I invite suggestions of other approaches, other providers, other analytic approaches, etc. Initially, I'll capture traffic with Wireshark,Īnd compare IO graphs. Also, neither prevents the throttling of all encrypted trafficĪnyway, I plan to test these approaches for usability and effectiveness. Neither hides packet size or timing, and the OpenVPN handshake is distinctive. I also gather that neither approach totally hides OpenVPN. I gather that stunnel simulates HTTPS, while obfsproxy can simulate various sorts of SSL connections, using plug-ins. Both tunnel TCP-mode VPN links through an additional SSL layer. The other, which is offered by iVPN, uses obfsproxy (developed by the Tor Project). One approach, which is offered by AirVPN, uses stunnel. I gather that there are at least two approaches for hiding VPN connections. And their systems test suspected servers for VPN-specific response patterns. More and more countries are using DPI to detect VPN connections. TX packets:1858319 errors:0 dropped:665 overruns:0 carrier:0 RX packets:2235403 errors:0 dropped:0 overruns:0 frame:0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
TX packets:258924 errors:0 dropped:0 overruns:0 carrier:0 RX packets:258924 errors:0 dropped:0 overruns:0 frame:0 This means that even the most brutal techniques of monitoring, censorship, throttling and traffic shaping will fail against AirVPN, because your ISP and your government will see only TCP or UDP traffic (as you prefer) on a unique port. TX packets:2476494 errors:0 dropped:0 overruns:0 carrier:0 Additionally, every Air server supports directly OpenVPN over SSH and OpenVPN over SSL. RX packets:2671049 errors:0 dropped:0 overruns:0 frame:0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 I will gladly supply more information if needed and would need a nudge in the right direction to resolve this problem.Įth0 Link encap:Ethernet HWaddr 00:18:f3:74:ae:53 I'm fairly sure this problem has something to do with the route changes the openvpn client does when connecting but my lack of understanding on this subject is preventing me from making the exception necessary for this to work.
If I disable the openvpn connection I can access the client with the router public ip from port 22 so forwarding is correct. I can ssh the client with the vpn ip and from the local network but not with the routers wan ip.
I have a nat router that forwards the port 22 to my client computer from the outside world. The client is running ubuntu 10.04 if that is relevant.Ĭurrently I can ssh my client computer from the internal network that ranges from 10.0.0.2-10.0.0.10. I'm sure I'm explaining this a bit funny but it's just my lack of knowhow on this subject.
My setup has eth0 and tun0 interfaces and eth0 is connected to my home network while tun0 is connected to a vpn server. I want to allow ssh port to connect to the non vpn ip address of my client that is connected to a vpn server.
0 kommentar(er)
