Go to DBLP homepageVPN or Vpwn? How Afraid Should You be of VPN Traffic Identification?
Abstract: Several governments are gradually choosing to monitor VPN traffic. In this paper, we explore how hard or easy it would be for large ISP-scale adversaries to identify and block VPN traffic. More specifically, we try to answer questions like should ordinary netizens fear such decisions or whether it is not as trivial to identify and block all sorts of VPNs. A recent study found that blocking and identifying OpenVPN endpoints is feasible for small ISPs. We explored detecting Open-VPN and alternatives like TLS, SSH, IPSec/IKEv2, Wireguard, and proprietary VPNs. Analyzing seven popular commercial and open-source VPN services, we identified patterns for detection. While OpenVPN is easily spotted, many alternatives resist identification, some using tactics like obscure TLS ClientHello SNI strings. We demonstrated evasion methods, including altering packet sizes, sending dummy traffic to confuse middleboxes, and obscuring plaintext strings. We also proposed a scalable mechanism for OpenVPN services to hide identifiable plaintext without affecting user or gateway scalability.
External IDs:dblp:conf/tma/RajoreJGGPC25
Loading