Hacker News new | ask | show | jobs
by 77pt77 300 days ago
Which is ridiculous because OpenVPN is trivial to identify, even when over TCP since it's different from "regular" HTTPS/SSL traffic.

Why they chose this I have no idea.

You can even port share.

443 -> Web server for HTTPS traffic 443 -> OpenVPN for OpenVPN traffic

Still trivial to identify and not uncommon for even public WiFi to do so.

Since I changed to tailscale+headscale with my own derp server all these issues have disappeared (for now).
2 comments
moduspol 300 days ago
It’s basically the same as the UDP mode, except wrapped into TCP. Presumably because that’s simpler than redesigning it from the ground up for TCP.

So the handshake and such will not look like a normal TLS handshake.

link
ranger_danger 298 days ago
SoftEther works over "regular" TLS at least, you can even reverse-proxy it.
link