This could be a novel way to bypass deep packet inspection for VPN traffic

vpn
(Image credit: Pixabay © Danny144 (CC0 Public Domain))

An open source developer has published a novel new approach to prevent network operators from analyzing traffic and prevent users from sending encrypted packets, such as through a VPN tunnel.

Many oppressive regimes around the world who censor the Internet also employ deep packet inspection (DPI) techniques to analyze the contents of a network packet in a bid to block the use of VPN to work around the ban. 

However, Dmitry Kuptsov has come up with a solution that can help circumvent DPI from blocking VPN traffic. Kuptsov’s technique involves disguising the VPN traffic as traffic over a TLS or Transport Layer Security tunnel so that it appears as regular HTTPS traffic.

VPN over HTTPS

Kuptsov argues that while there are multiple solutions for building VPN tunnels, including the use of the Secure Shell protocol (SSH), these can all be analyzed and blocked. 

“By masquerading the VPN traffic with TLS or its older version - SSL, we can build a reliable and secure network. Packets, which are sent over such tunnels, can cross multiple domains, which have various (strict and not so strict) security policies.”

To put his plan into action, he has written an experimental tool in Python for Debian that allows users to create VPN tunnels using the TLS protocol. He’s also demonstrated the use of such a tunnel to pass network traffic from a small office/home office (SOHO) network.

Dubbed SOHO VPN over TLS, the project helps you deploy the VPN over TLS solution on your custom cloud server. Kuptsov believes that this arrangement will make it “extremely hard for security personnel to track your connections. Most importantly the traffic that you will be sending looks like normal HTTPS.”

Via: Linux Journal

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.