Obfuscation can be used to prevent your VPN connection being detected and/or blocked. Some administrators (such as wireless hot spots in cafes) choose to block VPN traffic on their network. By obfuscating your VPN connection, you can securely connect to your remote network resources or browse the internet privately while connected to such restricted networks.
Network administrators can use tools like Deep Packet Inspection (DPI) to classify and restrict traffic by protocol, such as HTTP, SSL, VPN, etc. Viscosity uses Obfsproxy to obfuscate its VPN traffic. Obfsproxy transforms the VPN traffic coming from your computer to make it look like whatever you choose, so that it is more difficult to restrict via DPI methods. There are a number of different methods Obfsproxy can use to disguise your traffic, including obfs2 which adds an encryption wrapper around your VPN traffic to stop it looking like any protocol in particular.
Ubuntu Setup
Preparation
For this guide, we assume:
The OpenVPN server can be on this installation of Ubuntu, or another machine, it doesn't matter. If you haven't already setup an OpenVPN server, please check out our setup guides.
Make sure to set the OpenVPN server protocol to TCP, not UDP. We also assume that this installation of Ubuntu is a fresh install, possibly with an OpenVPN server installed as well. If you don't have a copy of Viscosity already installed on your client machine, then please check out this setup guide for installing Viscosity (Mac | Windows).
Getting Started
This guide will walk you through setting up one of the following obfuscation protocols:
To begin, log in to the command line as root with sudo su -. Once logged in, we need to ensure that Ubuntu's repository list is up to date by typing the following:
For obfs2, obfs3 and obfs4 we will use obfs4proxy. To install obfs4proxy, run the following:
For scramblesuit, you will need obfsproxy instead, install this with the following and then skip to the scramblesuit section further down:
A final note before continuing, this guide uses port 12345 as an example, for the majority of cases, this works just fine. However, you might wish to change this to port 443 or 80 if you are going to use obfsproxy in places that block all other ports. Please keep in mind, this may interfere with your servers ability to host websites or connect to external sources itself, so if you choose these ports, make sure you test everything!
Network administrators can use tools like Deep Packet Inspection (DPI) to classify and restrict traffic by protocol, such as HTTP, SSL, VPN, etc. Viscosity uses Obfsproxy to obfuscate its VPN traffic. Obfsproxy transforms the VPN traffic coming from your computer to make it look like whatever you choose, so that it is more difficult to restrict via DPI methods. There are a number of different methods Obfsproxy can use to disguise your traffic, including obfs2 which adds an encryption wrapper around your VPN traffic to stop it looking like any protocol in particular.
Ubuntu Setup
Preparation
For this guide, we assume:
Code:
You have already installed the latest version of Ubuntu (18.04 at time of writing)
You have root access to this installation of Ubuntu via terminal or ssh
You have already setup a TCP (not UDP) OpenVPN server
You already have a copy of Viscosity installed on your client device
The OpenVPN server can be on this installation of Ubuntu, or another machine, it doesn't matter. If you haven't already setup an OpenVPN server, please check out our setup guides.
Make sure to set the OpenVPN server protocol to TCP, not UDP. We also assume that this installation of Ubuntu is a fresh install, possibly with an OpenVPN server installed as well. If you don't have a copy of Viscosity already installed on your client machine, then please check out this setup guide for installing Viscosity (Mac | Windows).
Getting Started
This guide will walk you through setting up one of the following obfuscation protocols:
Code:
obfs2
obfs3
scramblesuit
obfs4
To begin, log in to the command line as root with sudo su -. Once logged in, we need to ensure that Ubuntu's repository list is up to date by typing the following:
sudo apt-get update
For obfs2, obfs3 and obfs4 we will use obfs4proxy. To install obfs4proxy, run the following:
sudo apt install -y obfs4proxy
For scramblesuit, you will need obfsproxy instead, install this with the following and then skip to the scramblesuit section further down:
sudo apt install -y obfsproxy
A final note before continuing, this guide uses port 12345 as an example, for the majority of cases, this works just fine. However, you might wish to change this to port 443 or 80 if you are going to use obfsproxy in places that block all other ports. Please keep in mind, this may interfere with your servers ability to host websites or connect to external sources itself, so if you choose these ports, make sure you test everything!