 2) Do people feel that Verizon is actively blocking the connection on port
> 53?
> _______________________________________________
> WireGuard mailing list
> WireGuard@lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/wireguard
>

[-- Attachment #1.2: Type: text/html, Size: 3894 bytes --]

[-- Attachment #2: Type: text/plain, Size: 148 bytes --]

_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 8+ messages in thread
* Traffic on port 53 fails on LTE but works on WiFi
@ 2018-11-18 18:55 John
  2018-11-19  4:26 ` Quan Zhou
  2018-11-19  7:32 ` M. Dietrich
  0 siblings, 2 replies; 8+ messages in thread
From: John @ 2018-11-18 18:55 UTC (permalink / raw)
  To: wireguard

I have a simple WireGuard VPN setup I use running WG on a home Linux
box and connecting to it with several iOS clients.  The server peer is
setup on port 53 since a the networkadmins of some remote WiFi
networks my mobile devices seems to block udp traffic on higher ports.
Encrypted connections work fine on WiFi as I have setup, but do _not_
work when I connect via LTE (Verizon supplying the data).  On LTE, I
am no longer able to transfer data to/from the server peer but I can
handshake with it.

If I inspect the output of `sudo wg` on the server peer, I see the
endpoint IP address changes to reflect my Verizon LTE IP and the time
since the last handshake reset to a few seconds which is consistent
with my ability to connect to the WireGuard peer server.

I am unable to transfer data (pull up a web site or check email etc).
It's as/if Verizon is blocking my data flow on port 53.  If I change
the port from 53 to 123, it seems to work fine although I do not have
universal connectivity on the various WiFi networks I visit on port
123.  The optimal port would be 53 for my use case.

So the questions:
1) What can I try on the server peer side to diagnose?
2) Do people feel that Verizon is actively blocking the connection on port 53?
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2018-11-19 20:24 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-19 15:25 Traffic on port 53 fails on LTE but works on WiFi Jacob Schooley
2018-11-19 20:24 ` John
  -- strict thread matches above, loose matches on Subject: below --
2018-11-18 18:55 John
2018-11-19  4:26 ` Quan Zhou
2018-11-19  7:32 ` M. Dietrich
2018-11-19  8:40   ` John
2018-11-19  8:54   ` Matthias Urlichs
2018-11-19 16:02     ` Roman Mamedov

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).