Eduroam blocks tor, vpns and bitcoin core!

[jackg]

Warning: this is another eduroam ruins lives thread if you want to see something without misery I'd suggest going here

I need help.

I'm at university and I want to run a bitcoin/litecoin node here. The issue I have is that the [insert word here] service known as "eduroam" which no one likes is essentially governing over my internet connection.

People here are obviously doing things like watching porn and playing computer games and all I want to do is send some money, but I can't!

My error when trying to connect to Tor is "Establishing an encrypted directory connection failed" and I'm using an obfs4 bridge and have three listed on the list thing you have to give to tor.
My electrum wallet works though which seems a bit odd...

it is potentially the way that both grab their connections from the internet.

[1714058333]

1714058333

[1714058333]

1714058333

[cellard]

Eduroam is a pain in the ass it seems. There was some other dudes talking about how not even changing mac address helps. There must be some words that trigger a ban, apparently "bitcoin mining" does it. Perhaps they've had problems with people infecting machines with bitcoin miners and bitcoind as a whole is banned, a lot of malware tools detect bitcoin core as a thread.

I wouldn't bother running a node in there. Not worth running a node in a setup which you don't control 100%. Just use Electrum from now may you need to transact and run a node once you are done with university. After you are authenticated in Eduroam the institution monitors all traffic that goes through it so there's no point if they've decided to not let people use network resources for bitcoin nodes.

I don't see why you can't find a premium VPN service which is not banned there tho (all the of the free ones will be banned).

[Jet Cash]

If you don't have a cable connection at home, then it seems you need to switch between a variety of public services, or you can tether your mobile phone.

Many public services block "non-stndard" ports, and some filter Bitcoin sites as "political". Morrisons is one such service, although they allow me to connect to Bitcoin Talk for some reason.

McDonalds and the free WiFi services provided by most shopping malls seem to be the best in my experience.This is in England of course.

The public library blocks port 8333 over WiFi, but they allow it if you can wire into their ethernet hub.

[bob123]

The easiest way to still run a bitcoin/litecoin node there would be to use a VPN.

You can use some premium VPN access from a 3rd party (only recomended if you don't care that the VPN provider can see your traffic).

Another option would be to set up the VPN so that you connect from your eduroam-network to your home-network.
People will only see some encrypted data being sent from/to your home network, but they will not be able to determine the payload.
This option is basically free. You just need to have a computer running at home + continuous internet connection.

[jackg]

Eduroam is a pain in the ass it seems. There was some other dudes talking about how not even changing mac address helps. There must be some words that trigger a ban, apparently "bitcoin mining" does it. Perhaps they've had problems with people infecting machines with bitcoin miners and bitcoind as a whole is banned, a lot of malware tools detect bitcoin core as a thread.

I wouldn't bother running a node in there. Not worth running a node in a setup which you don't control 100%. Just use Electrum from now may you need to transact and run a node once you are done with university. After you are authenticated in Eduroam the institution monitors all traffic that goes through it so there's no point if they've decided to not let people use network resources for bitcoin nodes.

I don't see why you can't find a premium VPN service which is not banned there tho (all the of the free ones will be banned).

Only service I could find that offers a vpn that isn’t blocked was norton becUse they don’t realise it has a vpn service..
I’m probably just going to have to end up going with them unless I can find another solution, it’s odd their aup suggests using VPN’s and then they go and block them all .

Or I’ll do as jetty said sand go and find McDonald’s.

[pooya87]

have you tried connecting to your VPN server through port 1194 using UDP? give it a try, if you haven't.

and for what it's worth you can't block all VPN access, you can only block some types. it usually is by closing ports, sometimes other simple solutions. worst case scenario is packet sniffing to determine whether this packet you are sending back and forth is a VPN connection or not and block it. and there is a solution for all of these for example the last part is simply avoided with a layer of SSH encryption which will make it look like normal https calls to a website for instance and there is no way to block that since you will be blocking all https sites! if that is the  case look for a VPN provider that offers such encryption.

[jackg]

have you tried connecting to your VPN server through port 1194 using UDP? give it a try, if you haven't.

and for what it's worth you can't block all VPN access, you can only block some types. it usually is by closing ports, sometimes other simple solutions. worst case scenario is packet sniffing to determine whether this packet you are sending back and forth is a VPN connection or not and block it. and there is a solution for all of these for example the last part is simply avoided with a layer of SSH encryption which will make it look like normal https calls to a website for instance and there is no way to block that since you will be blocking all https sites! if that is the  case look for a VPN provider that offers such encryption.

Symantec say they do with good encryption however I’m not sure how high,h I’d actually trust them.

The bridge connections I got were https I think. Also I can’t get a vpn from most places because their sites are blocked.


It comes up with “site can’t be reaches” as if they’re trying to save room on a dns server or something which probably isn’t the case...

Unless someone could send me the ip addresses for tor and private internet access (they accept bitcoin).

[HeRetiK]

Symantec say they do with good encryption however I’m not sure how high,h I’d actually trust them.

The bridge connections I got were https I think. Also I can’t get a vpn from most places because their sites are blocked.


It comes up with “site can’t be reaches” as if they’re trying to save room on a dns server or something which probably isn’t the case...

Unless someone could send me the ip addresses for tor and private internet access (they accept bitcoin).

privateinternetaccess.com = 72.52.9.107

You'll receive an SSL certificate warning because the name won't match, but the site is reachable as long as you ignore that warning (which, for the record, one shouldn't do in other cases).

torproject.org = 138.201.14.197 -- however their main website is not reachable using purely the IP address, apparently.

However: If sites get blocked via domain name rather than via IP you should be able to simply use Google's DNS servers instead of the ones provided by your local network or ISP:

https://developers.google.com/speed/public-dns/

8.8.8.8 and 8.8.4.4

Usually works like a charm around half-assed website blocks.

[jackg]

I’ll try the dns changed, I managed to connect to private internet access but it didn’t load the style sheet...

Probably still enough just to buy a vpn from them though.

[jackg]

Unless someone could send me the ip addresses for tor and private internet access (they accept bitcoin).

You could use website services such as https://ipinfo.info/html/ip_checker.php to get website's IP.

However: If sites get blocked via domain name rather than via IP you should be able to simply use Google's DNS servers instead of the ones provided by your local network or ISP

Alternatively, you could manually configure your hosts file on your OS, even though it's pain in ass & you need to add all subdomain of website unless you make your own local DNS server.

Can I host a DNS service on a raspberry pi? Is there a link as to a way I can do that and help decentralise the Internet?

[bob123]

May i ask why you didn't comment my suggestion ?

[...]
Another option would be to set up the VPN so that you connect from your eduroam-network to your home-network.
[...]

For me, this seems to be the easiest way to circumvent the firewall rules at your college. It takes 10 minutes and you are ready-to-go.

Or doesn't it work in your case because of something we don't know yet ?
Do you have internet access ONLY via eduroam ? Or do you explicitly want to NOT run something bitcoin-related from your home-network ?

[jackg]

May i ask why you didn't comment my suggestion ?

[...]
Another option would be to set up the VPN so that you connect from your eduroam-network to your home-network.
[...]

For me, this seems to be the easiest way to circumvent the firewall rules at your college. It takes 10 minutes and you are ready-to-go.

Or doesn't it work in your case because of something we don't know yet ?
Do you have internet access ONLY via eduroam ? Or do you explicitly want to NOT run something bitcoin-related from your home-network ?

Long story short: my parents only use the router as and when it’s required for a fear that it will “blow up if left on too long”. From personal experience, after about 6 hours of use the connection starts to drop a bit also.

My sister lives in a house with permenant WiFi but I don’t think she’d be comfortable setting something like that up for me or allow me to plug something into the router at hers (her 14 housemates might think I’m packet sniffing also)...

[DarkStar_]

Can I host a DNS service on a raspberry pi? Is there a link as to a way I can do that and help decentralise the Internet?

Wouldn't help decentralized the internet as you'd still be forwarding DNS requests to a DNS resolver (ie google, cloudflare, openDNS, etc), but you can set up a Pi-hole to run your own DNS server. Not really what you're looking for, but you should be able to set custom forwards and block tracking/advertising websites while you're at it if you want. I'm running a Pi-hole one a Pi 3B+ and it works flawlessly. Should run great on a first gen too I believe. It's also very easy to setup.

[bob123]

Unfortunately i don't see an ideas besides of the already mentioned ones (use electrum or get a VPN provider which accepts port 22, 80 or 443).

Another option might be to find an open wifi, without port restrictions.
You could hide your PI somewhere there (plugged in to a source of energy of course) with SSH open.

Then you'd simply route everything through this PI (and the public wifi).

But honestly, i wouldn't recommend this. This could get you in some trouble, theoretically.

[jackg]

I bought a norton license, and it won't work with the WIFI here (don't know why I expected it would, ah yes, the acceptable use policy claims it should) .

I'm guessing they're blocking a port it's trying to connect through, there's a 30 day moneyback guarentee with norton so if it doesn't work, i'll have to use that (after contacting their support to see if they know how to fix the issue/change the port it communicates through)...

[bob123]

Hmm.. you might also want to try to simply get a VPS (not a VPN) and tunnel your whole traffic via SSH to that server.

VPS's usually aren't much pricier than VPN's (it at all). It would be a bit more configuration, but basically it's the same as a VPN.
The only difference is that eduroam shouldn't have any IP blocks regarding some random VPS and that traffic to port 22 (ssh) has to be allowed.

[troy.gold]

You could try the following:

- VPS server tunneled out
- A proxy server
- a remotely accessible computer outside of the network (sounds extreme but i've used this in the past)