I always find it interesting how public Wi-Fi hotspots deny access in some form or another for some services. The free public Wi-Fi hotspot at an Avia gas station in France I recently encountered gets the prize for the most innovative blocking I have seen so far. Encrypted POP3 and SMTP are blocked so no e-mail. On top, SSL VPNs are blocked so also no privacy here. The blocking is actually quite intricate when taking a closer look:
As I can use port 443 for https, which works, I was wondering how they could let https go through while the VPN is blocked. With Wireshark, I could determine that the TCP sync packet gets a response from the VPN server, so these packets pass their filter, while all further packets are discarded. So it looks like they don't only filter on a port basis but in addition do some deep packet inspection to determine if a TCP session establishment over port 443 contains certain SSL header elements for HTTPS. Hm, time for a HTTPS emulation for my VPN then…