How Virtual Private Network can beat Deep Packet Inspection?
VPN or Virtual Private Network provides effective security by stopping malwares, spams and hackers from eavesdropping on the personal information of the user transmitted via public networks. This technology also allows to block and identify unlawful downloads and enables ISPs to give more importance to the type and content of the data transmitted. But there is another technology which allows governments and network managers to spy on the online activities and trace every move (like recording and reading personal emails or other digital communication) of the users. This technology is called DPI or Deep Packet Inspection. Governments use this technology to pry on the online activities of the citizens and also to control their internet access.
The House of Commons in Canada and US Congress have proposed bills in this regard. The bills make it compulsory for the ISPs to keep the information of their customers for 12 months and give it to law enforcement authorities whenever needed. The information consists of credit card numbers, IP address and other personal data of the user. The ISPs can trace all the sites that any user visits and follow his/her activities on those sites. If they want the ISPs can block the access of the user to particular sites. Now network providers can track all the information in packets delivered to and from customers’ computers without slowing down their network speeds. Some countries like Iran, China, and North Korea routinely employ Deep Packet Inspection for blocking internet content. They keep a check on their citizens.
VPNs use OpenVPN protocol for encrypting the users’ data. Based on OpenVPN technology we discuss some techniques by employing which we can beat Deep Packet Inspection:
Port Forwarding via TCP port 443
This is quite an easy technique which does not need implementation from server-side and can be easily achieved from client’s computer. OpenVPN generally makes use of TCP port 80. Therefore firewalls look out for port 80 or other ports that are used normally. On detection of any encrypted traffic which uses these ports, the traffic gets rejected immediately. Port 443 is generally employed by HTTPS for protecting https:// websites. Facebook, twitter, gmail, banks and other web services generally use this port.
OpenVPN utilizes SSL encryption like HTTPS and so it is really hard to keep an eye on port 443. Jamming port 443 can disrupt internet access. Therefore it is not considered a good option by web censors to lock this port. In conventional OpenVPN clients, forwarding of port is a common feature. Changing to port 443 is extremely easy. If the user wants to gain the benefits of OpenVPN clients, the VPN provider should be contacted.
OpenVPN through SSL/SSH tunnel
This technique employs a supplementary SSL/SSH or Secure Socket Layer/Secure Shell encryption. Deep Packet Inspection fails to breach this extra encryption layer and cannot detect OpenVPN encryption that is situated inside. Stunnel software is mainly used for making SSL tunnels and should be setup on server and client computers. SSH tunnels are mainly used in the UNIX systems to access shell accounts.