Hello people,
I'm investigating how may we combine the traffic obfuscation provided by obfsproxy+scramblesuit with OpenVPN instead of Tor.
I completely understand how this combination does not provide anonymity, but nevertheless I think it will be of some use.
In the recent past there have been some interest in this combination [1], [2], [3], mainly cause of VPN traffic blocking in various countries or networks.
OpenVPN supports only Socks5 proxy but current obsfproxy's version doesn't have a Socks5 listener, see ticket #9221 [4].
Luckily yawning provided a patch some days ago [5], and I decided to test it. According to patch's comments, it implements a Socks5 proxy with authentication as in RFC 1928/RFC 1929. This authentication is gonna serve as a means to pass parameters to the pluggable transport, please correct me on this one.
Firstly, does this patch and generally obfsproxy development takes in consideration other clients except for Tor, e.g. OpenVPN or OpenSSH ? I think it would be very nice to have a way to combine OpenVPN with Scramblesuit as stated in the latter's paper. But then I'll understand if that's not a priority for obfsproxy's developers.
So, while testing OpenVPN with obfsproxy and the latest patch, the vpn client enters the authentication phase. Do the credentials depend on the pluggable transport in use by the obfsproxy? If so, what credentials should the vpn or the ssh socks client provide when talking with scramblesuit? Will vpn client have to provide the session ticket or other pre-shared secret through socks authentication?
Thanks in advance for any answers. Alex
[1] http://community.openvpn.net/openvpn/wiki/TrafficObfuscation [2] http://www.dlshad.net/?p=135 [3] https://www.void.gr/kargig/blog/2012/10/05/bypassing-censorship-devices-by-o... [4] https://trac.torproject.org/projects/tor/ticket/9221 [5] https://trac.torproject.org/projects/tor/attachment/ticket/9221/0001-Use-SOC...