[rsy96]

How is this different from a VPN over UDP, like OpenVPN or Cisco Anyconnect?

[fenesiistvan]

In some countries all VPN is blocked (so the ISP will simple block the stream if standard VPN headers are detected).

These kind of tunnels allows custom, obfuscated protocols.

[A010]

> It's useful to avoid Internet restrictions

It's used to bypass DPI where known VPN softwares are already filtered.

[eps]

How many providers have DPI filtering for select apps on unauthenticated connections? Exactly zero.

[A010]

I don't know. But where I'm working, I have to register my company's VPN traffic (DST IP addr) to pass their (state owned company) filter. Edit: Not in China.

[PinguTS]

Exactly, that was my first thought. I have an OpenVPN endpoint on different ports over UDP and TCP available.

My experience is, that UDP is also blocked like TCP. The only possible work around is then IP over DNS, which works but with very very limited bandwidth.

[noselasd]

On cellular networks, my experience is that everything on port 53 is hijacked and shipped off to a telco DNS server though.

[fenesiistvan]

> The only possible work around is then IP over DNS

What about tunnel over HTTP? That can be much better obfuscated. Tunnel over DNS can be easily filtered out by just checking for the traffic amount (for example to block VoIP the ISP should just degrade DNS if traffic amount is above a treshold for a user)

[callesgg]

It is easier to hack and make small changes i presume.