China Cracks Down On International VPN Usage

An anonymous reader writes: China's government has announced a 14-month crackdown on the use of unauthorised Virtual Private Networks (VPNs), commonly used by visitors and native activists, amongst others, to communicate with the world beyond the Great Firewall of China. Sunday's announcement [Chinese] from the Ministry of Industry and Information Technology reiterated regulations first outlined in 2002, but which have since been subject to sparse, selective or lenient enforcement. The new announcement promises a 'clean up' regarding the VPN situation in China, beginning immediately and running until March of 2018.

Re:OpenVPN port tcp/443

[v1]

It's actually not all that difficult to spot vpn traffic. Run some DPI and just simply look at the size of the packets being exchanged. L2TP/IPSEC/etc will all have very regular size exchanges that virtually uniquely identify them. Doesn't matter how you encrypt or tunnel it if you don't change the payload sizes.

It's like saying "You can't block my bittorrent client if I just change my port!" Actually, yes we can. And we do. Quiet easily actually.

I haven't looked closely into TOR to see if it pads with random size data, (betting they DO) but that's what they need to do with vpn to seriously defend against traffic analysis.

Even with that, it's still not bulletproof, but it dramatically increases the work and false positives on the detection side of the fence.