They’re going to know it’s VPN fairly easily because it’s fairly obvious what you’re doing when all or most of your traffic is encrypted and is directed at one or two addresses. Even more obvious if those one or two addresses happen to belong to known VPN or VPS providers or something.
Comment on UK households could face VPN 'ban' after use skyrockets following Online Safety Bill
wrassleman76@lemmy.ca 3 weeks ago
I don’t think it’s even possible to get rid of VPNs. If I set up a VPN that uses an obscure port, and the traffic is encrypted, how are they going to know it’s even a VPN?
herrvogel@lemmy.world 3 weeks ago
Ironfist79@lemmy.world 3 weeks ago
Traffic patterns. There’s always ways to tell.
NateNate60@lemmy.world 3 weeks ago
Attached below is a Wireshark trace I obtained by sniffing my own network traffic.
Image
I want to draw your attention to this part in particular:
Image
Underneath “User Datagram Protocol”, you can see the words “OpenVPN Protocol”. So anyone who sniffs my traffic on the wire can see exactly the same thing that I can. While they can’t read the contents of the payload, they can tell that it’s OpenVPN traffic because the headers are not encrypted. So if a router wanted to block OpenVPN traffic, all they would have to do is drop this packet. It’s a similar story for Wireguard packets. An attacker can read the unencrypted headers and learn
wrassleman76@lemmy.ca 3 weeks ago
You’re using the default port though, are you not? If the source port were not 1194, a port associated with openvpn, would wireshark still identify this as openvpn traffic?
NateNate60@lemmy.world 3 weeks ago
Wireshark can’t but there are other methods, such as checking for the known OpenVPN protocol opcodes in the headers:
Image