Mask Your VPN Traffic as HTTPS

Some ISPs are throttling, or even blocking, VPN traffic. This tutorial will show you the easiest (but not foolproof) way of getting around this by "masking" your VPN traffic so that it appears to be normal/common HTTPS traffic (SSL websites).

I state that it is not foolproof because: "SSL encryption used by OpenVPN is not exactly the same as 'standard' SSL, and advanced Deep Packet Inspection (of the type increasingly used in places such as China), can tell if encrypted traffic conforms to the ‘real’ SSL/HTP handshake. In such cases alternative methods of evading detection need to be found." - Source

This tutorial assumes that you are using OpenVPN and can be thought of as an extension to my previous openvpn installation tutorials.


    Edit your server.conf file at
    and change the port to 443 and the protocol to TCP.
    [ Before ]

    [ After ]

    Optional Firewall Step

    If you are running a firewall on your VPN server, don't forget to unblock port 443 as I did!

    UFW users

    sudo ufw allow 443

    iptables rule

    iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
    Restart your VPN service on the server.
    sudo service openvpn restart
    Find the corresponding client.conf file (you should have this on your local computer) and change the port to 443 and the protocol to TCP.
    [ Before ]

    [ After ]

    Now connect to your VPN using your new client conf.


No comments:

Post a Comment