Menu
▾
▴
Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking
|
From: Илья Ш. <chi...@gm...> - 2016-12-31 18:36:25
|
Вт, 20 дек. 2016 г. в 5:13, Kevin Long <kev...@ha...>: > > > I was just browsing the Mastering OpenVPN book and a paragraph jumped out > at me which basically said that using OpenVPN on port 443 is a common way > people try to duck firewalls. Indeed, this is what I do. My clients are > all over the place, airports, hotels, different countries etc, and we do > seem to have better luck on port 443 tcp than 1194 tcp or udp. > > > > But the book states, as I have just learned just recently coincidentally, > that OpenVPN traffic (even running on TCP) does not really look like normal > browser TLS traffic. > > > > > > I saw in the release notes I believe, that the new tls-crypt feature helps > prevent metadata about auth certificates from being exposed, as well as > blocking deep-packet inspections of the traffic. > > > > Could anyone possibly elaborate on this? Will this in practice help do > mitigate OpenVPN blocking on port 443 in cases where normal TLS 443 traffic > is permitted? > > > > Also, could anyone elaborate on tis-crypt being “poor man’s quantum” > protection > > > > Thank you again, > > > > Kevin > > > > I think traffic obfuscation need more attention. OpenVPN becomes more and more popular, even http://openvpn.net is prohibited in several countries. we recently tried tls-crypt from China, it does not bypass great wall software. |
