We have demonstrated that OpenVPN, even with widely applied obfuscation techniques, can be reliably detected and blocked at-scale by network-based adversaries. This was achieved through a two-phase system involving passive filtering and active probing to efficiently fingerprint OpenVPN flows. Our collaboration with a mid-size ISP validated that most vanilla and obfuscated OpenVPN traffic could be accurately identified, with negligible false positives—a promising indication that censoring adversaries could apply this approach without causing collateral damage.
Users worldwide rely on VPNs for security and privacy in increasingly restrictive internet environments, yet real-world tracking techniques reflect a growing concern. The availability of sophisticated DPI technologies has simplified the process for adversaries aiming to monitor and block widely-used VPN services like OpenVPN. The practical implementation of our fingerprinting methods underscores the urgent need for VPN providers to enhance their obfuscation techniques to effectively evade detection and ensure user privacy in the long term.
Collection
[
|
...
]