Obfuscate OpenVPN traffic?



  • Hi all,

    Is there any built in package in pfSense can help obfuscating OpenVPN traffic? The GFW in China region seems to be able to detect the traffic and is blocking access randomly.



  • Which ports are you running on?

    Are you using a public or private server?

    What type of encryption?

    UDP or TCP?



  • I tried to put it on 443 TCP (pretend to be HTTPS), using a server colocation service network to do VPN.



  • If the location you are using or its IP ranges have previously been associated with VPNs, that would make it easy to profile you.

    Best way to avoid being profiled is to run your server on some home connection or something where you and only you access it.

    Also be careful with your DNS - China routinely poisons DNS.  Its normal operating procedure, to say the least.  Reach your servers by IP only.



  • @kejianshi:

    If the location you are using or its IP ranges have previously been associated with VPNs, that would make it easy to profile you.

    Best way to avoid being profiled is to run your server on some home connection or something where you and only you access it.

    Also be careful with your DNS - China routinely poisons DNS.  Its normal operating procedure, to say the least.  Reach your servers by IP only.

    I do have a domain name purchased from NameCheap and did the dynamic update by the way they suggest, so DNS is not an issue (I also know about DNS poisoning, esp. something like NO-IP.com)
    I'm going to implement OpenVPN on gateway at my home, my brother & my father's home  8) But as reported by some other users, even they do connect with OpenVPN, they still feel that connection was interfered, so I just want to make sure I can obfuscate GFW's detection to minimize the impact.



  • Hi!

    The issue right now is that GFW is learning to fast…. I have setup a lot of different OpenVPN servers around the world that i try to connect to - it takes a few minutes and then the connection is dead (or GFW blocks it easily) (tried with TCP/ UDP and a lot of different ports)

    I have one VPN provider that allow me to use obfuscate and with DD-WRT or their own OpenVPN program this works great. the problem i have is that i can't use pfsense to connect with obfuscate to the VPN provider.

    would it be possible to add this support to pfsense? "obfuscate"

    BR/Micke



  • What are your pfsense server settings?  I'd love to see that server config page from pfsense to get an idea what you are doing wrong.


Log in to reply