We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

An Introduction to Hiding your OpenVPN Traffic

Guy Fawkes Anonymous Cybersecurity Experts

Internet restrictions have tightened around the world. Governments are more concerned about the use of OpenVPNs and are doing whatever it takes to outwit their restrictions. The Great Firewall of China is pretty effective at blocking VPN providers from inside and outside its borders.

Of course, it's impossible to see data being encrypted in VPN tunnels. Sophisticated firewalls make effective use of DPI (Deep Packet Inspection) techniques that are able to resolve any and all encryption techniques being used, including SSL encryption as well.

There are many solutions to the problem at hand but most of these require a technical know-how of server configurations. The purpose of this article is to introduce to the various options that are available at your disposal. If you are concerned about hiding your VPN signals and if Port 443 forwarding is lacking then you need to contact your VPN supplier to ensure they are willing enough implement any of the solutions mentioned below.

Forwarding Port through TCP port 443

Being one of the easiest ways, it can be taken care of without any difficulties whatsoever. You will not require server-side technical expertise which should work in almost all cases in order to forward your OpenVPN via port 443.

You need to keep in mind that OpenVPN by default uses TCP port 80. Normally, firewalls are responsible for supervising port 80 and reject encrypted traffic which tries to make use of them. In the case of HTTPS, port 443 is set as the primary port by default. The port is mostly used all over the web by giants like Twitter, Banks, Gmail and other web sources.

OpenVPN like HTTPS use SSL coding and are relatively difficult to identify with port 443. Blocking the port would strictly wipe out access to internet and as a result is not a practical option for web censors.

Forwarding the port is universally supported by almost any OpenVPN client thus making it incredibly simple for you to change port 443. In case your VPN provider does offer such a client then you should contact them immediately.

Regrettably, OpenVPN does not make use of standard SSL and considering the Deep Inspection techniques used in countries like China, it is easier to tell whether encrypted traffic is real. If this is the case, then unconventional means will need to be considered to avoid detection.

Obfsproxy

The server effectively encloses data in an obfuscation layer which makes it harder to identify whether an OpenVPN is being used. The strategy was recently adopted by Tor in order to tackle China and its measures to block access to public Tor networks. It is self-governing and can easily be encrypted by OpenVPN.

Obfsproxy needs to be installed on the client’s computer as well as the VPN server. That being said, it is not as secure in comparison to other tunneling methods neither does it enclose traffic in coding, but it does have a lower bandwidth overhead. This makes it an effective option for users in places like Syria or Ethiopia, wherever bandwidth is in grave supply. Obfsproxy is relatively easy to configure and set-up which is a plus.

SSL Tunneling for OpenVPN

A Secure Socket Layer (SSL) channel can individually be used as an effective substitute to OpenVPN. Many proxy servers use it to protect their connections. Additionally, it completely hides the use of OpenVPN. Since OpenVPN uses TLS or SSL encryption, it is completely different from the usual SSL channel and is easier to detect by complicated DPIs. To avoid this, it would be wise to hide OpenVPN data in an extra layer of coding as DPIs are not able to penetrate the outer layer of SSL channels.

Conclusion

It is evident that OpenVPN bears no visual distinction from typical SSL traffic when deep packet inspection is not applied. This effect is further strengthened if OpenVPN is directed through TCP port 443. Nevertheless, countries such as China and Iran are resolute in their efforts to regulate their citizens' internet access. Surprisingly, they have implemented highly advanced techniques to identify concealed traffic. This not only puts users at risk of repercussions but also underscores the importance of carefully considering the aforementioned factors.

We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 as an independent site reviewing VPN services and covering privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize the independent, professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

About the Author

Anonymous experts who write for vpnMentor but keep their identity secret.

Did you like this article? Rate it!
I hated it! I don't really like it It was ok Pretty good! Loved it!
out of 10 - Voted by users
Thank you for your feedback