obfsproxy and openvpn


# Using a Cheap 64MB RAM NAT VPS in US as server
# Raspberry PI to run obfsproxy client. Then connect to Raspberry PI
# using any device supporting openvpn, like IPad or Android pad.
# This solution has pros and cons, no messing trying to get obfsproxy
# client working on every device but then again you always need to
# connect via the Raspberry PI.

nu
#
# obfsproxy is what Tor uses to bypass blocking.
# It can also be used for openvpn.
# Its just another envelope, you hide openvpn within it.
#

# Install opfsproxy on VPS and
# Raspberry PI with same linux commands

# Install python and tools we need to build obfsproxy
sudo apt-get install python2.7 python-pip python-dev build-essential libgmp-dev -y
# Fetch and install obfsproxy
sudo pip install https://pypi.python.org/packages/source/o/obfsproxy/obfsproxy-0.2.13.tar.gz

# make random password for scramblesuit
python -c 'import base64, os; print base64.b32encode(os.urandom(20))'
# e.g. JNI3LYK2VZM3UY37WEALJQ442VFYX6ZS
# Server side
sudo nano /usr/local/bin/server_scramblesuit.sh

#!/bin/bash
# Persistent data (the server's state) is stored in
# /tmp/scramblesuit-server
python /usr/local/bin/obfsproxy \
--no-log \
--data-dir=/tmp/scramblesuit-server \
scramblesuit \
--password=JNI3LYK2VZM3UY37WEALJQ442VFYX6ZS \
--dest 127.0.0.1:15410 \
server 192.168.16.154:15411

# Start server on VPS
sudo chmod +x /usr/local/bin/server_scramblesuit.sh
sudo /usr/local/bin/server_scramblesuit.sh &

# Auto start scramblesuit server
# after boot or restart
# add new text line into file /etc/rc.local before EXIT 0

sudo nano /etc/rc.local

/usr/local/bin/server_scramblesuit.sh

# openvpn server script, listen on 15410 , protocol TCP
# Remember it must be TCP, cannot handle UDP

port 15410
proto tcp
:
:

# Client side (Raspberry Pi)

sudo nano /usr/local/bin/client_scramblesuit.sh

#!/bin/bash

# This command starts an obfsproxy instance which listens
# for connections on 10.0.0.10:1191
# Incoming data is obfuscated and forwarded to the
# destination server running on 45.43.000.00:15411
#
# The Raspberry PI address is 10.0.0.10
# The VPS address 45.43.000.00 example, not actual
#
# The obfsproxy client's session ticket is stored in
# /tmp/scramblesuit-client

python /usr/local/bin/obfsproxy \
--log-min-severity=debug \
--data-dir=/tmp/scramblesuit-client \
scramblesuit \
--password=JNI3LYK2VZM3UY37WEALJQ442VFYX6ZS \
--dest 45.43.000.00:15411 \
client 10.0.0.10:1191

# Auto start scramblesuit client
# after boot or restart
# add new text line into file /etc/rc.local before EXIT 0

sudo nano /etc/rc.local

sudo /usr/local/bin/client_scramblesuit.sh

# Start client on Raspberry PI
sudo chmod +x /usr/local/bin/client_scramblesuit.sh
sudo /usr/local/bin/client_scramblesuit.sh &

# openvpn client script modified to send data to obfsproxy

client
dev tun
proto tcp
remote 10.0.0.10 1191
:
:


# NOTES
#
# After long time the program freezes, might need to restart/reboot
#
# The above setup has separate machines for openvpn and obfsproxy clients.
# If they are on the same machine you need to modify openvpn script
# as follows.
#
# push "redirect-gateway local"
# push "route vpn_server_ip 255.255.255.255 net_gateway"
#
# Otherwise when you establish the openvpn connection
# it breaks the obfsproxy connection.
#
# The server_scramblesuit.sh script has a funny looking IP
# 192.168.16.154:15411 because its a NAT
# If it was normal dedicated IPv4 it would be
# 45.43.000.00:15411
#
# usage: obfsproxy [-h] [-v] [--log-file LOG_FILE]
# [--log-min-severity {error,warning,info,debug}] [--no-log]
# [--no-safe-logging] [--data-dir DATA_DIR] [--proxy PROXY]
# {managed,obfs2,dummy,obfs3,scramblesuit,b64} ...
#
# Until you know your scripts are correct run obfsproxy in debug mode
# and not in the background, no &.
#
# --log-min-severity=debug
# when all is ok, then
# --no-log
#
##############################################################
##############################################################
##############################################################
##################### THE END ##############################
##############################################################
##############################################################
##############################################################
# Other info not directly needed for above
# Install obfsproxy using apt-get install obfsproxy

# either
https://packages.debian.org/sid/obfs4proxy

# or

echo "deb http://deb.torproject.org/torproject.org wheezy main" >> \
/etc/apt/sources.list.d/tor.list

gpg --keyserver keys.gnupg.net --recv 886DDD89

gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

apt-get update

apt-get install obfsproxy

# for info https://www.torproject.org/download/download

# There are two versions of obfsproxy, one is written in "python language",
# The second in "go language", so far only tested python based as stand alone transport.

# Sample scripts
https://gitweb.torproject.org/user/phw/scramblesuit.git/tree/test

# Check latest python obfsproxy (current is 0.2.13)
# https://pypi.python.org/pypi/obfsproxy
# or

git clone https://git.torproject.org/pluggable-transports/obfsproxy.git

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s