If I use OpenVPN on port 443 (TCP or UDP), is it possible for my ISP with deep packet inspection to find out VPN usage?
If so, what is the alternative?
Asked
Active
Viewed 1,092 times
0
-
1what's the alternative to what? What do you want to accomplish? – schroeder Apr 26 '17 at 13:29
1 Answers
2
If your question is whether or not your ISP can tell that you're using OpenVPN rather than browsing an HTTPS website then the answer is yes. Even though both use the same port and TLS, the handshake process differs between HTTPS traffic and OpenVPN. This means that DPI is able to differentiate between an OpenVPN connection and that which is HTTPS.
Your options for circumventing this are either SOCKS proxies (preferred) or Tor (can be detected and blocked by some parties).
If your question is whether or not your ISP can decrypt your VPN connection once one has been established, then the answer is no. They cannot run DPI on an encrypted session without performing a MITM attack.
DKNUCKLES
- 9,237
- 2
- 37
- 47