Openvpn wrapped by stunnel

zqoot

Hi

openvpn protocol got blocked in my country (tcp udp different ports).

I heard that stunnel can wrap openvpn traffic to normal ssl so that DPI not easily identify.

my vpn provider having stunnel ssl options and openvpn of course.

I have searched many sites but nothing for pfsense.

vpn provider provide stunnel.conf and CA certificate (.pem)

Is there any guide (step by step) how to run stunnel ?

I have tried but always getting certificate error.

i am willing to connect as a client only.

Thanks

jimp

There are no guides and that's typically a bad idea anyhow.

Use pfSense 2.4 and activate OpenVPN 2.4's "TLS Crypt" mode instead. Assuming both sides support that, it encrypts the control channel making it more difficult to identify. No need to run it through yet another layer of encapsulation.

akha666

Hello TLS Crypt didn't help me.
I have the same issue , our ISPs using DPI to block VPN Traffic.
https://www.bestvpn.com/egypt-blocks-openvpn
any workaround ?

akha666

finally got ovpn working again over stunnel.
stunnel is the best workaround for this issue.
stunnel package back again to new pfsense 2.4.

awair

Hi Akha,

Would you care to share…

Screenshots would be great.

Many thanks.

awair

@jimp:

Use pfSense 2.4 and activate OpenVPN 2.4's "TLS Crypt" mode instead.

Where is this option? Is this the TLS KEY Usage Mode or is it added to Custom options?

Many thanks

johnpoz

Its right there in the VPN settings.. Drop down..

See attached pic

tlsencrypt.png_thumb

awair

Thanks John,

I've since tried that option and it doesn't help my case. Looks like STunnel is the only realistic proposition for keeping OpenVPN running.

I've got that working on a client computer, but would much prefer to share this where needed.

MR-NT

i have the same issue , i think Stunnel is my last hope

dfindlay

@akha666

I'm having similar issues trying to setup stunnel to openvpn. Im using openvpn on pfsense as my server and on the receiving end client also using openvpn on pfsense. I would like to setup stunnel as client and server in their respective locations.

Can you assist?

Vestinglama

@akha666 Hello please how were you able to configure the stunnel to work with your OVPN. I keep trying to do the configuration on my pfsense but it doesnt work