An open source developer has released an innovative new approach to prevent network operators from scanning traffic and prevent users from sending encrypted packets, for example, through a VPN tunnel. Many oppressive regimes around the world that censor the Internet also use Deep Packet Inspection (DPI) techniques to analyze the content of a network packet in order to block VPN use to circumvent the ban. However, Dmitry Kuptsov has come up with a solution that can help prevent DPI from blocking VPN traffic. Kuptsov's technique involves disguising VPN traffic as TLS or Transport Layer Security tunneling traffic so that it appears as normal HTTPS traffic.
VPN over HTTPS
Kuptsov argues that while there are several solutions for building VPN tunnels, including using Secure Shell (SSH), they can all be scanned and blocked. “By masking VPN traffic with TLS or its older version, SSL, we can build a reliable and secure network. Packets, which are sent through these tunnels, can traverse various domains, which have various security policies (strict and not so strict). "To put his plan into action, he wrote an experimental tool in Python for Debian that allows users to create VPN tunnels using the TLS protocol. He also demonstrated the use of such a tunnel to pass network traffic from an office network small/home office (SOHO). Dubbed SOHO VPN over TLS, the project helps you implement the VPN over TLS solution on your custom cloud server. Kuptsov believes this arrangement will make it "extremely difficult for security personnel to trace your connections." More importantly, the traffic you will send looks like normal HTTPS. " Via: Linux Journal