That is a first step, but what you really want to do (and what most commercial VPN solutions are doing) is tunneling the VPN via https. Preferably with a real-looking web server at one end, so that "firewall solutions" have something to look at and scan for evil keywords. Oh, and you might have to disguise the traffic pattern as something that looks like http, so frequent reconnects. And the payload has to be web-like so that a MitM-proxy sees something like http, so an one direction is a POST, the other is the respective response, and if you cannot do persistent connections because the proxy kills them you'll have to poll at least in one direction.
Yes, this is supremely ugly, but unfortunately entrenched and expected by now. I've been to customers with intrusive filtering/scanning setups like that who then recommended their favourite commercial VPN vendor to get around that filtering...
Yes, this is supremely ugly, but unfortunately entrenched and expected by now. I've been to customers with intrusive filtering/scanning setups like that who then recommended their favourite commercial VPN vendor to get around that filtering...