Thoughts on OpenVPN security? Running over SSL/TLS would be indistinguishable from regular HTTPS type traffic? As you may have guessed, for the purposes of circumventing censorship. 😁
Traffic flow would Not be similar to HTTPS. For instance, the golden shield project would catch you after a short while (hours).
@x_cli do you think it's a machine learning type algo? Or would it just be red flagging the traffic for manual review?
I have no data about it but I would guess that at a country scale, and with so much subtleties in the traffic flow, ML is the reasonnable approach
@aussierockman it's likely the best you can try…
@aussierockman try stunnel with openvpn.
Also check out the Streisand Effect project:
@aussierockman depends on the censor, but China GFW will definitely block TLS VPNs. Think like an adversary -- there are lots of telltale signs distinguishing a VPN session from a browser session. SNI, packet size patterns, duration of individual flows. GFW generally just blocks the destination IP when it figures its a VPN endpoint. They do active probes too, "does this look like openvpn".
Now of course there are censors that will just see TLS and let it thru, too. Depends on your adversary.
@aussierockman It is almost indistinguishable as far as I know. Would love to hear if there's firewalls or other network gear that is able to discern OpenVPN traffic from TLS.
Hide your OpenVPN server behind (actually in front of) your website on 443 using "port-share" option
A Mastodon instance for info/cyber security-minded people.