HIDE openvpn/shadowsocks from provider

How do you hide these type of connections from your provider? I have my AWS machine and get my ip block every 24-48 hours. I believe my internet provider somehow sees those connections.

With deep traffic packet inspection the sort of traffic can be discerned.
For OpenVPN you should use port 443 and if that is not sufficient scramble your OpenVPN traffic but that has to be setup on both sides.
See: https://github.com/egc112/OpenWRT-egc-add-on/tree/main/openvpn-scramble

1 Like

You need to use static PSK, then there are no identifiable packets in stream. Still worth having at least national intranet being browsed outside tunnel to simulate presence of human life.

Also if you consider your provider an adversary (you do)

I'm a deep newbie here. Don't quite understand. You mean shadowsocks can be discerned anyways? Doesn't matter how I configure it?

With OpenVPN Scramble you obfuscate the openvpn traffic useful if normal openvpn traffic is censored.
Shadowsocks is an alternative which also hides your traffic

The problem goes like this: I setup my aws machine using shadowsocks configuration, it works well but my aws ip gets blocked every 24 hours.

if I setup an openvpn server, it never connects

will it reduce speed? increase ping? any con\pro?

It clearly states that dco can't be used so definately lower speed. Higher ping seems to be expected as well.
Pros - should get you past most restrictive DPIs
Cons - other than lower speed and higher ping you need to build your own packages (or openwrt firmware) or find (and trust) one built by a 3rd party. Also you need to use unofficial clients for windows/android ( maybe self compile it)
Bottom line - not for newbies...

1 Like

@maurer said it all.
There are commercial providers supporting it and I know DDWRT has it already compiled it in.
But for OpenWRT you have to compile it yourself.

1 Like

openvpn psk should be detectable only by being lengthy stream of high entropy packets to 443/udp You can plainly reconnect every now and then (mind the leaks) and add some netemu perturbations to make it more like quic.