Many oppressive regimes around the world who censor the Internet also employ deep packet inspection (DPI) techniques to analyze the contents of a network packet in a bid to block the use of VPN to work around the ban.
However, Dmitry Kuptsov has come up with a solution that can help circumvent DPI from blocking VPN traffic. Kuptsov’s technique involves disguising the VPN traffic as traffic over a TLS or Transport Layer Security tunnel so that it appears as regular HTTPS traffic.
VPN over HTTPS
Kuptsov argues that while there are multiple solutions for building VPN tunnels, including the use of the Secure Shell protocol (SSH), these can all be analyzed and blocked.
“By masquerading the VPN traffic with TLS or its older version – SSL, we can build a reliable and secure network. Packets, which are sent over such tunnels, can cross multiple domains, which have various (strict and not so strict) security policies.”
To put his plan into action, he has written an experimental tool in Python for Debian that allows users to create VPN tunnels using the TLS protocol. He’s also demonstrated the use of such a tunnel to pass network traffic from a small office/home office (SOHO) network.
Dubbed SOHO VPN over TLS, the project helps you deploy the VPN over TLS solution on your custom cloud server. Kuptsov believes that this arrangement will make it “extremely hard for security personnel to track your connections. Most importantly the traffic that you will be sending looks like normal HTTPS.”
Via: Linux Journal