[vidarh]

Nothing stops you from passing a VPN through a TCP connection on port 80 and 443. There are few protocols people haven't tunnelled IP over (DNS included...)

[Retr0spectrum]

I often have to work behind "smoothwall". AFAIK, it only allows HTTP over port 80 and HTTPS on port 443 - any other protocol on any other port gets blocked, including other protocols over port 80/443.

To bypass this, I wrote a simple ruby script to tunnel TCP connections, while adding fake HTTP headers to get through the firewall.

[derefr]

With only a bit of extra state-machine glue, you'd have a clean and standards-compliant websocket-based VPN.

[voltagex_]

Can you share that script?

[thatcat]

obfsproxy with obfs3 as a pluggable transport does somthing similar, it's made for tor bridges but i'm sure you could use it for vpn traffic too.

https://www.torproject.org/projects/obfsproxy.html.en

https://gitweb.torproject.org/pluggable-transports/obfsproxy...

[joushou]

Actually, yes, packet inspecting firewalls do. Hence the SSH over TLS, to make things stealthy.