Comment by estimator7292
Comment by estimator7292 3 days ago
You do not establish a VPN connection in the clear. You must give your client the encryption key before connecting. All transactions are fully encrypted from the beginning.
Besides that, when negotiating a secure connection through unencrypted channels you typically use Diffe-Hillman to establish the encryption keys. As far as I'm aware, this method cannot be broken. Both nodes compute their own private encryption key and do math to create unencrypted data that must be verified by the other node's key. Even if you had full control of the data stream, you can't determine those private keys and cannot break into the encrypted connection that follows.
Also VPNs are typically UDP, but there's no hard requirement as far as I know.
Awesome thanks for all of that. Then it sounds like the only way a nation state could block VPNs is if they decided to "go nuclear" and do what the person above said-- block anyone who they detect is using a VPN/encrypted channel.
Based on that information, the theory for why a nation state would block https like this for a moment is either an accident, or to only block the low hanging fruit of people who don't use a VPN.