This is an area that I've ignored for too long. More and more countries are using DPI to detect VPN connections. And their systems test suspected servers for VPN-specific response patterns. There are good introductions at http://www.ab9il.net/crypto/openvpn-cloaking.html and https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/ . I gather that there are at least two approaches for hiding VPN connections. One approach, which is offered by AirVPN, uses stunnel. The other, which is offered by iVPN, uses obfsproxy (developed by the Tor Project). Both tunnel TCP-mode VPN links through an additional SSL layer. I gather that stunnel simulates HTTPS, while obfsproxy can simulate various sorts of SSL connections, using plug-ins. I also gather that neither approach totally hides OpenVPN. Neither hides packet size or timing, and the OpenVPN handshake is distinctive. Also, neither prevents the throttling of all encrypted traffic Anyway, I plan to test these approaches for usability and effectiveness. Initially, I'll capture traffic with Wireshark, and compare IO graphs. I invite suggestions of other approaches, other providers, other analytic approaches, etc.