I don’t know why some moron downvoted you, but the answer is maybe. For reference, I have always bypassed SSH firewall blocking by sneaking SSH packets within https.
The only way this won’t be possible is if the government enforces installing a certificate to use the internet, so that they can do a man-in-the-middle-attack. I heard this is already being done in Afghanistan.
I remember, back in the late 1990s, if I have the time right, when RealPlayer phoned home to check for updates, and there was enormous uproar over the privacy implications.
Hmm. I guess most encrypted protocols aside from SSH use X.509 certs, so they wouldn’t make for great wrapper protocols, can be man-in-the-middle attacked. So if they’re willing to block SSH and MITM the others, I guess that puts them in a decent place, at least insofar as encrypted connections.
Another option, if one controls both ends and can set things up, is steganography.
One could use non-encrypted data, but where it’s difficult or expensive to pick out the data being used to transfer the hidden data in all the rest.
Like, say I have an enencrypted audio stream, 16-bit samples. In the low-order bit of each sample, I can tuck data. Maybe statistical analysis could pick it up, but that’s probably not going to be trivial, and maybe you could MITM and degrade everyone’s audio, but that’s gonna be disruptive.
I mean, probably every online video game can act as a channel for that.
Just need a convenient way to roll out new steganography channels.
The challenge is that hiding data in other data means that there’s gonna be overhead, because you gotta also send the other data. So it’s probably not bandwidth-efficient, and may impact performance.
Is it possible to bypass this block? Say, embedding VPN packets within a different protocol?
I don’t know why some moron downvoted you, but the answer is maybe. For reference, I have always bypassed SSH firewall blocking by sneaking SSH packets within https.
The only way this won’t be possible is if the government enforces installing a certificate to use the internet, so that they can do a man-in-the-middle-attack. I heard this is already being done in Afghanistan.
So sad. More and more we are seeing a world were the powers that be can do anything they want but if you do it it’s (rightfully) malware and illegal.
The vast majority of popular apps and OSes are spyware by any reasonable definition of the term.
I remember, back in the late 1990s, if I have the time right, when RealPlayer phoned home to check for updates, and there was enormous uproar over the privacy implications.
Things sure have changed since then.
Hmm. I guess most encrypted protocols aside from SSH use X.509 certs, so they wouldn’t make for great wrapper protocols, can be man-in-the-middle attacked. So if they’re willing to block SSH and MITM the others, I guess that puts them in a decent place, at least insofar as encrypted connections.
Another option, if one controls both ends and can set things up, is steganography.
One could use non-encrypted data, but where it’s difficult or expensive to pick out the data being used to transfer the hidden data in all the rest.
Like, say I have an enencrypted audio stream, 16-bit samples. In the low-order bit of each sample, I can tuck data. Maybe statistical analysis could pick it up, but that’s probably not going to be trivial, and maybe you could MITM and degrade everyone’s audio, but that’s gonna be disruptive.
I mean, probably every online video game can act as a channel for that.
Just need a convenient way to roll out new steganography channels.
The challenge is that hiding data in other data means that there’s gonna be overhead, because you gotta also send the other data. So it’s probably not bandwidth-efficient, and may impact performance.
For simple web browsing or streaming over https you can use a socks proxy.
For full VPN function you could try something like IPSec or L2TP, as they’re not listed in the protocols Russia is targeting.
I’ve had success wrapping OpenVPN (TCP) in stunnel on networks that have done similar things.