How to obfuscate VPN usage from ISP in restricted countries?

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)
yaweburobe
Posts: 1
Joined: Tue Sep 25, 2018 4:12 pm

How to obfuscate VPN usage from ISP in restricted countries?

Post by yaweburobe » Tue Sep 25, 2018 4:15 pm

How to obfuscate VPN usage from ISP in restricted countries?

User avatar
parityboy
Site Admin
Posts: 1261
Joined: Wed Feb 05, 2014 3:47 am

Re: How to obfuscate VPN usage from ISP in restricted countries?

Post by parityboy » Thu Sep 27, 2018 5:13 am

@OP

If you're talking specifically about the Cryptostorm VPN service, using the ECC instances will help, since (if I have this correct) they encrypt the handshake between client and server, so it cannot be identified as being OpenVPN.

The non-ECC instances cannot do this and so they can be blocked using Deep Packet Inspection devices. Having said that, much of what Cryptostorm does is public and there are other ways to block connections...

User avatar
df
Site Admin
Posts: 427
Joined: Thu Jan 01, 1970 5:00 am

Re: How to obfuscate VPN usage from ISP in restricted countries?

Post by df » Wed Oct 31, 2018 12:59 pm

Yep, the ECC instances use OpenVPN's --tls-crypt option, which encrypts the TLS handshake and most of the initial OpenVPN handshake packets. But our list of server IPs is public, so it wouldn't be too difficult for someone to block all of those.
Most restrictive countries don't though, simply because they don't know about us.

Locked