Thoughts on OpenVPN security? Running over SSL/TLS would be indistinguishable from regular HTTPS type traffic? As you may have guessed, for the purposes of circumventing censorship. 😁


@aussierockman depends on the censor, but China GFW will definitely block TLS VPNs. Think like an adversary -- there are lots of telltale signs distinguishing a VPN session from a browser session. SNI, packet size patterns, duration of individual flows. GFW generally just blocks the destination IP when it figures its a VPN endpoint. They do active probes too, "does this look like openvpn".

Now of course there are censors that will just see TLS and let it thru, too. Depends on your adversary.

Sign in to participate in the conversation

Generalistic Mastodon instance for open-minded people. Instance Mastodon généraliste pour personnes ouvertes d'esprit.