Several weeks… might just be worth it to take a walk and find another hotel. Then cancel the rest of your nights at hotel#1 and cite their internet blocking policy of VPNs for the reason for cancelling the remainder of your stay, as it prevents you and many other professionals from working.

I had the same situation, my hotel used fortinet and they blocked almost everything

Even VPNs that used to work in China were blocked

I used my phone 4g hotspot to initialize the tailscale connection, which was blocked, I chose my server as an exit point, then I switched back to the WiFi. Amazingly, once logged in to tailscale, it kept connected to my server.

Then for added safety I used my kasm install to stream a Firefox browser running on my server

I don’t really understand this, why would a hotel pay thousands and thousands of euro for a “Chinese internet experience” that is going to piss off every single customer

Contact support and tell them you need VPN access on the WiFi you are paying for.

Best bet is probably going to be using something like OpenVPN on port 443 in TCP mode, which basically looks like regular HTTPS. It’s a hotel, I doubt they’re going to be doing deep analysis to detect signs it’s OpenVPN. It’s detectable easily but they wouldn’t spend the money on that advanced of a firewall.

My guess is they went for an allowed list of ports rather than blocked, so it lets DNS (53), HTTP (80), HTTPS (443), probably also POP/IMAP/SMTP (110, 995, 143, 993, 465)

It’s a headache most of the time so you might consider purchasing a local SIM card for 4/5G connection instead (and share connection via mobile phone) in the future.

This advice is what it is, but I work in a school and Tailscale also seems to be (unintentionally) blocked. After a while I realized it was only the login server that was blocked. If I login using my phone data I can go back to the regular network and it works.

If all you want is ssh the easiest and cheapest way might be to hire a VPS, connect to it and connect to tailscale there. Just ensure you have very strict rules on ssh and you should be safe enough.

Exposing web services in this manner is also easy using Caddy, but be careful since the services would then be publicly available.

I mean, while they can block most things, to give people a usable experience they’re going to allow http and https traffic through, and they can’t really proxy https because of the TLS layer.

So for universal chance of success, running openvpn tcp over port 443 is the most likely to get past this level of bad. I guess they could block suspicious traffic in the session before TLS is established (in order to block certain domains). OpenVPN does support traversing a proxy, but it might only work if you specify it. If their network sets a proxy via DHCP, maybe you could see that and work around it.

I did have fun working around an ex gf’s university network many years ago to get a VPN running over it. They were very, very serious about blocking non-standard services. A similar “through” the proxy method was the last resort they didn’t seem to bother trying to stop.

I’ve had this issue many times as well. I’ve found changing the MTU would help since it seems some filter specific ranges. Doesn’t always work but I’ve had more success than failure doing so

Usually it can be solved by talking to hotel stuff. you are paying for that service and can expect it be suitable for any legal use.