Jump to content
Not connected, Your IP: 18.116.85.108
AirVPN
DarkSpace-Harbinger

How effective is tls-crypt in bypassing ISP VPN blocks?

By DarkSpace-Harbinger, ... in General & Suggestions

Recommended Posts

zhang888    1066

zhang888
Posted ...

Depends on the use case and the ISP.

 

Works totally different, and looks very different in traffic monitoring devices and software.

One is high-entropy data (tls-crypt over UDP usually) while SSL looks and behaves like a regular connection to an HTTPS site, TCP on 443 with proper TLS handshake,

which is visible on monitoring devices (handshake part) but cannot be determined as a VPN connection based just on that.

 

Test both and see what works better for you. If both options are available, check which gives you better performance and stick to it.

iampd and itsmefloraluca reacted to this

Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post

Link to post

go558a83nk    362

go558a83nk
Posted ...

 

tls-crypt actually encrypts the entire tunnel using a TLS key, making it so that layer-7 DPI cannot identify an OpenVPN handshake or tunnel as such.

An SSL tunnel goes one step further than this and makes the OpenVPN tunnel "look like" a https-enabled website or service.

 

 

The hope is that tls-crypt UDP sessions can defeat firewalls yet give better performance than the TCP tunnel required with SSL.

 

But, I haven't seen anybody post about their experience in China with tls-crypt yet.

Share this post

Link to post

amires    10

amires
Posted ...

I live in a country which the government censors the internet. Recently they started blocking all kinds of VPN. None of the AirVPN's UDP/TCP/SSH/SSL protocols works anymore however tls-crypt is working perfectly.

Staff and go558a83nk reacted to this

Share this post

Link to post

DUONG NAM PHUONG    0

DUONG NAM PHUONG
Posted ...

Sorry for being late.
I have two VPN servers:
1. VPN server #1 (tls-crypt): I setup a VPN server on my Asus router with tls-crypt enabled.
2. VPN server #2 (no tls-crypt): This is a VPN server the company gave me for teleworking.
I can connect to those two from many places.
I want to check whether they can be connected from China. It was difficult for me to have an IP in China to test this. Luckily, Astrill VPN has one China IP. My PC connect to it and share a Wifi hotspot to a mobile device.
The "OpenVPN Connect" app on the device can establish a connection to #1, but not #2. I am not 100% certain that whether being no tls-crypt is the cause.
I think I would edit the #1 to "no tls-crypt" and try it again. If #1 cannot be connected after then tls-crypt would is crucial. However I don't dare to make the Great Firewall know the IP of #1 serves as a VPN server.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...