Wireguard working everywhere except at hotel

[Jherb]

Hello,
I have an ax86u on 3004_388.4_0 with wireguard server setup. I use a windows laptop and and Iphone with wireguard connection to the same router. Everywhere I have used them, the wireguard works fine. However, recently I was in a hotel and as soon as I turn on the wireguard, I lose internet. The same thing happens with my iphone and laptop. If I use the iphone on cellular with wireguard, it is fine. However, with wifi + wireguard, I lose internet fully. This has worked everywhere else I tried including other hotels.

I don't think this is a router issue, but can someone help me understand why the wireguard doesn't work with this particular hotel wifi, but works everywhere else I go. I don't know the inner workings of vpn to understand.

 

[RMerlin]

You'll have to ask that hotel. They might be blocking any traffic other than regular web/mail, for instance.

 

[Jherb]

Thanks. I'll see what they say.

 

[drinkingbird]

Thanks. I'll see what they say.

They won't know, the wifi was installed by some 3rd party years ago. My phone and laptop are set to use "auto" when I travel because every hotel is different as far as which protocol will get through. Some I can only succeed with SSL on port 443 as everything else is blocked.

 

[Jeffrey Young]

If the hotel is doing any DPI, that will mess up wireguard as well. I used to travel a lot for my job. I got to know which hotels and chains were up to no good.

 

[Vexed]

A lot of public hotspots block most if not all UDP traffic which is what Wireguard uses.

 

[Jherb]

Interesting. Is there any workaround for wireguard? I read that for openvpn you can try changing port to 443, etc But I didn't find anything for wireguard.

@drinkingbird : what does setting to "auto" mean? Is that done on the computer or router?

 

[drinkingbird]

Interesting. Is there any workaround for wireguard? I read that for openvpn you can try changing port to 443, etc But I didn't find anything for wireguard.

@drinkingbird : what does setting to "auto" mean? Is that done on the computer or router?

The VPN client, obviously every one is different but most I've seen pick the preferred first and fail through a list until one works.

Changing just the port and not protocol will only work if the remote end is listening for that protocol on port 443 and the hotel is using very crude measures, most likely you'll need to use an SSL VPN to get through their blocks.

 

[Vexed]

Interesting. Is there any workaround for wireguard?

Set the Wireguard listen port to 53. Clients send DNS queries via UDP on port 53 so if you share the same port numbers you get past low-skill filtering solutions.

 

[drinkingbird]

Set the Wireguard listen port to 53. Clients send DNS queries via UDP on port 53 so if you share the same port numbers you get past low-skill filtering solutions.

DNS fails to TCP when UDP is blocked (or when the response is more than 512 bytes) so they can block that UDP too. But regardless if you look at your DNS server it will be a local IP meaning they can block UDP to the internet and not impact DNS at all.

The wifi setups in hotels and stores are off the shelf solutions that have been heavily tuned so bypassing them is not as easy as just rudimentary port changes in most cases.

The only thing I've found that works in many hotels and hotspots is SSL. Though I was at one last week in NYC where IKEv2 got through fine.

 

[Jherb]

Thank you. I'm new to this, so pardon the basic questions.
How does SSL work in this case? What do I have to do on the router, and on the computer or phone?