dhaavi
commented
2 years ago Hey @boistordu, this is indeed an interesting use case.
Is this your initial connection to the SPN? Without having connected to the SPN ever, it is really hard to do circumvention. If you have previously connected to the SPN, then Portmaster will have a local state of most servers and will be able to use better options.
Currently, we do not have circumvention features on the client side. We are still evaluating what the best way forward is and what common use cases are - so your report is most welcome here?
Can you tell us more about the firewall you are behind and what it blocks and what it does not? Things that would be interesting:
- Can you ping hosts on the Internet?
- Are DNS queries responded to correctly? (Does not matter if hijacked.)
- Are there other common open ports?
- Often, these are ports for protocols that cannot be redirected, eg. for mail: 993, 995
- If you know how to and have a server for testing, can you check if you can user other protocols than UDP, TCP.
- Do they force you to use or is there a proxy available?
We are using port 17 now, as it makes it easier to distinguish in testing. We will offer a wide range of unsuspicious options in the future.
changemenemo
Okey so I just tested SPN form the hospital, your setup don't take into account my usecase. It can't connect to SPN. You need somehow to hardcoded the ip at least a bridge gateway or an obfuscated gateway so that we can bypass censorship. Something like signal does with the Google api gateway so that firewall won't block it.
Édit: sorry you did apparently did manage to find a way to get the IP addresses without retrieving from dns server(tell me if I m wrong), but I think that destination as port 17 is not necessarily good for privacy since it will most probably be blocked by many enterprise firewall.
Originally posted by @boistordu in https://github.com/safing/portmaster/issues/539#issuecomment-1201591929