|
|
|
|
|
|
by walrus01
2793 days ago
|
|
|
It isn't that they need to inspect the contents of the packets, tcp and udp flow analysis will reveal VPN traffic patterns even if the crypto is perfect. What I've seen reported is that people using openvpn see it work for a while, then increasing latency and packet loss, then eventually total lack of ability to move traffic between the two endpoint IPs. |
|
|
http://security.riit.tsinghua.edu.cn/share/classify_encrypte...
But if the government completely blocks out VPN uses in the country, lots of international business operating there will suffer and then they will complain, which is not something the government can ignore (at least not always)...VPN whitelist could be a solution, but I don't know how well that is implemented (if it has been implemented) -- not to mention keeping a perfect consistent whitelist at that scale would be difficult...in addition, there is always some false positive/negative in their flow pattern analysis -- those are statistical approaches after all...so there is some grey area here...
Anyway, back to that openvpn experiment I did with my friend, many websites were still accessible with my openvpn tunnel -- although Google was not among those sites -- this seems to imply that they were doing some package semantic analysis (i.e. deep packet inspection)...