If I use OpenVPN on port 443 (TCP or UDP), is it possible for my ISP with deep packet inspection to find out VPN usage?
If so, what is the alternative?
-
1what's the alternative to what? What do you want to accomplish?– schroeder ♦Commented Apr 26, 2017 at 13:29
Add a comment
|
1 Answer
If your question is whether or not your ISP can tell that you're using OpenVPN rather than browsing an HTTPS website then the answer is yes. Even though both use the same port and TLS, the handshake process differs between HTTPS traffic and OpenVPN. This means that DPI is able to differentiate between an OpenVPN connection and that which is HTTPS.
Your options for circumventing this are either SOCKS proxies (preferred) or Tor (can be detected and blocked by some parties).
If your question is whether or not your ISP can decrypt your VPN connection once one has been established, then the answer is no. They cannot run DPI on an encrypted session without performing a MITM attack.
answered Apr 26, 2017 at 14:43
