The options available for Egyptians to access the internet freely and get around their government’s repressive online censorship regime has narrowed significantly in recent months. In August, the government took the first step towards trying to block VPNs, with Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) becoming unavailable. But OpenVPN (which is more popular than both PPTP and L2TP) remained usable. However, on 3rd October, Egyptian Internet users began to report problems with OpenVPN connections, and since then it has too been unavailable.
This is a real problem for Egyptian internet users, as they have come to rely on VPNs to access the web without restrictions. For reference, a conservative estimate of the number of websites blocked in Egypt stands at more than 400 (the actual number is likely to be far higher). Add in the government’s attacks on opposition political voices and dissenting voices in the media, and it is becoming harder and harder for Egyptians to get impartial news on anything. The ban on OpenVPN is yet another blow, but as you will see in this guide, it is not insurmountable, as it is still possible to bypass Egypt’s OpenVPN ban.
How is Egypt Blocking the OpenVPN Protocol?
The Egyptian regime is blocking the OpenVPN protocol in the same way that they blocked the PPTP and L2TP protocols earlier in the year: Deep Packet Inspection (DPI) technology. Using this technique, it is possible for them to identify when data has come through the OpenVPN (or PPTP or L2TP) protocols and so block it. It is a highly advanced and expensive technique which is not employed by many countries. It known to be one of the tools used by the Communist regime in China, and it is also employed in Iran. But it is something of a surprise to see it being deployed in Egypt.
With state censorship in most countries, we would now be able to go on and explain how to use a VPN to get around the blocks and access the internet as usual. But when DPI is being used, the situation becomes a lot more complicated, not least because almost all VPN sites are blocked in Egypt too. Nevertheless, there are a number of methods that can be used to bypass the OpenVPN in Egypt. And there are also a select few VPNs that are better equipped to use with these methods. Keep reading to find out how to bypass the block and which VPNs to use.
Recommended VPNs to Bypass Egypt’s OpenVPN Ban
Almost every VPN provider will claim to be able to bypass censorship, but in the case of Egypt where DPI is being used, most will fail to live up to expectations. In order to be effective when used along with the techniques we will outline below, Egyptian internet users need to choose a VPN provider which offers robust security as well as effective additional features to help fool the Egyptian authorities. Until recently, most Egyptians would use free VPNs, but these days they are simply not up to the task. Each of the four VPNs we recommend come with a small monthly fee, but for unrestricted internet access, it really is a small price to pay.
ExpressVPN makes a big deal of the fact that it offers optimised VPN technology for Chinese users. With Egyptians now facing similar challenges, this makes them an attractive provider to that market too. This provider features nigh-unbreakable 256-bit AES encryption, and also offers OpenVPN via an SSL tunnel (which, as you will read below, is instrumental in circumventing the OpenVPN ban in Egypt).
ExpressVPN is also one of the fastest VPNs on the market right now, and with DPI tending to slow connections down, this is a real advantage. ExpressVPN also operates its own private, encrypted DNS on every server, making all connections more secure and faster than many competitors. Their privacy provisions are top-notch too, and with more than 145 servers in 94 different countries available, ExpressVPN make a compelling case for being the VPN of choice for Egyptian Internet users.
Want to try out ExpressVPN for yourself? AddictiveTips readers get 3 extra months FREE when they sign up for the yearly plan, for a total monthly bill of just $6.67. If you’re not completely satisfied within the first 30 days, you get your money back guaranteed, making this a completely risk-free trial.
IPVanish offer one of the most secure VPN services on the market right now. Their AES 256-bit encryption is among the best in the business and they also offer a strong DNS leak protection and an automatic kill switch built into their main apps. This helps to ensure your location and IP Address will remain secure even under the toughest of scrutiny and shoddy connections.
IPVanish also offers over 850 servers in more than 60 different countries with a total of more than 40,000 shared IP addresses available, which helps to facilitate access to blocked websites. With one of the most helpful customer service teams available around the clock, they are a great bet for Egyptian internet users. All this comes at a very reasonable price made even better by an exclusive offer for AddictiveTips readers.
AddictiveTips readers get access to an exclusive deal: 60% off price of a yearly plan with IPVanish, for a low monthly price of only $4.87. With a 7-day money back guarantee, you can buy in confidence.
NordVPN offers its own Obfsproxy technology (see below), which seemingly works in a similar way to VyprVPN’s Chameleon. It certainly enables NordVPN to work in China and appears to be effective in Egypt too. They have a number of other unique security features as well including double encryption for additional security and a VPN over TOR option, which allows users to combine the security benefits of both.
NordVPN have a total of 1114 Servers in 61 Countries and also offer a responsive customer support service. For the price-conscious user, they are one of the most affordable providers we would recommend for Egyptian users.
READER DISCOUNT: Try NordVPN today with a massive 72% discount on the two-year plan, knocking the price down to a mere $3.29 per month. Trial the service risk free with a 30-day money back guarantee.
VyprVPN places a great deal of emphasis on their security provisions, and there are a few special features that will make them stand out to an Egyptian audience. As well as excellent standard encryption and privacy settings, VyprVPN has more than 700 servers in 70 countries worldwide. The best part is that they directly own all of them, which means no third party will ever have access to VyprVPN user data.
They also offer their unique and powerful Chameleon technology. This has been specifically formulated for users in China, and is designed to prevent DPI techniques by encrypting the metadata of your data packets as well as the packets themselves. It is possible that this alone could be sufficient for an internet user in Egypt to get around the OpenVPN block, but we have heard conflicting reports so far about this. But certainly, when deployed alongside the techniques detailed below, it makes VyprVPN an attractive proposition.
FREE 3 DAY TRIAL: Get 50% off your first month when you sign up with VyprVPN. You can get started today with a FREE 3-day trial.
Methods of Bypassing Egypt’s OpenVPN Ban
It is possible that some of the specialist technology deployed by the VPNs recommended above may enable users in Egypt to get around the OpenVPN ban without having to resort to additional measures. But feedback on all of them has been mixed and certainly, none can offer 100% guarantee. However, there are a few additional measures that you can take which should help you achieve more consistent results.
There are a couple of points to note before we go into the details. Firstly, not all of these tactics will work all of the time for everyone. If you try one method and it isn’t effective, try one of the others. All of them can work, and the likelihood is that at least one will work for you.
While some of these methods may seem rather technical, our easy-to-follow step-by-step guide will help you bypass the OpenVPN block with confidence.
SSL Tunnelling (also sometimes referred to as “stunneling”) is a technique that reroutes VPN connections through a tunnel which is protected by SSL encryption (the protocol employed by most HTTPS sites). Because SSL is so common these days, it is almost impossible for DPI detection techniques to tell regular SSL encrypted content apart from OpenVPN content which is inside an SSL tunnel. As a result, OpenVPN connections should function as normal unless the Egyptian regime decides to block all SSL websites too.
Of the VPNs recommended for Egyptian internet users, only ExpressVPN offers SSL Tunnelling directly through its app. To use ExpressVPN with SSL Tunnelling you will need to follow this step-by-step guide:
- Sign up for ExpressVPN. If the regular ExpressVPN website does not work, this alternate URL should still be working in Egypt.
- Download the correct ExpressVPN app for your device and then open it and sign in.
- Select Options from the main menu.
- Click on the Protocols tab and then select Choose Protocol Automatically.
- Click OK to save your changes and then exit.
- ExpressVPN should now direct all your traffic through an SSL tunnelled OpenVPN connection which should successfully get around the OpenVPN block.
For the other VPNs, you will need to make an SSL tunnel manually using the Stunnel software. This will need to be configured on your computer as well as on the VPN app itself. The Stunnel link above should explain how to do this on your computer, while the best way to set it up on your VPN is to contact customer support and ask their advice.
OpenVPN Over TCP Port 443
Another way of hiding your OpenVPN connection from the prying eyes of Egypt’s DPI is to use Transmission Control Protocol (TCP) port 443, which is the port used by HTTPS. TCP port 433 is unlikely to be blocked, even in Egypt, as this is the port which is relied on by online banking, online retail, and any website which uses the HTTPS protocol. If it was blocked, all of these sites and more would grind to a halt.
The Egyptian censorship is not currently blocking ports, but by using port 443, OpenVPN connections are routed inside the TLS encryption used by HTTPS. This makes the task of picking them out and identifying them extremely difficult, even for the most advanced DPI technology. Egypt has apparently blocked both OpenVPN User Datagram Protocol (UDP) and OpenVPN TCP. But it is still unclear if this also applies to TCP port 443. There are a few different methods you can try to test if it works for you:
- Routing OpenVPN over TCP port 443 is a common anti-censorship feature and one offered by most VPN providers. Take a look at your settings or else contact customer support to find out how to switch to this.
- Even if you cannot make this method work, many VPNs support TCP port 443. Therefore, it is possible to switch to it by editing to your OpenVPN configuration (.ovpn) file. We recommend this option only for advanced users.
- Alternatively, you can also try switching to the Secure Socket Tunneling Protocol (SSTP) instead. This uses TCP port 443 by default so should also still be working in Egypt.
Obfsproxy is a method of making OpenVPN traffic undetectable to DPI inspection by hiding it behind an obfuscation layer. It is a common approach used by VPNs keen to access markets like China where DPI inspection is regularly used. And the reason it is used fairly widely is that it is quite effective.
Of the VPNs we have recommended above, NordVPN alone offers an Obfsproxy service. VyprVPN also has its Chameleon technology which is believed to work in a similar way. Obfsproxy is less secure than the two methods suggested above because it doesn’t wrap the OpenVPN data in another layer of encryption, but it does seem to work in most instances. The best way to deploy Obfsproxy technology is to use a VPN which offers it as standard and then approach them to ask how best to set it up for your device.
These three methods should all prove to be effective at bypassing the OpenVPN ban in Egypt. Unfortunately though, there are never any guarantees. If you are unlucky enough to not be able to get any of these three techniques working, there are a few additional options you could try:
- Shadowsocks – Shadowsocks is an open-source proxy application which was designed to allow Chinese internet users to bypass the Great Firewall. It was created by a Chinese developer and essentially functions like a Socket Secure (SOCKS5) proxy. It is available for most devices and is reported to still work in Egypt despite the OpenVPN ban.
- Surge – Surge is an app specifically for iOS devices which functions along the same line as Shadowsocks and also reportedly still works in Egypt.
- Psiphon – Psiphon is a tool which combines VPN, SSH, and obfuscation technologies. It allows you to switch between the three as needs demand. The tool itself is still working in Egypt, but the website is believed to have been blocked. If you cannot access the site directly, you can also email them at firstname.lastname@example.org and they will be happy to send you the software by reply.
- Lahana – Lahana is an improved version of TOR which has been created to get around the online censorship regime in Turkey. Unlike TOR, with Lahana it is easy to set up new nodes, which means not only does it still work well in Turkey, but there is no reason why it won’t in Egypt too.
If you are in Egypt and affected by the OpenVPN ban, do drop us a line in the comment section of this page and tell us which of these methods and VPN providers worked best for you. Also, if you have found any other methods of getting round the OpenVPN ban, we would be very interested to hear from you too.