Disclosure:
Professional Reviews

vpnMentor contains reviews that are written by our community reviewers, and are based on the reviewers' independent and professional examination of the products/services.

• Ownership

vpnMentor is owned by Kape Technologies PLC, which owns the following products: CyberGhost, ZenMate, Private Internet Access, and Intego, which may be reviewed on this website.

• Affiliate Commissions

While vpnMentor may receive commissions when a purchase is made using our links, this has no influence on the reviews content or on the reviewed products/services. We provide direct links to purchase products that are part of affiliate programs.

• Reviews Guidelines

The reviews published on vpnMentor are written by experts that examine the products according to our strict reviewing standards. Such standards ensure that each review is based on the independent, professional and honest examination of the reviewer, and takes into account the technical capabilities and qualities of the product together with its commercial value for users, which may also affect the product's ranking on the website.

An Introduction to Hiding your OpenVPN Traffic

Internet restrictions have tightened around the world. Governments are more concerned about the use of OpenVPNs and are doing whatever it takes to outwit their restrictions. The Great Firewall of China is pretty effective at blocking VPN providers from inside and outside its borders.

Of course, it’s impossible to see data being encrypted in VPN tunnels. Sophisticated firewalls make effective use of DPI (Deep Packet Inspection) techniques that are able to resolve any and all encryption techniques being used, including SSL encryption as well.

There are many solutions to the problem at hand but most of these require a technical know-how of server configurations. The purpose of this article is to introduce to the various options that are available at your disposal. If you are concerned about hiding your VPN signals and if Port 443 forwarding is lacking then you need to contact your VPN supplier to ensure they are willing enough implement any of the solutions mentioned below.

Forwarding Port through TCP port 443

Being one of the easiest ways, it can be taken care of without any difficulties whatsoever. You will not require server-side technical expertise which should work in almost all cases in order to forward your OpenVPN via port 443.

You need to keep in mind that OpenVPN by default uses TCP port 80. Normally, firewalls are responsible for supervising port 80 and reject encrypted traffic which tries to make use of them. In the case of HTTPS, port 443 is set as the primary port by default. The port is mostly used all over the web by giants like Twitter, Banks, Gmail and other web sources.

OpenVPN like HTTPS use SSL coding and are relatively difficult to identify with port 443. Blocking the port would strictly wipe out access to internet and as a result is not a practical option for web censors.

Forwarding the port is universally supported by almost any OpenVPN client thus making it incredibly simple for you to change port 443. In case your VPN provider does offer such a client then you should contact them immediately.

Regrettably, OpenVPN does not make use of standard SSL and considering the Deep Inspection techniques used in countries like China, it is easier to tell whether encrypted traffic is real. If this is the case, then unconventional means will need to be considered to avoid detection.

Obfsproxy

The server effectively encloses data in an obfuscation layer which makes it harder to identify whether an OpenVPN is being used. The strategy was recently adopted by Tor in order to tackle China and its measures to block access to public Tor networks. It is self-governing and can easily be encrypted by OpenVPN.

Obfsproxy needs to be installed on the client’s computer as well as the VPN server. That being said, it is not as secure in comparison to other tunneling methods neither does it enclose traffic in coding, but it does have a lower bandwidth overhead. This makes it an effective option for users in places like Syria or Ethiopia, wherever bandwidth is in grave supply. Obfsproxy is relatively easy to configure and set-up which is a plus.

SSL Tunneling for OpenVPN

A Secure Socket Layer (SSL) channel can individually be used as an effective substitute to OpenVPN. Many proxy servers use it to protect their connections. Additionally, it completely hides the use of OpenVPN. Since OpenVPN uses TLS or SSL encryption, it is completely different from the usual SSL channel and is easier to detect by complicated DPIs. To avoid this, it would be wise to hide OpenVPN data in an extra layer of coding as DPIs are not able to penetrate the outer layer of SSL channels.

Conclusion

It goes without saying that OpenVPN looks no different from the usual SSL traffic without deep packet inspection. This is further reinforced if the OpenVPN is routed through TCP port 443. But then again, countries like China and Iran are adamant at controlling their local population’s access to the internet. Interestingly, they have some of the most technically impressive measures in place to detect hidden traffic. Not only can this get you in trouble but it is an even better reason why you should take the aforementioned factors into consideration.

About the Author

Anonymous experts who write for vpnMentor but keep their identity secret.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
Voted by Users
Thank you for your feedback
Comment Comment must be from 5 to 2500 characters long.