Why is it certain businesses wifi stop VPN's from working?

[OperatorWhale]

So I have been using a VPN for a couple of years now for random things. It's definitely come in handy. My only confusion is why when I use it on my phone on certain wifi's it just won't connect through the wifi. Either it disconnects me from the wifi and makes me use mobile data or the VPN just doesn't connect. Why is this? Is it because of a setting on the businesses wifi for security reasons? I've tried multiple different settings on my VPN as well to see if I was just setting it up wrong. I switched from TCP, UDP, IKEv2, different ports, switched off the VPN's built in firewall to see if it had some setting in place that was dumb. I'm not sure what it is. I'M NOT WANTING TO BYPASS IT IF IT IS SECURITY. I just want to know the why.

[OperatorWhale]

18 minutes ago, Caroline said:

Data siphoning. They can't do it if you use a VPN.

...Isn't that the point of a VPN is to make sure others don't get your info? Also like how's the physical aspect though. Like what is the setting of "oh they have a vpn". How do they know

 

 

Edited February 6, 2023 by OperatorWhale

[Crunchy Dragon]

2 minutes ago, OperatorWhale said:

...Isn't that the point of a VPN is to make sure others don't get your info? Also like how's the physical aspect though. Like what is the setting of "oh they have a vpn". How do they know

Even your ISP knows when you turn a VPN on. Networking isn't my strongest suit in IT, but it doesn't seem like a long shot to me that one can find a way to block VPN use at the network level.

 

 

[manikyath]

assuming you're talking about "guest" type wifi:

there's a lot of reasons why businesses would want to do this, but most of them boil down to a very simple concept:

they want to limit the amount of traffic on their guest wifi.

VPN's are a common target because:

- if the business limits access to certain websites (piracy, adult content, etc.) a VPN circumvents that.

- in the business world, a VPN often goes to the home office, after which business users start to pull stupid amounts of data back and forth as if it were a local network.

- in some regions, if a public wifi is used for 'nefareous activities', the host of that public wifi has a certain responsibility in that activity. this is also why sites facilitating piracy are often blocked.

 

something else worth mentioning is that some guest wifi's use a captive portal tech that loses connection with the captive portal when you connect to a VPN, losing connection with the wifi in the process. it's not 'by design', it's just a side effect of the design.

 

there's also examples where data sniffing on guest wifi is used as a marketing / market investigation tool, but i'd assume these to be a serious minority, mostly because the sort of places who would have an interest in this, would also be the sort of places where you really shouldnt be using the guest wifi either way.

 

----

in the unlikely case you're on about businesses' "internal" wifi:

you dont need to connect to an external VPN, this network exists for the activities related to work, if connecting to an external VPN is part of that, talk to your IT dept, not a forum.

 

----

 

beyond that, since there's some talk on the legality of certain things, i'll just make a blanket statement: if there is no expectation of privacy, and the business has a strong reason for there to not be privacy (for example, a computer system in a highly controller environment) the law stretches quite far into the 'creepy' terretory if the business makes this plenty obvious to the people affected.

[OperatorWhale]

19 hours ago, Caroline said:

They blacklist known VPN IP addresses and servers. Protocols can also be blacklisted.

 

Despite the normie corporate narrative, a VPN doesn't exists to make you "private" but only to redirect traffic through another server before it reaches your computer.

 

That traffic can be encrypted or not but it won't prevent "others from getting your info". If you use a VPN to access Facebook with your real name, or use whatsapp on a smartphone to send a geotagged picture or a sample of your voice in real-time then the VPN is pretty much useless. It's not the point of a VPN.

 

About privacy there's much more you can do than use a VPN, some call it "opsec" but I'm nice and simply call it common sense. One of the items on my common sense list would be "don't use public wireless networks", I don't even have wireless devices but I wouldn't use public networks anyway. Another is to never use my workplace's internet for anything that involves personal data, I have carte blanche on server access so I get to see the logs, including keystroke logs, yep, those are also logged on every computer, supposedly it's to catch "employees who want to watch porn" but you can pretty much prevent that by using a blacklist. I don't agree at all with that but I don't get paid to ask questions.

 

It's a widespread practice to use keyloggers, I know government dependencies use them so it's not "illegal" or anything like it might be in other countries.

You state you don't have wireless devices. How does that work in your daily life? Also what would you recommend for me to learn more about networking?

 

[OperatorWhale]

19 hours ago, manikyath said:

assuming you're talking about "guest" type wifi:

there's a lot of reasons why businesses would want to do this, but most of them boil down to a very simple concept:

they want to limit the amount of traffic on their guest wifi.

VPN's are a common target because:

- if the business limits access to certain websites (piracy, adult content, etc.) a VPN circumvents that.

- in the business world, a VPN often goes to the home office, after which business users start to pull stupid amounts of data back and forth as if it were a local network.

- in some regions, if a public wifi is used for 'nefareous activities', the host of that public wifi has a certain responsibility in that activity. this is also why sites facilitating piracy are often blocked.

 

something else worth mentioning is that some guest wifi's use a captive portal tech that loses connection with the captive portal when you connect to a VPN, losing connection with the wifi in the process. it's not 'by design', it's just a side effect of the design.

 

there's also examples where data sniffing on guest wifi is used as a marketing / market investigation tool, but i'd assume these to be a serious minority, mostly because the sort of places who would have an interest in this, would also be the sort of places where you really shouldnt be using the guest wifi either way.

 

----

in the unlikely case you're on about businesses' "internal" wifi:

you dont need to connect to an external VPN, this network exists for the activities related to work, if connecting to an external VPN is part of that, talk to your IT dept, not a forum.

 

----

 

beyond that, since there's some talk on the legality of certain things, i'll just make a blanket statement: if there is no expectation of privacy, and the business has a strong reason for there to not be privacy (for example, a computer system in a highly controller environment) the law stretches quite far into the 'creepy' terretory if the business makes this plenty obvious to the people affected.

Thank you for the information! It has definitely given me some realizations. What would you recommend for me to learn more about this topic?

[E-waste]

On 2/6/2023 at 6:15 PM, Caroline said:

I kept walking without sharing my tech tips.

I'll share a tech advice.  Pi-Hole.  You probably aren't using it, but hopefully you are.  I also hope you are using addons like NoScript or uBlock Matrix to block unnecessary scripts and domains.

 

https://pi-hole.net/blog/2017/02/22/what-really-happens-on-your-network-find-out-with-pi-hole/

[wseaton]

These answers are silly.

 

No business cares about public wifi, and unless you are in China detecting a VPN tunnel can be rather tricky business. If anything most public wifi admins want you to use a VPN because they can't get blamed if you get passwords snooped by somebody sitting in the booth around the corner running an SSID spoofer on his smartphone.

 

Most likely reason is DNS. Try forcing your VPN to use Google DNS vs the host wifi. 

 

I have the opposite problem. Corporate admins often put hyper restrictive policies on their client laptops that will not connect to open wifi connections. Customers then whine to me my wifi won't work.

 

 

[E-waste]

20 hours ago, Caroline said:

Already using it. It was the only way to fully ban google, facebook, MS, Amazon from my network. The amount of servers and different addresses they use is insane.

I have NoScript too just in case I want to block something else.

Wow, agreed on all of thism. I want to re-mention pi-hole on this 2nd page as that's what you referred to using, just so it gets better visibility.

 

I have thought a lot about wireless access points, and how one might direct the signal instead of letting it bounce all over the place.  It was night, and I thought about having small metal tubing (or wood or some other material) run like conduit, near seating areas around a home.

 

Then I thought while very interesting, I think a really cool solution would be ethernet over micro-usb cables.  I have used a micro-usb to usb-a cable to push cellular data to a computer, Linux does this, or NetworkManager, really easily.  I'd like to do the opposite.

 

Would it be possible to run ethernet cables to common areas, to devices that would normally use wireless, to receive Ethernet into a data cable for their phones and tablets?

 

That would be incredible.  You could charge your device right there, and get online!  I also would like to know if this could be done for wall jacks, so where there is ethernet, along side this, you could have a data usb port that also has an Ethernet connection routed through it.

 

One more idea would be those in-outlet usb ports near electrical ports.

 

Is this something that would be possible, as I know there are usb to Ethernet devices used for new laptops, but is there a way to have the port be micro-usb, usb-c as well as a lightning port? 

[Akolyte]

On 2/6/2023 at 2:48 PM, OperatorWhale said:

So I have been using a VPN for a couple of years now for random things. It's definitely come in handy. My only confusion is why when I use it on my phone on certain wifi's it just won't connect through the wifi. Either it disconnects me from the wifi and makes me use mobile data or the VPN just doesn't connect. Why is this? Is it because of a setting on the businesses wifi for security reasons? I've tried multiple different settings on my VPN as well to see if I was just setting it up wrong. I switched from TCP, UDP, IKEv2, different ports, switched off the VPN's built in firewall to see if it had some setting in place that was dumb. I'm not sure what it is. I'M NOT WANTING TO BYPASS IT IF IT IS SECURITY. I just want to know the why.

As some people have pointed out, this is most likely for security reasons.  Public wifi is a bit of a hot bed for malicious activity, whether it be attempting to sniff network traffic and gather what data you can from it, or piracy, etc via VPNs.  Also keep in mind that cafes and small businesses in general might buy more specialised network equipment that allows them to perform security scanning on the network traffic - to prevent things like ARP cache poisoning, etc that someone might do to perform a man in the middle attack.  They can't analyse that traffic if it's being routed through a VPN. 

 

Even though a lot of VPNs claim to not log your data and be secure, there are still ways someone's connection can be traced back to their computer, beyond that.  Cafes are businesses, and they don't want their ISP or any businesses to have any issues with them because suspected pirates are using VPNs on their network to do sussy things. 

 

Their wifi is simply meant to allow their customers to browse the web, do some work, etc while at their cafe.  Yes, there are security risks using public wifi, they aren't nearly as hyped up as VPN providers want you to believe.  In, fact, in some instances, using a VPN can be more insecure (probably not than public wifi, but definitely home network).  Just make sure you're using HTTPS and if you want to, use an encrypted DNS using a free service like Quad9. 

 

I know you're not wanting to bypass it, but often businesses will have terms and conditions you'll need to accept before being able to connect to anything on their wifi.  Have a read of it if you have time, see what they say about using VPNs, Proxies or Tunnels.