OK! Firstly, thank you to everyone who took the time to reply. I think it's a safe assumption that WG is functioning as it should and that I need to identify another port on which to run. I will post a new thread on this topic.
On Mon, Nov 19, 2018 at 10:28 AM Jacob Schooley <[email protected]> wrote: > > Finally, something I can actually help with. > > Yes, Verizon is actively blocking data through port 53. > > Back in 2015 I discovered by accident that VPN traffic through port 53 on > Verizon was not monitored by whatever they use to calculate data usage. Even > better, it worked on deactivated sim cards for a few months after they were > deactivated. Basically this meant I could dig around in the local Verizon > store's dumpster every few months to find sim cards, pop them into a portable > hotspot, and use a VPN over 53 for completely free, unthrottled data on > Verizon without even having an account with them. I was a broke high school > student and my parents wouldn't allow me to have service on my phone at the > time so this was a life saver. > > Fast forward to a couple months ago, someone else gets root on the mifi > 6620L, finds the loophole, and decides to sell mifi's with a VPN client or > proxy installed that redirected everything through port 53. Basically > resulting in a seamless experience for free unlimited data. These hacked > devices sold for $300+ on eBay. Of course, after it was in the wild Verizon > started DPIing port 53 and now nothing gets through. > > > > On 11/19/18, John <[email protected]> wrote: > > I have a simple WireGuard VPN setup I use running WG on a home Linux > > box and connecting to it with several iOS clients. The server peer is > > setup on port 53 since a the networkadmins of some remote WiFi > > networks my mobile devices seems to block udp traffic on higher ports. > > Encrypted connections work fine on WiFi as I have setup, but do _not_ > > work when I connect via LTE (Verizon supplying the data). On LTE, I > > am no longer able to transfer data to/from the server peer but I can > > handshake with it. > > > > If I inspect the output of `sudo wg` on the server peer, I see the > > endpoint IP address changes to reflect my Verizon LTE IP and the time > > since the last handshake reset to a few seconds which is consistent > > with my ability to connect to the WireGuard peer server. > > > > I am unable to transfer data (pull up a web site or check email etc). > > It's as/if Verizon is blocking my data flow on port 53. If I change > > the port from 53 to 123, it seems to work fine although I do not have > > universal connectivity on the various WiFi networks I visit on port > > 123. The optimal port would be 53 for my use case. > > > > So the questions: > > 1) What can I try on the server peer side to diagnose? > > 2) Do people feel that Verizon is actively blocking the connection on port > > 53? _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
