Bypassing ISP packet sniffing with OpenWrt

You are correct about the UDP; but not sure what you mean by "not encapsulating." SSH tunneled traffic is encapsulated (or should I say...encrypted).

So true; but as @T-Troll mentioned, not happening in his case. Nonetheless, this means you agree that they could throttle 443/tcp too? :grinning:

@RobertCC18, I would determine if the packets are TCP or UDP; if only TCP - a simple SSH tunnel will work, configured SOCKS style. Nonetheless, as @vgaetera said, full functioning setups can happen too.

No, in general it is not possible for the ISP to throttle (packet rate limiting) selectively the traffic (streams) inside the tunnel, only the traffic that establishes the encryption (tunnel) and that does not require many packets, respectively keep alive packets are also a low count.

But if the ISP gets the idea, monitoring the volume on the tunnel route, that the user is trying to circumvent throttling, they could decide to prevent access to the tunnel's remote end point.

Of course the ISP could also decide to drop the overall bandwidth available to the user but not selectively for certain streams that are inside the tunnel.


OK then.

From your provided description, SSH TCP tunneling does encapsulate, the overhead packet is SSH, the underlying data is a TCP packet.

Yes and no. UDP can't be passed used SOCKS proxy approach, but some ProxyCap solutions can do this as well.

Talking about heavy content like streaming video, i'm using p2p solutions like AceStream with random ports, so ISP is welcome to block it... as wll as all UDP traffic to my host (but my complain come immediately).

Can you use Cloudfare as your dns and use encrypted network connection for your traffic? Cloudfare do not log your traffic and there are tools to achieve this with openwrt.

Your problem is simple. They are doing "Traffic shaping" for services like netflix and amazon prime. VPN will hep you, but unfortunately netflix and others block ip from most vpn services and cheap VPS services like DigitalOcean.

You have to find VPN or VPS that's not blocked by netflix and others streaming services.

take a look at this project. https://github.com/ab77/netflix-proxy.

.

you can use openconnect / anyconnect vpn over tcp connection
dpi can't recognize this because anyconnect packets are look like common https connection

you can install openconnect by : opkg install openconnect
note : do not route all your traffic trough vpn tunnel , otherwise isp can figure out this is a vpn tunnel and limit or block your access to the tunnel end point
only netfilix or ... subnets and dns queries should route trough vpn