Reporting/fixing broken airport/hotel/etc wifi?

Was there a list of folks collecting to provide fix actions for

Seems that IAD / Washington Dulles don't like "random" tcp/443 sites on the

for instance, ping, traceroute, http but no https :frowning:
https works just fine from lots of other places on the tubes... just not
the dulles wifi.


I've found many times it's the other way around, with highly restrictive
captive portals that only allow traffic to 80 and 443. This is exactly the
reason why I have an OpenVPN server running in tcp mode (not udp) on 443.

Yea, I was able to get around the broken-ness with openvpn, but.. that's
sad :frowning: and not everyone has that capability.

some years back, narita blocked 443 not 80, blocked 465 & 587 not 25,
etc. i actually found a clue receptacle and it was fixed some weeks

i suspect the number of things they can do wrongly may be bounded but is
quite large.


This is exactly why i have SSHd on port 443 and 53 on one of my boxes/IPs. Once
I got SSH sky's the limit on what I can fix/setup/tunnel.


Could also do: OpenVPN, with a proxy in front, that listen to all the ports in case they're using a gateway that transparent proxy some protocol.

     2017 version of wack-a-mole.

This is my usual workaround as well.
Props to Avery Pennarun:
for making my life even easier.

Using sshd on port 443, I can ssh my box with a tunnel to a local squid. My browser then use this tunneled proxy to go to internet.

Private and secure.

port 53 seems to be the biggest hole available, no one figures that anyone
will send actual data over port 53, other than DNS! (and they [have to] leave
TCP open, because of the nice handywavy implimentations of dns lookups :slight_smile:

some captive portals intercept all IP traffic regardless of dns, others
intercept the DNS first and give some captive IP target instead for your
lookup. The former are easy to send data over.

(the latter sometimes you can put your targets into your HOSTS[.txt] file and
get there, though today most webpages are 250 urls from 45 different domains,
so have fun.)

$ apt-cache search iodine
iodine - tool for tunneling IPv4 data through a DNS server

Sshuttle looks great thanks


there are a lot of options for techsavvy folk with an ip they control,
but... for the rest of the rubles, fixing the wifi to be sane really is the
only path forward.