Using a VPN is always a good idea. It hides your identity, encrypts your traffic, bypasses Internet censorship, and grants you access to restricted content. Unfortunately, governments and online services have learned to detect and block VPN traffic.
As websites and network administrators tried to implement new and improved anti-VPN measures, VPN providers began to provide features to counter these blocks. One such feature is VPN obfuscation, also called traffic obfuscation, VPN cloaking, or stealthy VPN. But what do these terms really mean?
What is VPN obfuscation?
VPN obfuscation refers to the set of features that disguise VPN traffic as normal Internet traffic. This allows users to bypass VPN blocks and use a VPN even in a highly restrictive region like China.
To better understand the process, consider how information travels over the Internet. All data is broken into small chunks called packets as it travels from source to destination. These data packets contain the raw information as well as metadata about the type of protocol used to deliver the data.
As you encrypt your traffic with a VPN, websites and online services can see traces of the VPN and deny you access to the platforms. They do this by looking at encryption patterns and detecting unique VPN signatures.
With VPN obfuscation, all VPN metadata is stripped from the data packet, so VPN blockers and firewalls can’t tell you’re using a VPN and let the packets pass through as normal traffic.
VPN providers achieve obfuscation by using specialized obfuscating servers, proxies, and stealthy protocols that hide VPN usage. So how do they work and what benefits do they offer over regular VPN servers?
How does obfuscation work?
To understand obfuscation, it’s important to learn how a VPN works. When you use a VPN, your data is encrypted as it passes through a VPN tunnel. You also get a unique encryption pattern and distinctive VPN signature in the process. The data itself is safe, but firewalls and anti-VPN software can see a VPN in use and therefore deny access to websites and services.
VPN obfuscation removes all VPN-related data from data packets, so no one can tell it’s coming from a VPN. The purpose of an obfuscated server or stealthy VPN is to hide the nature of your traffic and make it look like normal internet traffic.
There are several ways that VPN providers use to achieve obfuscation.
Obfsproxy, or obfuscated proxy, is a subproject of Tor that was designed to bypass crashes in Tor Browser. It works by changing the nature of your Internet traffic to regular HTTP traffic and wrapping it in a protective layer. Although obfsproxy was initially developed for Tor Browser, some VPNs have adopted it for use with OpenVPN.
Also, Obfsproxy uses an unusual handshake (the first data packet when establishing a connection) that does not contain a recognizable byte pattern. While this protects your communication, the unnatural randomness can help ISPs and websites to identify and control proxy traffic.
2. OpenVPN Jumble
OpenVPN Scramble, also called XOR obfuscation, is an open source patch that disguises OpenVPN traffic. It takes advantage of additive XOR encryption that replaces the value of each bit in a data packet, making it meaningless for Deep Packet Inspection (DPI).
Although the OpenVPN Scramble method can achieve obfuscation, it is not foolproof. XOR encryption is quite simple and can be easily cracked by advanced VPN blocking algorithms. It might be good for users who live in a country with no internet restrictions, but it’s not particularly effective against more sophisticated firewalls.
3. OpenVPN over SSL
OpenVPN over SSL takes your OpenVPN traffic and protects it in a layer of SSL encryption. This means that the VPN encryption itself is encrypted, so even DPI cannot recognize it as VPN traffic.
This VPN obfuscation method is not suitable for the average user and is rarely used by VPN services. Both the VPN provider and the user have to configure open source software called stun on your servers and devices to hide VPN usage.
4. Shadow Socks
Shadowsocks is another open source obfuscation technique that allows VPN providers to bypass VPN blocks. It was developed by a Chinese programmer to bypass the Great Firewall of China, which is one of the largest censorship systems in the world.
Shadowsocks hides VPN traffic and makes it look like normal HTTPS traffic. VPN blockers usually don’t see a problem with HTTPS traffic and let it through. Unlike the other methods, Shadowsocks can be used with both OpenVPN and the relatively new WireGuard protocol.
Why do you need obfuscated servers?
Obfuscated servers are not suitable for all users. They can be slower than regular servers and are not easy to set up. However, there are cases where only obfuscated servers would help you access restricted content. Here are some reasons why you may need them.
- Bypass VPN blocks: Some countries like China, Iran, and North Korea restrict or ban the use of VPNs. If you live in those countries or plan to travel there, obfuscated servers might be your only chance to bypass VPN blocks.
- Preserve your privacy: Obfuscation is useful in cases where you need additional privacy. It adds an extra layer of protection to your data without the ISP or network administrators realizing that you are using a VPN.
- Avoid censorship: Some countries heavily restrict access to certain websites and services on the web. A normal VPN should be enough to bypass these blocks, but sometimes ISPs and network administrators go all out and ban VPN traffic entirely. Obfuscated servers hide the fact that you are using a VPN and allow you to access the content you want.
A VPN with obfuscated servers will allow you to bypass VPN blocks and access content that is blocked by your ISP, government, workplace, or school. However, not many VPN providers offer this feature. To enjoy the benefits of VPN obfuscation, be sure to choose a service that offers obfuscation as an additional feature.