explore other possible sources of distinguishability against reference implementation

[ainghazal]

I know that supposedly the parrot is dead, but if the effort is low maybe it makes sense to address a couple of obvious divergences:

• The trailing 4 bytes in the random field for our (parroted) ClientHello look totally random - but at least by Wireshark's dissector they get recognized as a timestamp (I haven't checked the ranges extensively, at least they look to be placed between 2000-2100?). Probably openvpn source code is the quickest way to clarify this.

• The fact that I'm using DATA_V1 packets (intertwined with HARD_RESET_V2) while a recent openvpn uses V2.

[ainghazal]

These days I was thinking in another possible way to tell minivpn apart: I am not completely sure, but I remember seeing something about the reference openvpn implementing some kind of retries for the TLS handshake in UDP mode (which is kind of natural). It's been some months already so this is not fresh in my head, but I am pretty sure my implementation is quite sensible to packet loss during the handshake phase. I mention this in case the current red team engagement find ways to break things apart following this lead 😈 🙈