Re: [Openvpn-users] Question about tls-crypt and port 443 firewall ducking

Sat, 31 Dec 2016 10:30:06 -0800 

Вт, 20 дек. 2016 г. в 5:13, Kevin Long <kevin.l...@haloprivacy.com>:

>
>
> I was just browsing the Mastering OpenVPN book and a paragraph jumped out
> at me which basically said that using OpenVPN on port 443 is a common way
> people try to duck firewalls.  Indeed, this is what I do.  My clients are
> all over the place, airports, hotels, different countries etc, and we do
> seem to have better luck on port 443 tcp than 1194 tcp or udp.
>
>
>
>
> But the book states, as I have just learned just recently coincidentally,
> that OpenVPN traffic (even running on TCP) does not really look like normal
> browser TLS traffic.
>
>
>
>
>
> I saw in the release notes I believe, that the new tls-crypt feature helps
> prevent metadata about auth certificates from being exposed, as well as
> blocking deep-packet inspections of the traffic.
>
>
>
> Could anyone possibly elaborate on this? Will this in practice help do
> mitigate OpenVPN blocking on port 443 in cases where normal TLS 443 traffic
> is permitted?
>
>
>
> Also, could anyone elaborate on tis-crypt being “poor man’s quantum”
> protection
>
>
>
> Thank you again,
>
>
>
> Kevin Long
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
> Developer Access Program for Intel Xeon Phi Processors
>
> Access to Intel Xeon Phi processor-based developer platforms.
>
> With one year of Intel Parallel Studio XE.
>
> Training and support from Colfax.
>
> Order your platform today.http://sdm.link/intel
>
> _______________________________________________
>
> Openvpn-users mailing list
>
> Openvpn-users@lists.sourceforge.net
>
> https://lists.sourceforge.net/lists/listinfo/openvpn-users
>
> accidently, we deployed openvpn first using DSA keys on udp/1194, later we
had to migrate to RSA and we deployed it on udp/1195
it turned out that 1195 has better chance bypassing censor firewalls

and it is cheaper than using obfsproxy. obsproxy is hard to maintain on
android, ios devices.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to