[nickburns]

literal bytes. this is one of the primary methods modern IDS/IPS engines, like Snort and Suricata for example, use to fingerprint traffic types and otherwise indicators of compromise.

OpenVPN traffic, even encrypted, can look unique enough somewhere in the 'stream' (to borrow the IDS/IPS term) to be reliably idenitfied.

[lilsoso]

Thanks, I didn't know that. So if you have a VPN server at home and you bounce through it from a foreign location to a corporate job then perhaps the employer could identify the connection is a relay.

I'm talking about the part of the connection outgoing from the VPN, not the incoming traffic to the VPN, to be clear. I know for example that China can do deep packet inspection and that there are a number of projects to attempt to thwart this technique. But you seem to be saying that the part after the VPN can be identified?

[elwebmaster]

No, the article is about you connecting to your home from the corporate network over OpenVPN. The case you are describing, while possible, is highly unlikely to be detected unless you are using a public VPN. Most of the time your employer just cares to check a box saying employees are working from the US and has no incentive to go the extra mile to active traffic monitoring and deep packet inspection. Hell, some are so incompetent, a CTO once said employees can work offshore as long as they are using Remote Desktop to a VM in the US because then they are “telecommuting”, but they can’t connect over the corporate VPN.

[nickburns]

  I'm talking about the part of the connection outgoing from the VPN

your understanding is correct—that the 'segment' between VPN server and final destination/employer's public-facing infrastucture is no longer traversing a VPN tunnel and therefore could not be fingerprinted as VPN traffic.

if using a public VPN service provider, it would be identified, however (quite easily and at very low technical cost mind you), based on source address, as public VPN service provider netblocks are well-documented.

see, for example: https://github.com/X4BNet/lists_vpn (first search engine result for me querying "vpn ip list")