Seems annoying, but any application can work around any firewall rules pretty trivially provided they can get at least one type of connection out to the internet. TCP, UDP, DNS... anything. Just need that one connection and it can be turned into a tunnel.

The private relay feature is worth being aware of, but it's irritating for users to deal with overzealous and clueless admins who think that locking down systems by disabling features like this can "increase security". It just ends up getting in the way of getting work done without any real benefit.

you comment "anything. Just need that one connection and it can be turned into a tunnel."

this interests me because a few years ago i was subjected to a government imposed firewall https://thewire.in/government/kashmir-internet-whitelisted-w...

and i tried my best to bypass this but i did not have the energy to fashion a touniquet of sorts. i did end up spinning up a free amazon vps because apparently "amazon website" was unblocked and that forced them to allow aws. i ended up simply using ssh -D to the ip of the vps. that worked for a while but it was not fun... the connection would drop frequently but otherwise it was a POC.

my point is, when we are talking about a hostile adversary like your government that is out to get you, regular "vpn" does not work, in my case, i tried every darn thing but until i came up with my thing, i could not get access to regular internet so for the next time, what can i do?

teakettle42

I’ve historically used IP over DNS tunneling to pull this off.

A major advantage of this approach is that it leverages a port and protocol that’s rarely blocked, and if 53 is blocked, you can generally still use the approved local dns servers for your data-carrying queries.

These days, it looks like there are at least a few well-known pieces of software to do this, e.g. https://github.com/yarrick/iodine