Вт, 20 дек. 2016 г. в 5:13, Kevin Long <kevin.l...@haloprivacy.com>:
>
>
> I was just browsing the Mastering OpenVPN book and a paragraph jumped out
> at me which basically said that using OpenVPN on port 443 is a common way
> people try to duck firewalls. Indeed, this is what I do. My clients are
> all over the place, airports, hotels, different countries etc, and we do
> seem to have better luck on port 443 tcp than 1194 tcp or udp.
>
>
>
> But the book states, as I have just learned just recently coincidentally,
> that OpenVPN traffic (even running on TCP) does not really look like normal
> browser TLS traffic.
>
>
>
>
>
> I saw in the release notes I believe, that the new tls-crypt feature helps
> prevent metadata about auth certificates from being exposed, as well as
> blocking deep-packet inspections of the traffic.
>
>
>
> Could anyone possibly elaborate on this? Will this in practice help do
> mitigate OpenVPN blocking on port 443 in cases where normal TLS 443 traffic
> is permitted?
>
>
>
> Also, could anyone elaborate on tis-crypt being “poor man’s quantum”
> protection
>
>
>
> Thank you again,
>
>
>
> Kevin
>
>
>
> I think traffic obfuscation need more attention. OpenVPN becomes more and
more popular, even http://openvpn.net is prohibited in several countries.
we recently tried tls-crypt from China, it does not bypass great wall
software.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
