Obligatory "read your schools' computer use policy before you get yourself in trouble for evading the firewall"

Here are some good rule of thumbs for work and schools:

• do not connect to their networks with your personal devices, ever.

• Only use work/ school devices on their own network.

• Do not do anything personal on those networks. only do work/school related tasks. This means don't log into any non school/work accounts.

• If for some reason they don't have a device for you but require you to use their network, then leave your personal devices at home claiming you don't own one and make them accommodate you.

You cannot expect privacy in these situations, and by going to the extreme lengths to try to get it then you will ironically just paint a bigger target on your back if any network admin cares. In some cases this can cost you your job or get you in trouble with the school.

Have you tried the "Stealth" protocol option ProtonVPN has?
It's intended to bypass VPN blocks. Sometimes it works.

Hi! Back in high school, me and a few close friends formed a small hacking group aimed at hacking the school WiFi. We succeeded, and reported the vulnerabilities we found along the way to the school. Our school had a policy where students who managed to hack something would be let off the hook if they reported exactly how they did it. I managed to land a job for the school district as a result of our fiasco. I don't recommend anyone do that, but I managed to get lucky.

Anyways, once we had access to the WiFi we wanted to get around the network wide filter. Proton VPN worked for a while, but quickly got blocked. Dual booting into Tails on school computers didn't work until the 6.0 update. To my knowledge, it still works.

However, for our phones, the thing that worked was changing the DNS. We found out the network wide filter the school boasted so highly about was only a DNS filter that resolved hostnames to a "blocked" page. Find a good PRNS and change your device's DNS to match. If you want a search engine, try to find an unblocked SearXNG instance.

Good luck!

P.S. Don't forget: Tor is portable on Windows devices :)

What worked for me at my old school was using a ShadowSocks proxy. ~~Basically what this does, is it takes all your traffic and just makes it look like random https traffic (AFAIK).~~ ShadowSocks is just a proxy. The description fits the Cloak module, mentioned below.

I believe multiple VPNs support this, for me with PIA VPN it's in the settings under the name "Multi-Hop" (PIA only supports this on the Desktop App, not on mobile).

This technique is pretty much impossible to block, unless you ban every single VPN ShadowSocks Proxy IP. If that is the case for you (chances are practically 0), you could also selfhost ShadowSocks in combination with the Cloak module, however this method is a lot more complicated.

If it's any school like mine was, where people actively look at all the traffic going through their network, it's a losing battle. And I say this as both a huge privacy advocate and a long-time network engineer.

Anything even remotely resembling a tunnel, VPN or proxy is going to make you stand out in their monitoring, because they will see constant traffic between you and the same host on the other end... traffic that practically never stops. In my day the school even force-reset SSH and RDP sessions after a while (or maybe it was actually ALL tcp sessions, not sure).

It doesn't matter what protocol or technique you use at that point because they can either block whatever IP/ports you use, every time you change it, or threaten/shut off your service.

You're going to get in trouble and it's not worth it.

Don't do personal stuff on their network. What are you even trying to look at via the school network?

If you're concerned about privacy while doing school stuff, use another device, or maybe a VM. Do they provide computers for students?

You might get off with a warning because you're young (I assume you're like 16), but bypassing network security stuff as an adult at work will often get you fired.

At the risk of sounding contrarian/lame, you should probably not be doing any of this especially if you don't own the hardware you're using (as mentioned by another commenter).

You don't specify if this is university or middle/high school, but either way you are not entitled to and should not expect any privacy on a network you don't control. Even if you are able to set up a VPN to mask your internet activity, your school's network administrators almost certainly can tell that you are using a VPN, which itself sounds like it would be a violation of your school's network policy and will most likely land you in trouble. Indeed, your repeated attempts to access blocked sites have likely already raised some flags.

Even the workarounds that others here have mentioned (like routing VPN traffic over port 443) are inadequate for a network that is being actively monitored. Believe me, it is very easy to tell when someone is connecting to a VPN this way.

I would quit while you're ahead until you can afford your own hardware/internet connection, and then maybe worry about any notion of privacy. Use your school's internet for what it was intended.

1. Sign up for Digital Ocean.
2. Get the cheapest VM (called Droplets on DO) you can get.
3. Install Ubuntu on it.
4. SSH into it and open a SOCKS proxy (ssh -D 8080 <yourdropletip> on Linux, use PuTTY on Windows).
5. Configure Firefox to use localhost:8080 as a SOCKS5 proxy.
6. Win.

Bonus points if you set up Cockpit to manage everything over the web (localhost:9090 over your proxy), that way you don’t need to learn all about sudo apt whatever.

You'll need to download the client off-network (have you tried the local library for that?) and put it on your PC. If you know how to use docker, you could set up the client via docker and dockerhub which I doubt is blocked, but you'd need to set docker up on windows which I have no experience with.

You can also try wireguard on a non-standard port if there are further blocks. OVPN can also go over 443 which might help.

Really though, it depends on how they're blocking them. They could be blocking the protocol based on port or deep packet inspection, or they could just be blocking a list of VPN hosts. They could be doing both.

If they're just blocking hosts, you could set up a vpn relay on a host somewhere else, but that won't help if they're blocking the protocol.

Sounds like DNS blocking. Use DoH, won't be as good as a VPN but it will stop the sniffing which allows them to block domains

If you try to browse to the tailscale website does it work?

If it does you could setup tailscale with an exit node at your house and tunnel your connection that way? Everything would then be coming from your home internet. I have had good success with tailscale being able to punch a hole through some pretty filtered firewalls.

I'm assuming you probably have a smartphone. In which case, I would just use your Wi-Fi hotspot instead.

Don't use the school's wi-fi? I'm sure there are other options to you.

You can sign up for an AWS account, set up an EC2 instance (a free type, you get one free year) and pull an wireguard image on docker there and connect to that? Unless they are whitelisting IPs I’d imagine this would work.

https://github.com/linuxserver/docker-wireguard

You can also replace AWS with an external computer of your choice…

Don't use the WiFi if you don't like the rules

I'm aware of a network that blocks Mullvad as well, but found a way around it. It went through just fine if I was using a custom DNS server. I used NextDNS for this, but I imagine it would work with Cloudflare or something as well (but I highly recommend NextDNS anyways). Hope this helps!

DNS over HTTPS is your best bet because they can't Man In The Middle and replace it (DNS Poison) like good old DNS. They will still be able to see the IP addresses you are connecting to unless you proxy those connections. nativeproxy uses Chromium's stack so it is much harder to detect. There are UI frontends for it if you prefer but I've never used them. ProtonVPN also has a stealth protocol that I've heard is good, though I don't know too much about it.

Good on you for trying to get around it. That kind of curiosity is a great way to develop your lateral thinking skills. You didn't ask for a lecture and people giving you one should go back to stack overflow comments. If you want to take the risks of it, that is up to you and you are likely to fuck up. That being said, you aren't the only person likely go get in trouble if you fuck up and, unlike you, IT will depend on their job financially. If you do it well enough and make sure you don't get caught by someone seeing your screen or blagging around the school that you did it, that won't be an issue.

IT departments also read comments in threads like this to find the current trends of how students are trying to get around their web blockers so keep in mind that you will need to keep your skills up to date.

If your school blocks VPN connections, that usually means that they're specifically blocking OpenVPN traffic and/or WireGuard traffic. So if you use a VPN provider that supports OpenConnect (which looks like regular HTTPS traffic over port 443 to your school, there's a good chance that it will not be blocked.

That's what I do when I'm on open Wi-Fi networks that block everything but HTTP or HTTPS traffic. It's not as fast as UDP OpenVPN, let alone WireGuard, but it frees me from the restrictions of whatever Wi-Fi network I'm on.

Seems like Tor snowflake is a proxy that makes your internet traffic appear as a video call. Its purpose is to circumvent censorship, but it may get around firewalls as well. I have no experience bypassing firewalls using snowflake, but it may be a viable option (someone correct me if I’m wrong) https://snowflake.torproject.org/

If you don't need a speed and full functionality of the Internet.
Try bridges for the Tor Browser.

Typically, using your own VPN should suffice. Depending on your situation you can do other things as well. If you are unable to download these tools on the school network in question; do not attempt to do so again. Use a public or other network connection elsewhere to obtain the tools you need to bypass their crap.

For example, NextDNS could be helpful. By running their client app; ( https://github.com/nextdns/nextdns/wiki/Windows ) you can make sure all your DNS requests are encrypted. Similarly you could simply set up a local DNS server that you point Windows at which can redirect those requests over DNS-Over-(HTTPS or TLS) to a DNS provider of your choosing.

Is this a school issued computer or your own on their network? Never assume you have any privacy on a computer that isn't your own. Even if you do get a VPN on there they probably have software on the laptop to monitor your actual screen which is far more privacy invasive than seeing that you accessed lemmy 500 times in an hour.