3

Does this setup defeat deep packet inspection(looking at the data payload in addition to packet headers)?

I have a SSH tunnel connection, or more exactly a proxy server connection running inside of a SSH tunnel connection. I set the OpenVPN client to connect via this proxy server, and it technically connects via the SSH tunnel.

Can this be tracked?

Chris
  • 31
  • 2
    With enough computing power, anything can be tracked and/or cracked. The question is more a matter of "is the cost of tracking this worth the value of the data to the attacker?". Depending on circumstance, your setup might be way over the top, or it might be only just sufficient. – William Lawn Stewart Jul 30 '11 at 08:51
  • What would come closer to anonymity? –  Jul 30 '11 at 08:55
  • Chris, this is not a discussion forum. In order to clarify, you should add a comment or edit your question -- it seems you have somehow lost a cookie or not linked your user accounts yet though. – slhck Jul 30 '11 at 08:57
  • he doesn't have the rep to add a comment – barlop Jul 30 '11 at 10:19
  • I've just pasted your comment as a comment so you could delete this answer... or maybe edit it if you have a different comment though people might disagree with that ;-) – barlop Jul 30 '11 at 10:20

1 Answers1

3

How do you define track? Who are you worried about being tracked by?

Someone that is able to monitor from the exit point of your VPN would be able to know all the activities associated with that VPN.

Someone who is able to compromise the SSH server, the proxy or the OpenVPN end point may be able to work back to determine the true source of the traffic.

If you are just worried about basic traffic shaping from your ISP then you are almost certainly going way overboard. Running OpenVPN over SSH is going to give you some major performance issues and really won't really make a difference. Even a really basic VPN is usually enough to avoid blacklist-based traffic shaping.

If you are making connections to via this wacky-VPN to some service, someone at the other end could potentially track it back to your computer if they had the cooperation of the ISPs where the VPN and SSH hosts are hosted. Particularly if the VPN or SSH server is only being used by you. They would simply have to look at what is going into the system with the VPN, and what is going out. If it is only being used by one person you would see the un-encrypted traffic going out from the VPN, and the VPN traffic.

To summarize, if you are looking for 100% anonymity, I don't believe that your described setup would even come close to providing that, assuming that a governmental entity or someone really determined wanted to trace it back to your computer.

If you are just trying to avoid being blocked by some kind of filter at your ISP/School/work you are setting up something far to complex. If you can make outgoing SSH connections, then all they would know is that you have made an outgoing SSH connection. They wouldn't know anything about the SSH payload.

Zoredache
  • 20,021