Aussie Rockman

Thoughts on OpenVPN security? Running over SSL/TLS would be indistinguishable from regular HTTPS type traffic? As you may have guessed, for the purposes of circumventing censorship. 😁

Traffic flow would Not be similar to HTTPS. For instance, the golden shield project would catch you after a short while (hours).

@x_cli @aussierockman also I guess cipher suits and stuff like that could give sth. away.

@x_cli do you think it's a machine learning type algo? Or would it just be red flagging the traffic for manual review?

I have no data about it but I would guess that at a country scale, and with so much subtleties in the traffic flow, ML is the reasonnable approach

@aussierockman depends on the censor, but China GFW will definitely block TLS VPNs. Think like an adversary -- there are lots of telltale signs distinguishing a VPN session from a browser session. SNI, packet size patterns, duration of individual flows. GFW generally just blocks the destination IP when it figures its a VPN endpoint. They do active probes too, "does this look like openvpn".

Now of course there are censors that will just see TLS and let it thru, too. Depends on your adversary.

@aussierockman It is almost indistinguishable as far as I know. Would love to hear if there's firewalls or other network gear that is able to discern OpenVPN traffic from TLS.
Hide your OpenVPN server behind (actually in front of) your website on 443 using "port-share" option

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.