Tutorials Detecting VPN (and its configuration!) and proxy users on the server side


A lot of people use VPN every day. Somebody use it in always-on mode to circumvent government or corporative internet censorship, while somebody use it from time to time to bypass geographic restrictions. You may already know that huge video and music streaming services and game shops never really liked VPN users who easily bypass all restrictions to unblock country restricted content or to buy a game for less. Examples are plentiful: Netflix changed their ToS recently so that it can now terminate your account contract if you’re found to be circumventing its geo-restrictions, Hulu was also noticed for blocking VPN users, and Steam has been always suspicious to non-Russian speakers from Russia. Recently some companies tries to block not individual users but entire IP addresses of VPN services, which is troublesome for both users and VPN services. Seems like they don’t have any automatic tools and block addresses manually. While I’m against any type of censorship, I was curious if it is possible to detect VPN or proxy users on the server side.

And the answer is yes, under certain conditions. And pretty accurate.

MSS and MTU​

MTU or Maximum Transmission Unit stands for maximum data which could be transmitted in one packet. Every network adapter have its MTU value, even the routers between you and the remote side which transit your packets. Most of the time it is set to 1500, there are some exceptions though.

When you web browser or any other software working with the network creates TCP connection to the remote side, it adds Maximum Segment Size (MSS) value into TCP header, which informs remote size of the maximum TCP data size initiator can receive without packet fragmentation. This value is very similar to MTU.

As you try to open a web page with PPTP, L2TP(±IPsec) or IPsec IKE connected, your packet is encapsulated into another packet which introduces overhead. Large packets which could be sent without fragmentation without VPN connected now should be fragmented...

Read more

Continue reading...