OpenVPN through Stunnel
-
Looked at various guides in getting openvpn to work through stunnel on my fairly-fresh/mint Linode VPS server. (running Ubuntu 18.04 LTS in case it matters)
no luck all afternoon and fresh out of ideas. What I've done is below. welcome any ideas on how to fix.
I have openvpn (without the stunnel) working on my windows laptop
copy the .ovpn file - change the line with the VPS IP and 1194 to 127.0.0.1 20000Have the stunnel sorted to take the openvpn from port 20000 and put to my VPS on port 20001
tcpdump shows activity on 20001 when I try to connect
however the openvpn log is
client openvpn is showing:
Sun Feb 23 22:31:06 2020 TCP connection established with [AF_INET]127.0.0.1:20000
Sun Feb 23 22:31:06 2020 TCP_CLIENT link local: (not bound)
Sun Feb 23 22:31:06 2020 TCP_CLIENT link remote: [AF_INET]127.0.0.1:20000
Sun Feb 23 22:31:06 2020 MANAGEMENT: >STATE:1582468266,WAIT,,,,,,
Sun Feb 23 22:31:08 2020 Connection reset, restarting [-1]
Sun Feb 23 22:31:08 2020 SIGUSR1[soft,connection-reset] received, process restarting
Sun Feb 23 22:31:08 2020 MANAGEMENT: >STATE:1582468268,RECONNECTING,connection-reset,,,,,
Sun Feb 23 22:31:08 2020 Restart pause, 5 second(s)server side openvpn logs show the following:
linode_tcp/XXXXX:60802 Incoming Data Channel: Cipher 'AES-256-GCM' initi
alized with 256 bit key
linode_tcp/XXXXX:60802 Connection reset, restarting [-1]
linode_tcp/XXXXX:60802 SIGUSR1[soft,connection-reset] received, client-i
nstance restarting -
Two questions, why are you trying to run a VPN over another encrypted connection? Also, doesn't Stunnel only support TCP? That means you'd have to run OpenVPN via TCP, instead of the normal UDP.
-
I am planning to use this setup in China where they block OpenVPN by packet inspection. By using stunnel, hoping to have additional layer so the Govt can't tell it is VPN traffic. I understand there is a performance hit but would be better than being blocked.
-
Ah yes, the Great Firewall of China. Still, if you run OpenVPN, you'll need to use TCP. Are you doing that?
-
After a whole day i'm able to run stunnel with openvpn. From a fesh install of Pf. Vpn, nat,rule give the vpn working fine. i don't set any dns. Dns leak , as it seem not possible to set DOH or dot in pfsense with just : providerdns.com/dns-query.
the how: make sure Vpn is set to tcp 1194 and work fine before.
So install stunnel package / then put:
client mode check / listen ip : 127.0.0.1 /listen port: 1194
redirect to ip : vpnprovider.com / redirect to port: 443
log: notice / timeout : 0 / custom option: it,s exactly as your provider conf file. if they write option = noSslv2 , you put it all. If not it will just not work. The box custom option could be rename to : extra setting to be more clear. This is the first guide on internet.
Also, passing from a first ovpn inudp1194 do work fine, no forward port or anything else. A bit slow to get the page load directly, but all fine, dual vpn back to back. -