Jump to content
Not connected, Your IP: 3.226.97.214
wbbxx

"Make it impossible to identify the type of traffic or protocol you are using, even for your ISP."

Recommended Posts

On the front page of airvpn.org it reads "Make it impossible to identify the type of traffic or protocol you are using, even for your ISP." My questions:

 

1. Is the AirVPN client configured by default to obfuscate the type of traffic or is there a setting somewhere that I have to enable to use this feature? In other words, if I want to hide the pattern of torrent traffic from my ISP, is all I need to do to open the client, click connect and I'm good to go, or do I have to configure something?

 

2. I want to obfuscate the type of traffic but at the same time I want to blend into the crowd. So if the answer to the first question is that I need to configure something manually, will obfuscating my traffic be something that make me stand out? I don't know exactly how the traffic obfuscation works so that's why I ask. For example if there are 100 users on a server and 99 keep the default settings but the 100th tries to hide the type of traffic/protocol they are using, are the easier to identify/correlate?

 

Thanks.

Share this post


Link to post

1. Is the AirVPN client configured by default to obfuscate the type of traffic or is there a setting somewhere that I have to enable to use this feature? In other words, if I want to hide the pattern of torrent traffic from my ISP, is all I need to do to open the client, click connect and I'm good to go, or do I have to configure something?

 

AirVPN uses an AES-encrypted data channel. Whatever you do with OpenVPN enabled it's encrypted inside this tunnel. One can analyze this stream of data and detect OpenVPN, but detecting something inside it is very difficult if not impossible.

 

I want to obfuscate the type of traffic

 

What type of traffic? OpenVPN or BitTorrent inside OpenVPN? BitTorrent clients offer protocol encryption, it's an additional obfuscation option. But as OpenVPN will be visible to the dark depths of the net it's probably not mandatory.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Hello !

​Welcome to AirVPN . You can use SSL on TCP port 443, under the Protocols tab if you want to hide the OpenVPN protocol, which signals that a VPN is in use ^^. But as giga said, then the encryption already hides what you're doing; just not that it's VPN traffic. Air also fully allows P2P and turns down DMCA notices as well, in case you're in doubt . The scenario of one standing out, is the case with PGP encryption I believe. You can also look into using AirVPN with Tor, to hide your general web browsing even more; just don't torrent while using Tor.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

I'm using port 443 over SSL but I can still be identifies as using OpenVPN, according to browserleaks, or have I misunderstood (probably)? By the way, Air has been disconnecting for me all day about every 5-15 mins. Am I alone? In which case, yet another problem for me to solve!

TCP/IP stack OS Fingerprinting   Passive, SYN Windows 7 or 8 | Language: Unknown | Link: OpenVPN TCP bs128 SHA1 lzo | MTU: 1390 | Distance: 12 Hops

Share this post


Link to post

 

I'm using port 443 over SSL but I can still be identifies as using OpenVPN, according to browserleaks, or have I misunderstood (probably)? By the way, Air has been disconnecting for me all day about every 5-15 mins. Am I alone? In which case, yet another problem for me to solve!

TCP/IP stack OS Fingerprinting   Passive, SYN Windows 7 or 8 | Language: Unknown | Link: OpenVPN TCP bs128 SHA1 lzo | MTU: 1390 | Distance: 12 Hops

That may be related to mssfix or something. I'm not sure.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.


Tired of Windows? Why Linux Is Better.

Share this post


Link to post

 

I'm using port 443 over SSL but I can still be identifies as using OpenVPN, according to browserleaks, or have I misunderstood (probably)? By the way, Air has been disconnecting for me all day about every 5-15 mins. Am I alone? In which case, yet another problem for me to solve!

TCP/IP stack OS Fingerprinting   Passive, SYN Windows 7 or 8 | Language: Unknown | Link: OpenVPN TCP bs128 SHA1 lzo | MTU: 1390 | Distance: 12 Hops

 

they are not using deep packet inspection but just guessing based on your MTU.

 

an ISP could do the same but may also use DPI.  The SSL tunnel would at least prevent a DPI scan from explicitly seeing openvpn traffic.

Share this post


Link to post

hi,

 

i am also having trouble getting to the bottom of this.

 

browserleaks is not guessing the openvpn from the MTU value. I am also using SSL on TCP port 443. I have adjusted the mtu value with mssfix in the config file and can confirm that whatever value i give the mtu it is still found to be openvpn.

 

so with mssfix set to '0' i expected that the 'link' would show as ethernet or PPPoe but no, it's still showing as openvpn.

 

anyone have any ideas how to circumvent this? i've been looking for an answer for 2 months but cannot find!

 

jaimito

Share this post


Link to post

Hello,

 

with "OpenVPN over SSL" we have managed to cause WITCH to fail with "mssfix 1275" and lower values. Don't ask us why (we know, it doesn't make much sense in a TCP connection), it was just a quick test out of curiosity, maybe in the future we perform more research.

 

Kind regards

Share this post


Link to post

Hello,

 

with "OpenVPN over SSL" we have managed to cause WITCH to fail with "mssfix 1275" and lower values. Don't ask us why (we know, it doesn't make much sense in a TCP connection), it was just a quick test out of curiosity, maybe in the future we perform more research.

 

Kind regards

 

Just for thought, I use another VPN provider where when I use "mssfix 0" in the config WITCH reports an MTU of 1500, no openvpn detected.  This VPN provider are doing something on their end.  When an ovpn config is downloaded from them the user is given the choice of selecting the MTU for that config with one choice being "make it look like your ISP" which means they put "missfix 0" into the config.

Share this post


Link to post

Why exactly is my MTU reported as 1392 if OpenVPN's default is supposed to be 1500?


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...