this post was submitted on 10 Jul 2023
1 points (100.0% liked)

Infosec

23 readers
1 users here now

This magazine is dedicated to discussions on cybersecurity, network security, and information security. Whether you are an IT professional, a cybersecurity enthusiast, or simply concerned about online privacy and security, this is the place for you. Here you can share your knowledge, ask for advice, and discuss the latest news and trends in the world of cybersecurity. From encryption and malware to risk management and digital forensics, this category covers a wide range of topics related to information security. Join the conversation and let's work together to keep our online world safe and secure.

founded 2 years ago
1
Did signal start blocking VPNs? (kbin.social)
submitted 1 year ago by Unblended@kbin.social to c/infosec@kbin.social
2 comments fedilink hide all child comments
 

I've discovered that I can only successfully connect to signal's server with my VPN on my phone if I turn off the kill switch in the network manager.

To my knowledge this is new in the last few weeks. I've tried every protocol and exit servers in random countries but everything breaks with the kill switch.

This is very worrying. I sent a bug report but this feels like an intentional thing and I'm curious if others are finding that signal is trying to talk to the server via an unobscured IP address.

Extremely concerning about motives...

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Chokfi@kbin.social 1 points 1 year ago (1 children)

I use signal on the desktop with nordvpn constantly without issue. I also use both on my phone.

[โ€“] Unblended@kbin.social 1 points 1 year ago

Thanks for looking, and indeed signal still works fine on my desktop computers with the VPN running.

Really feels like their tech support was lying. I do just enough of this that the recommendation makes my eyes glaze over while sounding transparently wrong. Suddenly I need open UDP and TCP ports, but only on my phone (computer is fine) and only as of a few weeks ago (prior to that it was fine)? What?

Allow *.whispersystems.org, *.signal.org, updates.signal.org, TCP port 443, and UDP traffic. If you have a transparent or reverse proxy it needs to support WebSockets. Signal uses a non-standard TCP port to catch filtering issues at the signaling step and also utilizes a random UDP port. All UDP ports will need to be opened. The underlying IPs are constantly changing, so it'd be hard to define accurate firewall rules.

If the wildcard FQDN config is not working properly and you notice issues with calling, allow turn2.voip.signal.org, turn3.voip.signal.org and sfu.voip.signal.org. These are subject to change at anytime.