I guess the title should explain already but UDP ports seem to be blocked on Eduroam network (443, 51820, 1194, 4500 and etc.) my Wireguard setup works just fine anywhere except here and I'm only using it to connect to my home's lan devices.
Is there something else I could try? Despite wireguard being easier to setup it seems that I cannot bypass the Eduroam firewall currently.
wireguard just needs one port over udp, you can choose any other port between 1-65535.
I've tried many ports but none of them seem to work. I tried 443 in an attempt to make it look like QUIC traffic but that had the same issue as others. I just cannot send my handshake.
I may be wrong, but this kind of sounds like you'd want to set the sender (initiator) port to 51820, don't do that, leave it to your device to pick one - only the remote router you want to connect to needs a fixed port.
The initiator port is random but the fixed port is problematic. The university's firewall doesn't seem to allow Wireguard. But SSH works which is odd enough. Perhaps only TCP is allowed?
What about udp 53 (dns) or 123 (ntp)?
If it doesn't work you can try https://github.com/wangyu-/udp2raw
How do you setup udp2raw on OpenWRT?
Tried port 53 and 123 but no luck.
also search this forum and you'll find resources like Udp2raw usage for openwrt - For Developers - OpenWrt Forum
They probably block udp traffic.
You can setup openvpn that supports TCP.
Yeah I was about to ask this but @maurer it seems harder to use udp2raw on Android. I'm assuming a better option would be OpenVPN since I'm only using it for connecting to my home's LAN device. Drawback is since it's not UDP it'll be a lot slower...
The issue won't be with eduroam (note no capitals) in general, but with the local institution's firewall policy.
Switching to a well-known service port is unlikely to work for you either as most sites now use firewalls that look at the protocol in the packets rather than port, and process accordingly.
Your best option is to raise a support request with your IT department.
[Yes, I work in higher education, coincidentally at one of the very early adoption sites of eduroam]
I doubt they'd bother with the support request probably because I'm most likely 1 out of the entire university population asking for it.
I haven't tried OpenVPN but SSH works, There's something also called as X-ray core which was developed to get over the Chinese firewall and that works fine as well (including UDP protocols like TUIC (it's running on port 443 to imitate QUIC traffic)) but apart from that I'm pretty much limited.
now that we have better picture of your client vpn needs then we can recommend a better solution and as @greem suggests the firewall might do some nasty DPI ( deep packet inspection] and detect some other known vpn protocols too like openvpn.
so my recommendation is to use SSTP on port 443 (that can easily bypass all known DPIs) via softethervpn package - you can find howtos on this forum and around the web for seting it up as for android clients there were some on google play last time I checked
You'll never know if you don't ask! We make occasional exceptions for well formed and well put together requests that don't compromise the safety of the university's network.
Is it possible to host SSTP or Softether on OpenWRT?
Also @greem will give it a try but no promises.
see my previous answer
It is possible that your university uses DPI and that could detect OpenVPN or other VPN options.
I have assisted some users who need to dodge the great firewall using OpenVPN scramble options
There are also scramble options for WireGuard but this is useless if all UDP traffic is blocked.
You can also go completely around and use Tor. For example a tiny pocket router with 2 RJ45 ports. On one RJ45 you connect to your eduroam and on the other side you have a free internet thanks to transparent Tor on a RJ45 port. You can then use this RJ45 port to connect with wireguard or anything else. It seems to be also recommended in your case when there is deep packed inspection (DPI) active and you want privacy by default.
You can also go a completely different way if you are in the EU and tell the admins that they violate EU law. Take a look at the laws that was used to remove the zero-rating crap. By going this way, you would help all people in your university to keep their rights to have a fully free internet access.
What law is this?