[tor-dev] Combining obfsproxy+scramblesuit with OpenVPN

Jurre van Bergen jurre at useotrproject.org
Wed Mar 5 17:57:24 UTC 2014


Heya,

The company I work for is building an OpenVPN client which has obfsproxy
support, there is a branch, but it's not finished:
https://github.com/greenhost/viper/tree/obfsproxy-support

And then.. the serverside isn't pushed but it was working, it would
generate scramblesuite passwords using some funky way.

Anyway, you might want to look into this:
https://github.com/kheops2713/telecomix-openvpn/tree/master/Linux

Also see:
https://lists.torproject.org/pipermail/tor-dev/2014-February/006192.html

It's rather trivial.

Jurre

On 03/05/2014 02:08 PM, irregulator at riseup.net wrote:
> Hello people,
>
> I'm investigating how may we combine the traffic obfuscation provided by
> obfsproxy+scramblesuit with OpenVPN instead of Tor.
>
> I completely understand how this combination does not provide anonymity,
> but nevertheless I think it will be of some use.
>
> In the recent past there have been some interest in this combination
> [1], [2], [3], mainly cause of VPN traffic blocking in various countries
> or networks.
>
> OpenVPN supports only Socks5 proxy but current obsfproxy's version
> doesn't have a Socks5 listener, see ticket #9221 [4].
>
> Luckily yawning provided a patch some days ago [5], and I decided to
> test it. According to patch's comments, it implements a Socks5 proxy
> with authentication as in RFC 1928/RFC 1929. This authentication is
> gonna serve as a means to pass parameters to the pluggable transport,
> please correct me on this one.
>
> Firstly, does this patch and generally obfsproxy development takes in
> consideration other clients except for Tor, e.g. OpenVPN or OpenSSH ? I
> think it would be very nice to have a way to combine OpenVPN with
> Scramblesuit as stated in the latter's paper. But then I'll understand
> if that's not a priority for obfsproxy's developers.
>
> So, while testing OpenVPN with obfsproxy and the latest patch, the vpn
> client enters the authentication phase. Do the credentials depend on the
> pluggable transport in use by the obfsproxy? If so, what credentials
> should the vpn or the ssh socks client provide when talking with
> scramblesuit? Will vpn client have to provide the session ticket or
> other pre-shared secret through socks authentication?
>
> Thanks in advance for any answers.
> Alex
>


-- 
Developer at https://www.useotrproject.org/



More information about the tor-dev mailing list