SSLVPN over tcp port 443

DolphVS
DolphVS Posts: 2 Observer

For Users of your Service which are in firewalled networks (like myself - I'm the admin of these networks an managing the firewalls) it is not possible to build up IPSec tunnels. Protocols or ports like GRE, 500udp are generally blocked. A way to bypass this, which would be helpful for these users, is an sslvpn/openvpn to your servers via port 443tcp (basically the same port https uses). Most firewalls are not blocking sslvpn connections on these ports because they are very similiar to https traffic.

 

I really like your app, the functionality and simplistic design, but when i go to my customers (which have blocked these IPSec-used ports) my iPhone doesn't connect to their wifi networks because Freedome can't establish the vpn connection. This drains the battery drastically. I have to mention that I use iOS 11 beta but i guess it is the same behavior on iOS 10. Without wifi, with retrying Freedome to connect vpn I have no internet. So this is a problem.

 

Best regards and I would be very happy about this feature (I know that it'll be a lot of work, but it would be a unique feature and selling point).

Comments

  • DolphVS
    DolphVS Posts: 2 Observer
    Sorry, I just saw that I mixed up GRE (which is used in super-old PPPTP-VPNs) and ESP (Protocol=50, which is used in IPSec-VPNs).
  • chris_
    chris_ Posts: 12 New Member

    I wanted to chime in and second that suggestion.

     

    IPSec (even IKEv1) is becoming increasingly useless on public networks because it's often blocked at the router level.

     

    OpenVPN (especially on TCP port 443) is much less likely to be blocked.

     

    VPN providers can integrate OpenVPN implementations in their apps after vetting by Apple. Some competitors (e.g. Private Internet Access) have offered this for months. In fact it's the default protocol now for some VPN apps on iOS (you can also choose between UDP or TCP and various ports).

     

    I probably won't renew my Freedome license in December if this isn't going to be available.