In case anybody is interested, with David’s huge help, I now have a VPN running over Vodafone contract 3G, using the SoftEther VPN. This is set up to use port 443 exclusively.
You need a server to set it up on, obviously.
So now I can do VOIP (cheap calls etc) when abroad, on any network including the most aggressively configured hotel wifi and 3G.
Vodafone do block VOIP, as of a few months ago, on contracts (not on PAYG, predictably 
) although the story is complex. On some corporate contracts they block VOIP unless the contract is £40/month or more, or unless you purchase a 2GB/month data add-on. On normal retail contracts they also block it but you can ask for the block to be removed (may have to haggle) and this config is nontrivial because they have to do it in two places in their system. But they also separately block FTP transfers, it appears (or they don’t work for some other reason). FTP works through this VPN, but only if it is Passive Mode. SFTP and RSYNC work fine.
You might say “ditch Vodafone” and sure apart from their Euro Traveller I would do, but the other providers are likely to move the same way sooner or later, and shaft all the £10/month contract customers from being able to fully use the monthly data allowances they are paying for!
How do they in practise “block VOIP”? Do they block ports or do they analyse the data streams to look for VOIP protocol traffic?
A few years ago, my mobile phone operator had a “limited” contract for data traffic where “file sharing” was not included. I called them and tried to figure out exactly what they meant — both from a practical and technical point of view? Could I upload a file to a server? Download? How exactly was the restriction implemented? Port blocking, protocol blocking, something else…? They flatly refused to answer….
I then called the Swedish Post- and Telecom Agency to complain that my operator refused to specify the exact terms of the contracts they were offering. The reply was that unfortunately the Swedish law at the time actually gave them that option (unbelievable) but that changes were underway due to EU harmonisation.
My suspicion was that there were actually no restrictions at all – it was just an attempt to scare people into paying more for the services.
I can confirm that as of this writing THREE (on a UK contract) do not block anything, neither in the UK nor abroad.
They flatly refused to answer
This has been much discussed and, yeah, nobody wants to talk.
But clearly a lot of going on behind the scenes. They are under pressure from the EU to reduce charges.
What I heard from one “insider” is that it is a combination of
What always seems to work is TCP/IP on port 80 (HTTP) and 443 (HTTPS) – obviously, otherwise the service would be useless to 99.9% of people. I have not seen or heard of any evidence that they monitor the packets if you stick to this.
Also the trend seems to be NO blocking on PAYG. Obviously they make money out of all data, so why should they?
So it looks like the right sort of VPN will always be a solution, but they will be banking on some 99% of people not being able to set one up.
OTOH, it is easy for a commercial operation to provide this, and sell a client app for IOS and Android.
And there are some… what is less clear if any of them are purely port 80 or purely port 443.
The funny thing is that Voda have managed to block Skype, which is a non-SIP (nonstandard) protocol running on what appears to be purely port 80! I guess they have so many contract customers with the Skype app on Iphones that they wrote special code to catch the packets. OTOH if Skype uses UDP (most VOIP uses UDP only for the voice) then they block it simply and easily by blocking big streams of UDP packets…
The cellullar companies have always been doing packet examination – see this ~10 year old article. They examine the data stream for jpegs, gifs etc, for compression purposes, and presumably nowadays for adult content filtering. So even back then they must have been comprehensively unpacking all the stuff e.g. unpacking www downloads and identifying and compressing and putting back in place image attachments.
Real anorak stuff 
The Big Q is whether it is easier to fly VFR to Lucca, or to set up a VPN?
I can confirm that as of this writing THREE (on a UK contract) do not block anything, neither in the UK nor abroad.
How can you be sure? What apps do you run?
Incidentally, “abroad” doesn’t appear to mean anything since when you are using mobile data abroad, the data goes via the cellular network all the way back to the SIM issuer’s country and it is only there that the packets are looked at and passed to/from the internet. It would be difficult to do billing etc otherwise.
How can you be sure? What apps do you run?
Because I use it, simples. I use it for Skype (VoIP) and various other messaging Apps. So far never had a problem.
I use Vonage over Vodafone 4G and it works fine. Never had it blocked. It is a retail contract.
I now have a VPN running over Vodafone contract 3G, using the SoftEther VPN. This is set up to use port 443 exclusively.
You need a server to set it up on, obviously.
Actually, you don’t even need a full-fledged server – a home router running Openwrt or Tomato would do. Some people managed to compile the recent versions for the MIPSel platform.
The only issue with running a VPN terminator at home, on ADSL, is that it is very slow, because of the ADSL uplink speed. I have been doing this for 10+ years and it is a solution for a lot of stuff but…
I use VyprVPN which has gateways in a lot of countries (sometimes you want to have an IP address in a particular country to access certain things). Works well everywhere with good speed.
In my new office, I only have LTE, didn’t bother to get DSL or anything. Latency is great (like ADSL) and I get between 20-150mbit/s, depending on the cell load. LTE is the first useable mobile internet technology in the history of mankind.
Yes – I found various commercial VPN terminators out there. But I already pay $20/month for hosting some websites so it was nice to make use of that. Plus I know it will always be there.
Way back, a huge chunk of the Brit expat community was on onspeed.com so they could watch BBC Iplayer That, in turn, brought that service down to an unusable state.
Because I use it, simples. I use it for Skype (VoIP) and various other messaging Apps. So far never had a problem.
I probably mis-emphasised the original post by mentioning specifically Vodafone, because IMHO this is a moving target and every cellular company that does cheap contracts (say under 20 quid a month) is going to be doing this, sooner or later. Voda just happens to be the most aggressive one right now, while having what is (for some people) the best package for short visits abroad, together with a reasonable connectivity both UK and roaming abroad.
