[EDIT 1] most people, when they refer to "blocking cryptostorm" are referring to website admins blocking cs's exit ips. This is not my question. I'm talking about the admin who controls the network where I physically am--they are blocking me from connecting to cs. And if anyone can tell me the proper terms to differentiate this exit-ip-address-blocking-by-the-website-admin from entry-ip-address-blocking-by-the-isp-admin, I'd appreciate it.
What techniques does cs employ to empower their clients to use their vpn on networks that specifically target cs's servers in their blacklists?
I've been doing a lot of traveling through the US lately, and I've been surprised by the number of techniques that libraries have used to prevent users of their public access wifi from using openvpn. I've encountered malicious/censoring network middleware from companies such as Check Point Software Technologies LTD, Mcafee, Iboss, and Fortinet. Their techniques for censorship are varied and often surprisingly sophisticated.
But let's assume a simple approach: A network (for worst-case, let's say it's an authoritative State I cannot escape) has a firewall that maintains a blacklist of cryptostorm's servers. Any traffic destined for these servers's ip addresses is simply dropped before it reaches the Internet.
I'm assuming that this firewall's blacklist would be updated at some frequency. Does cryptostorm have entry ip addresses that are rotated frequently? Or do you have entry ip addresses that are published only through some side-channel, so that your clients can evade such a blacklist?
Or are there any other techniques that cs employs to empower their users to bypass attempted blocking of cs's servers?