top | item 14595285

(no title)

zsj | 8 years ago

I saw that they use OpenVPN protocol[1], then I stopped reading other things. Although the encrypted connections can not be decrypted, the OpenVPN protocol is easy to be detected and banned in some highly censored network.

I recommends the shadowsocks protocol[2] which I used in the censored network, which is hard to be detected and decrypted.

[1] https://protonvpn.com/secure-vpn

[2] https://github.com/shadowsocks

discuss

Tepix|8 years ago

Not everyone has to fear censorship, there's a market for people who "merely" want to evade tracking and mass surveillance.

CodesInChaos|8 years ago

At a glance shadowsocks doesn't look like a secure protocol to me, so even if you use shadowsocks to obfuscate the protocol, you still need to tunnel a secure encrypted protocol inside of shadowsocks.

I don't expect most VPN users to need protocol obfuscation, especially since the IPs of the VPN operator are probably well known. If you're serious about that, you either need your own server or take great effort to hide the entry points (like Tor bridges attempt to).

sr2|8 years ago

> the OpenVPN protocol is easy to be detected and banned in some highly censored network.

Tunnelbear are one of the few VPN providers that use a thing called obfsproxy to circumvent this kind of censorship. They call it 'Ghostbear'[0] but really it's just an obfsproxy bundling which uses the domain fronting technique.

[0] https://help.tunnelbear.com/customer/en/portal/articles/2435...

[1] https://en.wikipedia.org/wiki/Domain_fronting

pdcerb|8 years ago

You can use a ssl tunnel to avoid DPI detection by your censored network or ISP. It will obfuscate your openvpn tunnel with another ssl layer, although you'll take a performance hit.

Packages like STunnel/stunnel might help(available for both windows/linux).