Jump to content
Not connected, Your IP: 3.145.78.155
AirVPN
Sign in to follow this  
Followers 0
finickybulgarian789563

Deep Packet inspection how to prevent it, and is it possible , help

By finickybulgarian789563, ... in General & Suggestions

Recommended Posts

finickybulgarian789563    0

finickybulgarian789563
Posted ...

so ive been researching some and heard about deep packet inspection  , since ive been using airvpn the last couple of months per upd 443 direct connect ovpn generated config , what can i do to mask my vpn connection so it blends in aka being undetectable per deep packet inspection , sure the content is encrypted but i dont like the thought of deep packet inspection

Share this post

Link to post

Staff    9782

Staff
Posted ...

Hello,

 

OpenVPN packets have a typical fingerprint (basically due to additional information on the packets headers for error correction) which make OpenVPN protocol different from pure SSL/TLS. Usage of OpenVPN is perfectly normal and widespread, therefore it's not a reason of concern unless your ISP decides to cap or disrupt OpenVPN connections (as it happens in China). In this case, you can use OpenVPN over SSL/SSH to encapsulate OpenVPN packets inside SSL or SSH tunnel (you can find the instructions by clicking "Enter" from the upper menu of our web site). In case your ISP does not perform this discrimination, you should connect directly with OpenVPN for better performance.

 

Kind regards

Share this post

Link to post

finickybulgarian789563    0

finickybulgarian789563
Posted ...

how much of a performance loss are we speaking of and id recon it being an extra layer of security against deep packet inspection using ssl/ssh tunneling even if your isp doesnt take part in such discrimination , wich for all we know all isps could be doing no matter where you are mind you

Share this post

Link to post

Staff    9782

Staff
Posted ...

how much of a performance loss are we speaking of and id recon it being an extra layer of security against deep packet inspection using ssl/ssh tunneling even if your isp doesnt take part in such discrimination , wich for all we know all isps could be doing no matter where you are mind you

 

Hello,

 

it's difficult to provide definite numbers about performance hit. Consider roughly at least a 10-15% loss due to double overhead (OpenVPN will have to run in TCP mode instead of UDP, and there's the additional overhead by SSL/SSH).

 

It's not a matter of security. The additional encryption layer (RC4-128) is not significant compared to OpenVPN data channel encryption (AES-256-CBC), its only purpose is to encapsulate and encrypt the OpenVPN "fingeprint" so that your ISP can't see that you're running OpenVPN (we repeat: useful only when your ISP discriminate against OpenVPN).

 

DPI is anyway defeated even with OpenVPN alone: it's not that through DPI your ISP can see your real packets headers and payload. If your ISP does not disrupt or dramatically cap OpenVPN we strongly recommend that OpenVPN is NOT tunneled over SSL or SSH.

 

Kind regards

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...