Posts Tagged openvpn
I had a working OpenVPN configuration. But it wasn’t the best it could be. The manpage for OpenVPN 2.3 (community.openvpn.net/openvpn/wiki/Openvpn23ManPage) was used to find particularly interesting options. For most of the changes I had to find examples and more information through Googling, though blog.g3rt.nl/openvpn-security-tips.html is of particular note for popping up very often. Improving TLS […]
Ended up choosing an SSH SOCKS proxy + Tunnelblick because it had the fewest moving parts. Combined with a passwordless SSH key, I saw this status on Facebook today: Kyle is truly a computer wizard! as in, his Tunnelblick thingy is working! Location? China. Success.
I’m seeing stuff about China’s blocking VPNs everywhere: New York Times, the BBC, and of course, Slashdot. Interesting tidbit: OpenVPN over TCP on port 53 apparently works. Not sure why it’d be like that, but maybe it’s something unexpected from infrastructure put in place for DNS poisoning. Possibly unrestricted, but mirrored to the DNS servers, […]
Having a bit of time, and remembering that OpenVPN had an option for SOCKS proxies, I decided to take a stab at getting OpenVPN to work through a SOCKS proxy. It was far easier than expected.
Continuing my string of posts on trying to get OpenVPN working through China’s Great Firewall… and a recent (and unexpected but much appreciated) report that TCP & UDP ports are blocked quickly, I’m now looking at getting OpenVPN to work with stunnel. My assumption is that the GFW is detecting the OpenVPN packets, since they’re […]
As I mentioned in a previous post, I have a friend who’s heading to China. I have an OpenVPN server. I thought the two would match together well, but then China went and started to filter & kill OpenVPN connections, and block those IP/port combinations. People are reporting that using a random port (as supported […]
Slashdot linked to an article on China restricting VPN access, in particular OpenVPN clients. (Also: OpenVPN’s forums has a similar report) The problem seems to be they’ve implemented some sort of protocol detection that’ll flag and block OpenVPN connections after a while. Unfortunately, this is no longer an academic problem for me, since I’ve got a […]
Note: This is a personal VPN, so I just used static keys. A general guide to getting OpenVPN set up is available on the OpenVPN website, but this guide is targeted at CentOS 5 on an OpenVZ VPS. This guide should be usable in other RH derivatives without much (any?) modification; and with slight modifications […]