From the client to the VPN host it’s feasible to do protocol/port identification and prevent it that way. Some are significantly more difficult to do that for though, particularly when it uses something like HTTPS to blend in with the general flow. It’s possible to set up a national level proxy gateway, but that would require a user’s system to trust some alternate CA which would be really hard to enforce.
Short version, there’s always a way around, but they can make it real tough for the average user.
I think these nations setup the ISPs to look for the packets using a VPN protocol. This protocol is only used between the user and the VPN provider, so the target website doesn’t see it.
Though I think this can be evaded too with a bit of work (masking the packets as normal web traffic). One reason why repressive regimes also want to control the devices of the user.
How are they caught then in countries that try to restrict digital access and have criminalized them?
From the client to the VPN host it’s feasible to do protocol/port identification and prevent it that way. Some are significantly more difficult to do that for though, particularly when it uses something like HTTPS to blend in with the general flow. It’s possible to set up a national level proxy gateway, but that would require a user’s system to trust some alternate CA which would be really hard to enforce.
Short version, there’s always a way around, but they can make it real tough for the average user.
I think these nations setup the ISPs to look for the packets using a VPN protocol. This protocol is only used between the user and the VPN provider, so the target website doesn’t see it. Though I think this can be evaded too with a bit of work (masking the packets as normal web traffic). One reason why repressive regimes also want to control the devices of the user.