Jump to content
TorGuard
  • 0
Sign in to follow this  
user043

Stealth VPN

Rate this question

Question

user043

I might be misunderstanding something, but seeing how TorGuard's own client had stealth options and viscosity did not, I was wondering if setting up the VPN on the router also excluded stealth options?

If not, what is the difference in settings compared to the other tutorials here? DD-WRT for instance?

Getting ready to buy a router for this. Just need to understand first before I waste the money. I want the VPN tunnel created by the router to also be stealth.

Share this post


Link to post
Share on other sites

5 answers to this question

Recommended Posts

  • 0
Support

I might be misunderstanding something, but seeing how TorGuard's own client had stealth options and viscosity did not, I was wondering if setting up the VPN on the router also excluded stealth options?

 

If not, what is the difference in settings compared to the other tutorials here? DD-WRT for instance?

 

Getting ready to buy a router for this. Just need to understand first before I waste the money. I want the VPN tunnel created by the router to also be stealth.

 

Hey there - stealth requires a patched openvpn binary that’s not available in another app other than TG Client, its quite possible we could support in DD-WRt or tomato but there is a couple of small issues with that we need to try workaround.

 

Regards

Share this post


Link to post
Share on other sites
  • 0
19807409

Hey there - stealth requires a patched openvpn binary that’s not available in another app other than TG Client, its quite possible we could support in DD-WRt or tomato but there is a couple of small issues with that we need to try workaround.

 

Regards

 

Is there a source code available which you used for your client? If so, I guess it simply needs to be compiled for correct architecture, ie. mips and it would work on all routers which can run openwrt or any other wrt.

Share this post


Link to post
Share on other sites
  • 0
19807409

Do you use obfs or do you use something else? Because if not, I would like to compare/find out if your stealth openvpn binary works better with ddwrt :), then my obfs+openvpn which I use for my TorGuardWRT. Beside that, maybe somebody could post mips binary (i guess torguard routers have one on them) so that I can test it and it's performance on openwrt. I does work very well with CFW too.

 

Here some info, will not write a guide now...

 

As first, using ns_cert_type server (which is used with torguards configs) you prevent MitM attacks (Man in the middle). 

 

serverside config (yours maybe looks similar, but for your clients this part is not that important, its just for better understanding)

        option port 1913
        option 'client_config_dir' '/etc/openvpn/ccd' # client config push settings for each client
        list 'route' '192.168.1.0 255.255.255.0' # route each client network on the server
        list 'route' '192.168.2.0 255.255.255.0' # update server /etc/config/openvpn with client/s network
        list 'route' '192.168.3.0 255.255.255.0' # restart router/openvpn to update routing table on server
        ...
        your other option settings
        ... 

serverside Obfs:

obfsproxy --log-file=/tmp/obfs.log --log-min-severity=debug obfs2 --dest=127.0.0.1:1913 --shared-secret=test server 0.0.0.0:12345

 

Firewall (Allow traffic):

iptables -A input_rule -i tun0 -j ACCEPT
iptables -A forwarding_rule -i tun0 -j ACCEPT
iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -A output_rule -o tun0 -j ACCEPT

clientside (/etc/openvpn/ccd/mr13u)

...
your config options
...
socks-proxy-retry
socks-proxy 127.0.0.1 54321

Clientside , Contents of mr13u

iroute 192.168.1.0 255.255.255.0    # network behind openvpn client
push dhcp-option DNS 172.23.239.1
push dhcp-option DOMAIN lan
push route 172.23.239.0 255.255.255.0 # server->client to update client's routing table dynamically for each network which has to be routed over openvpn tunnel

Clientside obfs:

obfsproxy --log-file=/tmp/obfs.log --log-min-severity=debug obfs2 --shared-secret=test socks 127.0.0.1:54321

 

 

  • Like 1

Share this post


Link to post
Share on other sites
  • 0
Support

 

Do you use obfs or do you use something else? Because if not, I would like to compare/find out if your stealth openvpn binary works better with ddwrt :), then my obfs+openvpn which I use for my TorGuardWRT. Beside that, maybe somebody could post mips binary (i guess torguard routers have one on them) so that I can test it and it's performance on openwrt. I does work very well with CFW too.

 

Here some info, will not write a guide now...

 

As first, using ns_cert_type server (which is used with torguards configs) you prevent MitM attacks (Man in the middle). 

 

serverside config (yours maybe looks similar, but for your clients this part is not that important, its just for better understanding)

        option port 1913
        option 'client_config_dir' '/etc/openvpn/ccd' # client config push settings for each client
        list 'route' '192.168.1.0 255.255.255.0' # route each client network on the server
        list 'route' '192.168.2.0 255.255.255.0' # update server /etc/config/openvpn with client/s network
        list 'route' '192.168.3.0 255.255.255.0' # restart router/openvpn to update routing table on server
        ...
        your other option settings
        ... 

serverside Obfs:

obfsproxy --log-file=/tmp/obfs.log --log-min-severity=debug obfs2 --dest=127.0.0.1:1913 --shared-secret=test server 0.0.0.0:12345

 

Firewall (Allow traffic):

iptables -A input_rule -i tun0 -j ACCEPT
iptables -A forwarding_rule -i tun0 -j ACCEPT
iptables -A forwarding_rule -o tun0 -j ACCEPT
iptables -A output_rule -o tun0 -j ACCEPT

clientside (/etc/openvpn/ccd/mr13u)

...
your config options
...
socks-proxy-retry
socks-proxy 127.0.0.1 54321

Clientside , Contents of mr13u

iroute 192.168.1.0 255.255.255.0    # network behind openvpn client
push dhcp-option DNS 172.23.239.1
push dhcp-option DOMAIN lan
push route 172.23.239.0 255.255.255.0 # server->client to update client's routing table dynamically for each network which has to be routed over openvpn tunnel

Clientside obfs:

obfsproxy --log-file=/tmp/obfs.log --log-min-severity=debug obfs2 --shared-secret=test socks 127.0.0.1:54321

 

 

 

We can certainly send you the binary if your up for testing it ? :)

 

Regards

Share this post


Link to post
Share on other sites
  • 0
19807409

this would be great, thx

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×