"More and more" is an understatement. In a large part of the world (China, Russia, North Korea, Turkiye...), internet is already locked down, and even in "free democratic" countries at least half of the networks in hotels, airports, corporate networks, Airbnb rentals, etc. are locked down and crippled.
This includes OpenVPN, since by it's current design, even tunneling SSL traffic over HTTPS port (443) can easily be intercepted by DPI firewalls. In such a situation, one can usually never know if OpenVPN will be allowed or not when you need it, or when the next day some admin will decide to block it. We're approaching a point where OpenVPN is quickly becoming pretty much useless and irrelevant. So this is no longer a nice-to-have, it's a must-have.
There is a simple solution: websockets. It's a RFC standard, universally supported, and it's layered on top of HTTP/HTTPS so it's indistinguishable from "plain web" traffic short of breaking SSL encryption. Libraries for websockets are universally available, and due to OpenVPN current design the implementation would be quite straightforward.
This includes OpenVPN, since by it's current design, even tunneling SSL traffic over HTTPS port (443) can easily be intercepted by DPI firewalls. In such a situation, one can usually never know if OpenVPN will be allowed or not when you need it, or when the next day some admin will decide to block it. We're approaching a point where OpenVPN is quickly becoming pretty much useless and irrelevant. So this is no longer a nice-to-have, it's a must-have.
There is a simple solution: websockets. It's a RFC standard, universally supported, and it's layered on top of HTTP/HTTPS so it's indistinguishable from "plain web" traffic short of breaking SSL encryption. Libraries for websockets are universally available, and due to OpenVPN current design the implementation would be quite straightforward.
Statistics: Posted by sybille — Wed Aug 14, 2024 5:31 am
