Few things, I don't have any knowledge on how UG is set and configured so the below is just guess work on the how's and why's...
Some entity(ies) are causing issues in the UG web page, user experience, etc and probably connecting through all known commercial VPN's. So the admin staff make an easy determination to block that entity(ies)
Using the 7 layer OSI model, (versus the TCP/IP model, with 4 layers) helps you understand more about monitoring traffic and what goes on in each layer, typically layer 3 & 7 are where VPN traffic category runs through.
Layer 3 blocks on routers will stop packets from being delivered except to addresses that they’ve allowed.
Layer 7 DNS blocks will cover most of the script kiddie shenanigans since it is an application-specific blocklist.
Some things about VPN's
Essentially a VPN creates an opaque tunnel to somewhere outside of your local network, then sends all of your internet communications through that tunnel
- IP blocklists: Basically the admin can block all traffic to IPs that are known VPN servers. This isn't very effective nowadays with dynamic IPs.
- Traffic analysis: that if all of your traffic goes through the VPN tunnel, that is a major red flag. Because usually your traffic is going to a bunch of different servers from different programs. The solution to this is something called split tunneling, where you only use the VPN for things that are specifically blocked (a specific website, for instance), and use the regular network for everything else.
- Active probing: Basically the network checks if suspicious IPs are actually VPNs by pretending to be a VPN client and attempting to connect to them. If the server responds like a VPN, the IP gets blocked.
- Allowlists: In this case the network is set up to block everything by default, and only lets through a few allowed protocols or connections to allowed IPs. So for example the network may only allow HTTPS connections to Wikipedia. This will be the hardest to defeat but is also impractical to implement because almost everything will be blocked for all users.
There are lots of tools for admins. Also most of these commercial VPNs have know addresses or ports. Easy to block. Every network manager monitors their traffic, if they don't your user experience will be severely impacted into a negative experience if they aren't.
If they want to block your VPN they are going to block your VPN. You may get around it for a few days, maybe weeks. They will see it, they will block it. This is not to be mean, just blunt: It’s their network, it’s their rules. Running your own may get you more time, if your really want to try and hide it, Use your VPN for sparingly (no torrents) for things you want to hide and turn it off for thing you don’t care if they see.
blocking people who are concealing their IP addresses for nefarious reasons.Spammers, for one. Hackers, for two, Malware writers, for three.
