May 18, 20263 min read

Turns Out Networking Class Was Worth It

TL;DR: College blocked GitHub. I'd just finished my CN semester, Azure had a free tier. Four hours later I was pushing code while my batchmates were drafting a protest email or buying VPN..

Firewall Didn't Know Who It Was Messing With

It was fine when they blocked the adult stuff. Expected, honestly. Torrents sure, whatever. But GitHub & ChatGPT? That's when it got personal.

One Random Morning, Everything Broke

Normal morning, mid-project, ran git push and got an error . Not a code error. Not a merge conflict. Just nothing fatal: unable to access. Couldn't even open github.com. Before I could figure out what was happening, my friend walked into my room with the exact same look I probably had on my face. We spent a solid few minutes just roasting our college admin the guy had no idea what GitHub even was, and had apparently decided it was a threat worth blocking. We'd literally just finished our Computer Networks semester. The timing was almost poetic.

Same Stuff, Different Icons

I'd been using AWS for a while EC2, VPC, security groups, the whole thing. Azure was sitting there with a student account I'd never touched and $100 in free credits collecting dust. Spun it up. Took me maybe ten minutes to stop second-guessing and just start — VNet is VPC, NSG is security groups, B1s VM is t2.micro. Different names, same mental model. Cloud is cloud.

The plan was straightforward: spin up a VM in Central India, run StrongSwan on it, set up an IKEv2/IPSec tunnel, and route all my traffic through it. IKEv2 is baked into Windows and Android natively no client to install, no binary to trust. The college firewall would see encrypted noise going to some Azure IP and have no idea what's inside.

It never just works on the first try does it ?

Ubuntu 24.04 doesn't have a strongswan CLI command. It's just pki and ipsec directly. Spent some time staring at "command not found" before I checked what actually got installed.

Then the classic sudo command > /etc/file doesn't work. The redirect runs as your user, not root. You pipe through sudo tee instead. Fifteen minutes I'll never get back, but okay, lesson learned.

The one that actually took time: every cloud VM sits behind NAT. Your process binds to the private IP, but clients know only the public IP. StrongSwan has two separate fields for this left is where it binds, leftid is what it tells clients its identity is. Every tutorial I found online glossed over this entirely, probably written assuming bare metal. Put the public IP in left= and you get "no IKE config found" an error that looks like a routing issue but is just a config mismatch.

left=10.0.0.4           # bind here (private IP on the interface)
leftid=135.235.174.47   # tell clients I'm this (public IP)

Two lines. Again fifteen minutes to figure out.

Windows' IKEv2 client is also weirdly picky about cipher suites if you don't specify ike= and esp= explicitly, you get "proposals unacceptable" with zero indication of why. Threw in aes128-sha256-modp2048 and it connected immediately. Classic.

Four hours after the block went up, I was pushing code. Latency was up maybe 40ms on paper. Genuinely didn't notice it.

While the protest WhatsApp thread was still going I was already back to work.

Deleted the VM after I graduated no reason to keep paying for a problem that didn’t exist anymore.

The IP's in the screenshots, doesn't matter anymore..
I get shit done i may bitch about it but chaos is solved by the end of it lmao.