Changes between Initial Version and Version 1 of TrafficObfuscation


Ignore:
Timestamp:
03/21/12 07:50:31 (12 years ago)
Author:
Samuli Seppänen
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • TrafficObfuscation

    v1 v1  
     1= Introduction =
     2
     3Sometimes it's useful to obfuscate the fact that your traffic is generated by OpenVPN. For example, if your ISP is blocking OpenVPN for some reason. This article describes various ways to obfuscate OpenVPN traffic so that it's not as easily detected and blocked. Most of the content here originates from [http://thread.gmane.org/gmane.network.openvpn.devel/5386 this email thread]. Additionally, for some reason [http://sourceforge.net/mailarchive/message.php?msg_id=28851866 this mail] was not included in Gmane archives.
     4
     5= Use static keys =
     6
     7This was suggested [http://thread.gmane.org/gmane.network.openvpn.devel/5386 here].
     8
     9{{{
     10"My recent suggestion to someone regarding this was to use a
     11static-key tunnel to encapsulate a second secure channel (either
     12openvpn with TLS or ssh(1) as needed.) The static key tunnel looks
     13like random junk to a sniffer. Nothing should identify it as being
     14openvpn."One
     15
     16"That said, it DOES look suspicious. Maintain a moving target if
     17possible ... changing ports and IP addresses. Also, because of the
     18potential weakness of static keys, you should rotate them on a
     19timetable, such as weekly or monthly."
     20}}}
     21
     22= Use obfsproxy =
     23
     24[https://www.torproject.org/projects/obfsproxy-instructions.html.en Obfsproxy] is a [https://www.torproject.org/ Tor] subproject. It can be used to obfuscate (any) traffic so that it becomes unrecognizable. Obfuscating OpenVPN traffic using obfsproxy was suggested [http://thread.gmane.org/gmane.network.openvpn.devel/5386 here], with one additional mail available [http://sourceforge.net/mailarchive/message.php?msg_id=28851866 here]:
     25
     26{{{
     27"However, the obfsproxy project sounds very interesting.  And it should be
     28possible to use obfsproxy (as it can talk like a SOCKS proxy) with
     29OpenVPN, by using the --socks-proxy argument.  But I'm not aware of any
     30openvpn services providing obfsproxy services in conjunction with OpenVPN."
     31}}}
     32
     33A user provided an OpenVPN installer which bundles OpenVPN with obfsproxy. Look [http://sourceforge.net/mailarchive/message.php?msg_id=28851866 here] for downloads and instructions.