Hi everyone,

I'm currently facing some frustrating restrictions with the public Wi-Fi at my school. It's an open Wi-Fi network without a password, but the school has implemented a firewall (Fortinet) that blocks access to certain websites and services, including VPNs like Mullvad and ProtonVPN. This makes it difficult for me to maintain my privacy online, especially since I don't want the school to monitor me excessively.

After uninstalling Mullvad, I tried to download it again, but I found that even a search engine (Startpage) is blocked, which is incredibly frustrating! Here’s what happened:

  • The Wi-Fi stopped working when I had the VPN enabled.
  • I disabled the VPN, but still couldn't connect.
  • I forgot the Wi-Fi network and reset the driver, but still no luck.
  • I uninstalled the Mullvad, and then the Wi-Fi worked again.
  • I tried to access Startpage to search for an up-to-date package for Mullvad, but it was blocked.
  • I used my phone to get the software file and sent it over, but couldn't connect.
  • I searched for different VPNs using DuckDuckGo, but the whole site was blocked.
  • I tried searching for Mullvad, but that was blocked too.
  • I attempted to use Tor with various bridges, but couldn't connect for some unknown reason.
  • I finally settled for Onionfruit Connect, but it doesn't have a kill switch, which makes me uneasy.

Ironically, websites that could be considered harmful, like adult content, gambling sites and online gaming sites, are still accessible, while privacy-tools are blocked.

I'm looking for advice on how to bypass these firewall restrictions while ensuring my online safety and privacy. Any suggestions or alternative methods would be greatly appreciated! (If any advice is something about Linux, it could be a Problem, since my school enforces Windows 11 only PC's which is really really igngamblingThanks in advance for your help

edit: did some formatting

edit2: It is my device, which I own and bought with my own money. I also have gotten in trouble for connecting to tor and searching for tor, but I stated that I only used it to protect my privacy. Honestly I will do everything to protect my privacy so I don't care if I will get in trouble.

edit 3: Thanks for the suggestions, if I haven't responded yet, that's because I don't know what will happen.

  • ResoluteCatnap@lemmy.ml
    ·
    edit-2
    4 months ago

    Here are some good rule of thumbs for work and schools:

    • do not connect to their networks with your personal devices, ever.

    • Only use work/ school devices on their own network.

    • Do not do anything personal on those networks. only do work/school related tasks. This means don't log into any non school/work accounts.

    • If for some reason they don't have a device for you but require you to use their network, then leave your personal devices at home claiming you don't own one and make them accommodate you.

    You cannot expect privacy in these situations, and by going to the extreme lengths to try to get it then you will ironically just paint a bigger target on your back if any network admin cares. In some cases this can cost you your job or get you in trouble with the school.

  • The 8232 Project@lemmy.ml
    ·
    edit-2
    4 months ago

    Hi! Back in high school, me and a few close friends formed a small hacking group aimed at hacking the school WiFi. We succeeded, and reported the vulnerabilities we found along the way to the school. Our school had a policy where students who managed to hack something would be let off the hook if they reported exactly how they did it. I managed to land a job for the school district as a result of our fiasco. I don't recommend anyone do that, but I managed to get lucky.

    Anyways, once we had access to the WiFi we wanted to get around the network wide filter. Proton VPN worked for a while, but quickly got blocked. Dual booting into Tails on school computers didn't work until the 6.0 update. To my knowledge, it still works.

    However, for our phones, the thing that worked was changing the DNS. We found out the network wide filter the school boasted so highly about was only a DNS filter that resolved hostnames to a "blocked" page. Find a good PRNS and change your device's DNS to match. If you want a search engine, try to find an unblocked SearXNG instance.

    Good luck!

    P.S. Don't forget: Tor is portable on Windows devices :)

    • InputZero@lemmy.ml
      ·
      4 months ago

      This is the best answer. You didn't go charging through their system with complete disregard. You made the IT staff like you first, then broke through their system. That's social engineering at it finest here people, and is the first skill any great hacker needs to learn. Please do good with this skill.

  • brainw0rms
    ·
    edit-2
    1 month ago

    deleted by creator

    • Decency8401@discuss.tchncs.de
      hexagon
      ·
      4 months ago

      I have gotten in trouble for using a VPN I'm the past but it was just a little talk and then they were cool with it. The thing is, that it is my device and at the school I don't have a strong enough signal for my phone. So I can't just make a hotspot and use that as WiFi. I need to use the WiFi to get my things done but I will not use the WiFi if I can't protect my privacy. I know that this sounds pretty stupid but I won't comply with my school.

  • eco_game@discuss.tchncs.de
    ·
    edit-2
    4 months ago

    What worked for me at my old school was using a ShadowSocks proxy. Basically what this does, is it takes all your traffic and just makes it look like random https traffic (AFAIK). ShadowSocks is just a proxy. The description fits the Cloak module, mentioned below.

    I believe multiple VPNs support this, for me with PIA VPN it's in the settings under the name "Multi-Hop" (PIA only supports this on the Desktop App, not on mobile).

    This technique is pretty much impossible to block, unless you ban every single VPN ShadowSocks Proxy IP. If that is the case for you (chances are practically 0), you could also selfhost ShadowSocks in combination with the Cloak module, however this method is a lot more complicated.

  • sovietknuckles [they/them]
    ·
    edit-2
    4 months ago

    If your school blocks VPN connections, that usually means that they're specifically blocking OpenVPN traffic and/or WireGuard traffic. So if you use a VPN provider that supports OpenConnect (which looks like regular HTTPS traffic over port 443 to your school, there's a good chance that it will not be blocked.

    That's what I do when I'm on open Wi-Fi networks that block everything but HTTP or HTTPS traffic. It's not as fast as UDP OpenVPN, let alone WireGuard, but it frees me from the restrictions of whatever Wi-Fi network I'm on.

  • jjjalljs@ttrpg.network
    ·
    4 months ago

    You're going to get in trouble and it's not worth it.

    Don't do personal stuff on their network. What are you even trying to look at via the school network?

    If you're concerned about privacy while doing school stuff, use another device, or maybe a VM. Do they provide computers for students?

    You might get off with a warning because you're young (I assume you're like 16), but bypassing network security stuff as an adult at work will often get you fired.

    • Mubelotix@jlai.lu
      ·
      4 months ago

      I beg to differ. Everyone should have a right to access a free Internet. The censorship they are taking about is so broad that it cannot be accepted. In France the school could get highly punished if they dared to make comments on their harmless Internet activity

      • jjjalljs@ttrpg.network
        ·
        4 months ago

        The rights everyone should have is irrelevant to the reality. You can't steal a sandwich and be like "everyone should have the right to food!". I mean you can, but you'll still be punished.

        Is this the hill for this kid to die on? Probably not. If they were trying to change the system for everyone to be more just, maybe.

        • Mubelotix@jlai.lu
          ·
          4 months ago

          You will not be punished for stealing a sandwich where I live. The judge would laugh at the plaintiff

          • Foofighter@discuss.tchncs.de
            ·
            4 months ago

            That's not the point? The school provides a service and is (probably) not obliged to do so. If the school sets rules on this services, it's OPs choice to either use or not use that service. 🤔

            • Mubelotix@jlai.lu
              ·
              edit-2
              4 months ago

              Shall we be content to obey them, or shall we endeavor to amend them, and obey them until we have succeeded, or shall we transgress them at once?

  • CommanderCloon@lemmy.ml
    ·
    4 months ago

    Sounds like DNS blocking. Use DoH, won't be as good as a VPN but it will stop the sniffing which allows them to block domains

  • AmbiguousProps@lemmy.today
    ·
    edit-2
    4 months ago

    You'll need to download the client off-network (have you tried the local library for that?) and put it on your PC. If you know how to use docker, you could set up the client via docker and dockerhub which I doubt is blocked, but you'd need to set docker up on windows which I have no experience with.

    You can also try wireguard on a non-standard port if there are further blocks. OVPN can also go over 443 which might help.

    Really though, it depends on how they're blocking them. They could be blocking the protocol based on port or deep packet inspection, or they could just be blocking a list of VPN hosts. They could be doing both.

    If they're just blocking hosts, you could set up a vpn relay on a host somewhere else, but that won't help if they're blocking the protocol.

  • Melody Fwygon@lemmy.one
    ·
    4 months ago

    Typically, using your own VPN should suffice. Depending on your situation you can do other things as well. If you are unable to download these tools on the school network in question; do not attempt to do so again. Use a public or other network connection elsewhere to obtain the tools you need to bypass their crap.

    For example, NextDNS could be helpful. By running their client app; ( https://github.com/nextdns/nextdns/wiki/Windows ) you can make sure all your DNS requests are encrypted. Similarly you could simply set up a local DNS server that you point Windows at which can redirect those requests over DNS-Over-(HTTPS or TLS) to a DNS provider of your choosing.

  • fuckwit_mcbumcrumble@lemmy.dbzer0.com
    ·
    4 months ago

    Is this a school issued computer or your own on their network? Never assume you have any privacy on a computer that isn't your own. Even if you do get a VPN on there they probably have software on the laptop to monitor your actual screen which is far more privacy invasive than seeing that you accessed lemmy 500 times in an hour.

    • bdonvr@thelemmy.club
      ·
      4 months ago

      Seriously, ever heard of Intel AMT? It gives administrators such deep access to the computer that they can view and control your screen (regardless of OS you're using), power the device on remotely, etc.

    • Decency8401@discuss.tchncs.de
      hexagon
      ·
      4 months ago

      It is my own laptop. If I could, I would use tails constantly as I do at Home but the school enforces MS356 which doesn't work on Linux. The thing that upsets me the most is that I used happily my VPN for one and a half years and out of nowhere it got blocked. I had some discussions with the school, because I thought that this is a really dumb move. But they refused to unblock it, but still it was an attempt.

  • Analog@lemmy.ml
    ·
    4 months ago

    Airvpn, then use their advanced config to create a 443 tcp tunnel out to a single server. Then use that server’s IP in your OpenVPN config file. Route all traffic including dns inside the tunnel.

    Traffic will look like all other web traffic - encrypted on standard web ports. You won’t even need to do a DNS lookup to start with and airvpn uses generic rDNS so it’s not super easy to figure out from their perspective.

  • ⲇⲅⲇ@lemmy.ml
    ·
    edit-2
    4 months ago

    There is a way, it's called SSH over HTTP, I think there are many guides on the internet. I hope this works.

    EDIT: I don't know how to do that on Windows or if it's possible but maybe with a virtual machine... sorry.

  • InputZero@lemmy.ml
    ·
    4 months ago

    Please read Charger8283's reply. It's the best one. You're thinking small, how do I break out of their system, that will only land you in trouble. You should think big like how Charger8283 thought and break the system altogether.

    If you first find vulnerabilities and report them to your school, later when you find another one you don't tell them about it until they ask. Keep it a secret and use it for a while. Just pretend like you weren't ready to tell them because you didn't understand it yet.

    Sometimes it pays off to play nice and stupid.

    • Decency8401@discuss.tchncs.de
      hexagon
      ·
      4 months ago

      Well it certainly would be cool to break the system but I honestly don't have the skills for that. I don't even know how I could possibly do that.

      • InputZero@lemmy.ml
        ·
        edit-2
        4 months ago

        Yeah you already do. I'm assuming that you're in a public highschool. This advice becomes bad advice when there is any money on "the table". NEVER do this at a university, private, chartered school, and absolutely NEVER do this to the person who will be giving you a paycheck.

        I'll repeat this to be clear to everyone reading this. Do not do anything on a computer or network someone else owns that they don't allow when money you have, or money you could have gotten could be taken away.

        When I said break the system I didn't mean become so smart at computers that you can just walk past any barrier in any code. That's impossible. Breaking the system means learning to understand the people who enforce it and working with them to get yourself around it. It means talking to the IT person, getting them to like you, then getting them to show you how to get around a firewall or tunnel out of a network or at least letting you try without getting into huge trouble.