ovpn obfuscation
-
Good day everyone. Please don't be too hard on me.
I have the following schema
LAN <-> PF1(client ) <--> VDS1(server ,client) <--> VDS2(server, server) <---> PF2(client)<---> LAN2All this works well.
But I need to obfuscate from PF1 (client) to VDS 1 (server) and from PF2 (client) to VDS2 (server).
In order that it would not be detected by DPI.
I have read various documentation but still don't understand how to do it with PFsense. Is it even possible? From a client from windows or linux, everything is clear. There are various Shadowsocks+cloak, obfproxy and the like.
Any help is welcome, any links or any material. Thanks in advance to all. -
@hr1sha How is DPI implemented? Finding ovpn traffic is fairly easy to do with firewalls these days especially ones that implement app.id (L7 inspection)
Using proxys is the same deal. Very easy to see proxy or vpn traffic going through the dataplane on a firewall. Very trivial. -
@michmoor If you told me what I could do, I would be very grateful. Still, if I use a tool like stunnel, will it help me? I don't know how dpi is implemented
-
@hr1sha Help you with what? Modern networks can detect proxys and VPNs quite easily.
If you want to hide from VDS1 and VDS2 then you shouldnt have your traffic go through them. -
@michmoor I need help masking OpenVPN traffic from pf2 to vds2 under the guise SSL on port 443
-
@hr1sha Make sure DCO is disabled. Under your ovpn server config there is a section you can make your changes.
Keep in mind, if the path is not in your control then this does nothing as anyone can tell you are running ovpn. Application signatures will easily point this out to the administrator if running an advanced firewall.
-
@michmoor Vds are regular OpenVPN servers on Linux, and pf is a client. Where can I see this option on the vds server? The path is under my control
-
@hr1sha I can only speak for the pfSense GUI. You need to research how to do this on a non pfSense client.
-
@michmoor In any case, thank you for your help. Many thanks