vpn protocols we use here nowadays are way more advanced than this, they mimic a TLS handshake with a legitimate (non blocked site, like google.com) and looks essentially like regular https traffic to that site

it looks like they are basically impossible to detect, given the failure to block them, outside of timing attacks (seeing if a request crosses Russia's border and comes back quickly after), however that is fully mitigated by just having having the vpn "disconnect" and route traffic directly to Russian unblocked sites, which would otherwise be able to perform such a timing attack detection

pretty interesting stuff, there are several versions of this system, and even the ones that have existed for a while work pretty well