[SOLVED] How to use VIP's for OpenVPN
-
tls-crypt is set when you set tls to both encryption and auth.
-
Yes I know, my posting was before I saw you edited yours.
-Rico
-
ah... makes more sense now ;)
-
@glacier said in How to use VIP's for OpenVPN:
We have a department in china and the chineese ISP's regularly block ip's with VPN traffic. So we need to cycle the ip addresses otherwise our employees can't connect to the HQ via openvpn.
Do they block by IP or protocol? It seems to me protocol would be more likely.
-
They are blocking/ban by null routing IPs as well.
-Rico
-
@rico said in How to use VIP's for OpenVPN:
They are blocking/ban by null routing IPs as well.
Exactly. We migth be able to hide it better, however eventually the ip will get blocked, which is why we would like to use VIP's to cycle through the bans.
-
Well you don't have unlimited VIPs to cycle them over and over again right? So in the long run it would be better to hide the VPN traffic. I think with the 443 Port Share trick and tls-crypt it could work to get around this.
Anyway, I will try to answer your question. :-) Bind your OpenVPN to localhost, then use a Port Forward with your VIP to localhost.-Rico
-
Port share won't hide the traffic and tls-crypt maybe for a while, eventually they will find out how to identify it.
stunnel is what I would do... -
I don't see how the share thing would hide anything - other than if you have normal https traffic going to that dest IP from the IP in china.. That might confuse them seeing normal web and vpn going to the same IP? All depends on how exactly they identify it as vpn traffic.
-
Thanks alot for all of the answers.
I'll try out the portforwarding thing, aswell as tls-crypt and stunnel.@rico said in How to use VIP's for OpenVPN:
Well you don't have unlimited VIPs to cycle them over and over again right?
No, but in the past the banned ip's have been unbanned after a month or so.
Best Regards
Esben
