[tor-dev] Combining obfsproxy+scramblesuit with OpenVPN

irregulator at riseup.net irregulator at riseup.net
Wed Mar 5 13:08:06 UTC 2014 

Hello people,

I'm investigating how may we combine the traffic obfuscation provided by
obfsproxy+scramblesuit with OpenVPN instead of Tor.

I completely understand how this combination does not provide anonymity,
but nevertheless I think it will be of some use.

In the recent past there have been some interest in this combination
[1], [2], [3], mainly cause of VPN traffic blocking in various countries
or networks.

OpenVPN supports only Socks5 proxy but current obsfproxy's version
doesn't have a Socks5 listener, see ticket #9221 [4].

Luckily yawning provided a patch some days ago [5], and I decided to
test it. According to patch's comments, it implements a Socks5 proxy
with authentication as in RFC 1928/RFC 1929. This authentication is
gonna serve as a means to pass parameters to the pluggable transport,
please correct me on this one.

Firstly, does this patch and generally obfsproxy development takes in
consideration other clients except for Tor, e.g. OpenVPN or OpenSSH ? I
think it would be very nice to have a way to combine OpenVPN with
Scramblesuit as stated in the latter's paper. But then I'll understand
if that's not a priority for obfsproxy's developers.

So, while testing OpenVPN with obfsproxy and the latest patch, the vpn
client enters the authentication phase. Do the credentials depend on the
pluggable transport in use by the obfsproxy? If so, what credentials
should the vpn or the ssh socks client provide when talking with
scramblesuit? Will vpn client have to provide the session ticket or
other pre-shared secret through socks authentication?

Thanks in advance for any answers.
Alex


[1] http://community.openvpn.net/openvpn/wiki/TrafficObfuscation
[2] http://www.dlshad.net/?p=135
[3]
https://www.void.gr/kargig/blog/2012/10/05/bypassing-censorship-devices-by-obfuscating-your-traffic-using-obfsproxy/
[4] https://trac.torproject.org/projects/tor/ticket/9221
[5]
https://trac.torproject.org/projects/tor/attachment/ticket/9221/0001-Use-SOCKS5-instead-of-SOCKS4-a.patch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 949 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20140305/af778dcb/attachment.sig>

More information about the tor-dev mailing list