I have a MacBook Pro High Sierra v10.13.6
At a coffee shop, I was trying to Google an answer to a question, but it seemed like most sites, including StackExchange. Browsers usually say "Server cannot be found". I presume this means that the IP is specifically blocked. At first i thought they were blocking HTTPS but Google is HTTPS so it's not that simple.
I realized I had seen this before. The shop's WiFi setup blocked VPN and L2TP as a work around. I can only write this because I turned off WiFi on my iPhone and am using it as a hotspot.
How do coffee shop ISPs do that?
Is there a workaround besides using up my cell service bandwidth? Can i solve the problem by forcing a different DNS? How can I get VPN?
Technically, this isn't an Apple question per se, but the question (IMO) is a good one because it "seems" like an Apple issue and (some of) the technology involved is actually included with macOS - pf firewall.
Network owners can "shape" traffic on their network. This can be:
In short, economic reasons. Bandwidth costs money and they want to ensure there's enough to serve the needs of all their customers.
VPN traffic (L2TP, IKEv2, PPTP, etc) is a bandwidth hog. It's very design keeps a tunnel state active to the endpoint you're connecting to meaning it's allocating bandwidth even if you're not using it. That's bandwidth that could have gone to another customer.
File transfers (like software updates, App store purchases, etc. and even streaming services) are notoriously bandwidth hungry. Could you imagine the network saturation with some folks watching Netflix and others downloading macOS Mojave beta?
Basic firewalls have the ability to block/drop traffic based on protocol, source and destination. For example, they can choose to block all traffic to port 22 (
ssh). They can also block websites, set their own DNS server (if they want to prevent access to adult sites for example) and even drop DNS requests (port 53) to everything outside their network to prevent circumventing their services.
More advanced firewalls can filter/prioritize/redirect/drop/block traffic based on application (i.e. Skype or Torrent). They can further shape the traffic by putting a higher priority on web browsing (port 80) and slowing down or even blocking SMTP/POP (port 25/110; not used as much anymore).
Is there a workaround besides using up my cell service bandwidth? Can I solve the problem by forcing a different DNS? How can i get VPN?
You can attempt all of these things. You can try to get a VPN Service (Tunnel Bear, NordVPN, etc), you can try manually setting your own DNS servers. However in the end, you are limited by one fact:
Their Network = Their Rules
The only sure way around this limitation is to use your own access point to the Internet like your iPhone (smartphone/tablet/hotspot).