Stealth VPN is a term used to describe a VPN protocol or server that makes VPN traffic look like regular web traffic through obfuscation, even when deep packet inspection (DPI) is performed on the traffic by a firewall or network administrator. Learn about StealthVPN, the way it bypasses VPN blocking, the available implementations, and the best Stealth VPN providers.

What is the DPI (Deep Packet Inspection)?

Deep packet inspection (DPI) is an advanced technique used to examine and manage network traffic. It employs packet filtering to locate, identify, classify, reroute or block packets with a specific code or data payload. Conventional packet filtering can’t detect DPI, as it only looks at packet headers.

Deep Packet Inspection tools

Network administrators often use DPI as a security tool to detect and intercept viruses and other types of malicious traffic. However, they can also use it for disreputable activities, such as eavesdropping.

Deep Packet Inspection is also used to streamline the flow of network traffic. A message that is, for example, flagged as a high priority can be sent to its destination before low-priority packets or messages. DPI can also be used to improve network performance by throttling data transfer, thereby preventing peer-to-peer abuse.

DPI has sparked concern among proponents of Net Neutrality and privacy advocates, as it is possible to identify both the recipient and originator from content enclosing specific packets.

What is Obfuscation?

Obfuscating means to make something obscure. When applied to Internet traffic, obfuscating implies that you are trying to hide its real purpose, similar to putting on a disguise.

Obfuscation techniques

Obfuscation is often used to hide TOR or VPN traffic (VPN obfuscation). As some governments and ISPs block connections to these services obfuscation prevents anyone from seeing that your internet traffic is encrypted. It is also used to bypass firewalls so that restricted websites can be accessed. While these objectives may be slightly different, the same method is used to achieve both.

When special tools obfuscate Internet traffic, its original form is changed to a discrete structure that makes it look like regular Internet traffic. When users connect to a VPN, encrypted traffic is altered to look like regular, unencrypted internet traffic. However, the encryption will still be present, and your data will not be readable. Thus, it results in undetectable VPN traffic.

Diagram showing how obfuscated VPN traffic bypasses advanced firewalls

Obfuscation and ISP policies

Whether or not obfuscation will help with the loss of net neutrality remains to be seen, as it depends on what ISPs decide to do in the future. If they choose to block VPN and TOR traffic, then obfuscation will be useful, but if they start charging different rates for using specific services, then your options are limited.

In the latter case, all you’ll be able to do is to make it appear as if you’re using a cheaper service than what you are. One example will be if an ISP charges $1.50/Mb for normal browsing and $2.50/Mb for gaming. Internet traffic could be obfuscated to look like regular browsing instead of gaming to pay the lower rate.

What is Stealth VPN?

A Stealth VPN is a VPN protocol that can let VPN traffic appear as if it is regular web traffic, even when a network administrator activates a DPI firewall.

Firewalls are commonly used to block VPNs in countries where Internet access is restricted or censored. Some examples would include China, Iran, the United Arab Emirates, countries where VPN is illegal. Network administrators also often block VPN access for a company or school network to improve monitoring and control of network activity.

A StealthVPN service will allow you to quickly bypass these blocking mechanisms to create VPN tunnels through a firewall, including the Firewall of China.

How Stealth VPNs work

Though people commonly use the term ‘Stealth,’ it would be more accurate to describe the technology as ‘VPN Camouflage.’ A ‘Stealth’ VPN disguises VPN data packets as regular Internet traffic. The most advanced implementations obfuscate the VPN traffic into HTTPS traffic.

What is HTTPS traffic?

HTTPS connections are crucial for secure data transmissions on the Internet where credit card numbers, passwords, etc. are used. That’s why most firewalls, even if they are very restrictive, won’t block HTTPS packets, making stealth VPN technology very efficient.

SSL or TLS encryption secures the HTTPS traffic. Online banking and credit card transactions use it to increase security, as well as sites like Facebook and Google. If you see the ‘lock’ icon in your browser bar and ‘https’ before the ‘www’ in the URL, you know that your browser uses https. Routers and firewalls identify HTTPS traffic because it always uses port #443.

Stealth VPN techniques can efficiently use this characteristic of HTTPS traffic to impersonate HTTPS data and bypass firewalls undetected.

Diagram showing StealthVPN - OpenVPN HTTPS Traffic

StealthVPN protocols

OpenVPN

OpenVPN has the best combination of cross-platform compatibility, security, and speed. Therefore, most Stealth VPN servers use OpenVPN encryption to reap these benefits. A local stealth proxy (called obfsproxy) modulates and obfuscates the OpenVPN traffic into regular Internet traffic.

SSTP

SSTP (Secure Socket Tunneling Protocol) is another stealth protocol that VPN enthusiasts use. But, this protocol is only available on Windows, and not all VPN providers offer it. As SSTP uses SSL encryption as its primary encryption algorithm natively, it does have a significant advantage.

Softether

The relatively new Softether protocol provides the third approach. Due to its SSL-VPN Tunneling on HTTPS, it can ‘penetrate’ highly-restricted firewalls.

StealthVPN vs. OpenVPN

The most common SteathVPN implementations are using OpenVPN and obfsproxy.

A typical data packet used with OpenVPN consists of a header that contains packet identification and routing information. The payload is the strongly encrypted part of the data packet which is forwarded to the correct web address. The header information is used to identify the source of a package, including the port # and the fact that the container contains OpenVPN data.

A stealth VPN uses obfuscation to strip the metadata that identifies the data as belonging to a VPN protocol from the packet header. The disguised packet looks like regular HTTPS encrypted web traffic by using the fact that https uses SSL/TLS Encryption and port #443.

The obfuscation is done by wrapping the OpenVPN data packet (using the obfsproxy local proxy) in a secondary layer of encryption, and assigning the data to port #443 or any other port.

When stealth technology has these two steps, the data packet can’t be distinguished from regular https data or regular Internet traffic, and it is virtually impossible to block.

Obfuscated OpenVPN Traffic - Stealth VPN

When and why do you need StealthVPN?

Avoid VPN blocks, and access blocked websites

For some, a Stealth protocol is an absolute necessity. For people located in countries such as the UAE, China, or Iran, it would be difficult (or virtually impossible) to access specific websites without making use of stealth VPN technology. In some countries like Iran, using a VPN is a crime, so it is critical that you make sure your VPN is undetectable.

Avoid throttling and protect your privacy

There are also those that choose to use Stealth VPNs to protect their privacy or to avoid throttling. Although some firewalls don’t block VPN traffic, they do throttle it, slowing it down dramatically. You should know that even major ISPs like mobile providers do this.

Stealth VPN providers

Several excellent VPN providers offer StealthVPN (secure VPN) connections on their servers (check the list below).

ibVPN

ibVPN is one of my favorite VPN services as it provides a lot of exciting features (take a look at my complete ibVPN review), including a variety of servers or protocols. Regarding StealthVPN, ibVPN includes access to all three implementations (OpenVPN with obfsproxy, SSTP and Softether). The first two options are available within the Windows application, while users may install Softether on Windows, Linux, and Mac OS as a standalone client app.

ibVPN Stealth VPN & SSTP - Windows app

IPVanish

IPVanish can obfuscate the OpenVPN traffic on two ports: 1194 and 443 (HTTPS). Choose the port and check the Obfuscate OpenVPN traffic option. It is available for the Windows application.

Obfuscate OpenVPN traffic IPVanish

VyprVPN

VyprVPN has developed its proprietary stealth VPN protocol known as ‘Chameleon Protocol.’ The VyprVPN Chameleon uses a 256-bit OpenVPN encryption obfuscated and transmitted via TLS port #443. Thus, Users that live in or travel to countries such as China, Russia, India, Turkey, Iran, and Syria can access the Internet unrestricted. The Chameleon VPN is available for Windows, Mac, Android, and VPN routers.

VyprVPN Chameleon VPN - Stealth Protocol

TorGuard VPN

TorGuard bases its stealth VPN implementation on dedicated ‘Stealth’ VPN servers. Users can access these servers from the Windows, macOS, and Android apps. Also, the Stealth Proxy feature inside the TorGuard VPN apps adds a “second” layer of security that connects your standard VPN connection through an encrypted proxy layer. When enabled, the Stealth Proxy hides the “handshake,” making it impossible for the DPI firewalls to determine if VPN software is being used. A plus for TorGuard is that it offers dedicated IP address options in many locations.

Torguard VPN - Stealth Proxy

Perfect Privacy

Perfect Privacy uses OpenVPN to implement Stealth VPN technology. You may obfuscate your VPN traffic by tunneling it through stunnel, ssh or obfsproxy2/obfsproxy3. Also, you can choose the connection ports #22 (SSH), #53 (DNS) and #443 (SSL). Perfect Privacy offers the StealthVPN protocol into the Windows client, or you may set up the obfuscation manually with OpenVPN on Linux and Mac.

Perfect Privacy - Stealth VPN technology

VPN.ac

VPN.ac Stealth Protocol - OpenVPN XOR

The VPN.ac ‘Stealth VPN’ secure protocol applies a technique called XOR obfuscation on the OpenVPN traffic. The OpenVPN XOR is similar to OpenVPN 256-bit regarding key strength. However, the symmetric cipher is different, AES 128-bit being faster and less CPU intensive than AES 256-bit. Running the OpenVPN XOR over port TCP #443 should bypass most firewalls/web-filtering engines. It is available on the Windows application.

Conclusion

Using stealth VPNs will camouflage your VPN and make it appear as regular web traffic. Stealth VPNs are mainly used for privacy purposes, or to bypass firewalls in countries where Internet access is restricted or censored.