An open source developer has published a novel new approach to prevent network operators from analyzing traffic and prevent users from sending encrypted packets, such as through a VPN tunnel.
Many oppressive regimes around the world who censor the Internet also employ deep packet inspection (DPI) techniques to analyze the contents of a network packet in a bid to block the use of VPN to work around the ban.
However, Dmitry Kuptsov has come up with a solution that can help circumvent DPI from blocking VPN traffic. Kuptsov’s technique involves disguising the VPN traffic as traffic over a TLS or Transport Layer Security tunnel so that it appears as regular HTTPS traffic.
- Here’s our list of the best proxy service providers
- These are some of the best SSL certificate services
- Check our collection of the best business computers
VPN over HTTPS
Kuptsov argues that while there are multiple solutions for building VPN tunnels, including the use of the Secure Shell protocol (SSH), these can all be analyzed and blocked.
“By masquerading the VPN traffic with TLS or its older version - SSL, we can build a reliable and secure network. Packets, which are sent over such tunnels, can cross multiple domains, which have various (strict and not so strict) security policies.”
To put his plan into action, he has written an experimental tool in Python for Debian that allows users to create VPN tunnels using the TLS protocol. He’s also demonstrated the use of such a tunnel to pass network traffic from a small office/home office (SOHO) network.
Dubbed SOHO VPN over TLS, the project helps you deploy the VPN over TLS solution on your custom cloud server. Kuptsov believes that this arrangement will make it “extremely hard for security personnel to track your connections. Most importantly the traffic that you will be sending looks like normal HTTPS.”
- Subscribe to Linux Format magazine for more Linux and open source goodness
Via: Linux Journal
