Comment by m132

All boils down to the kind of DPI you're trying to work around, but generally the most common encrypted or otherwise difficult to process protocols strike me as the most preferable.

RTP isn't a bad choice, especially the WebRTC flavor of it:

- it's UDP; there's no need to worry avoid the TCP meltdown

- it's most commonly used for peer-to-peer and PBX communication; packets going in and out, from and to random IPs are expected

- high bandwidth RTP traffic is normal, so are high irregularities

- it most often carries video; huge room for steganography

- WebRTC makes encryption mandatory

I've come across corporate networks that do block non-intranet WebRTC, however this probably isn't feasible at the Internet scale.

Other good choices are QUIC and WebSockets (assuming your network doesn't do MitM), and SSH, which by default comes with strong protection against MitM and actually has SOCKS5 tunneling built into the most popular implementations (try `ssh -D`). SSH is what some of my friends successfully use to bypass the Great Firewall.

That being said, the shift of client-to-server SMTP from a common part of everyday internet traffic to something rather esoteric may have created some potential for firewall misconfigurations, and those might result in it being passed with minimal inspection. All depends on your particular firewall in the end.