What's new

Welcome to GloTorrents Community

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?

Ask question

Ask Questions and Get Answers from Our Community

Answer

Answer Questions and Become an Expert on Your Topic

Contact Staff

Our Experts are Ready to Answer your Questions

Setting up an Obfuscation VPN server with Obfsproxy and Viscosity

_.:=iTake=:._

Administrator
Staff member
ZeuS
Super Moderator
+Lifetime VIP+
Registered
Joined
Oct 20, 2018
Messages
1,370
Reaction score
1,431
Points
113
Credits
14,854
Obfuscation can be used to prevent your VPN connection being detected and/or blocked. Some administrators (such as wireless hot spots in cafes) choose to block VPN traffic on their network. By obfuscating your VPN connection, you can securely connect to your remote network resources or browse the internet privately while connected to such restricted networks.

Network administrators can use tools like Deep Packet Inspection (DPI) to classify and restrict traffic by protocol, such as HTTP, SSL, VPN, etc. Viscosity uses Obfsproxy to obfuscate its VPN traffic. Obfsproxy transforms the VPN traffic coming from your computer to make it look like whatever you choose, so that it is more difficult to restrict via DPI methods. There are a number of different methods Obfsproxy can use to disguise your traffic, including obfs2 which adds an encryption wrapper around your VPN traffic to stop it looking like any protocol in particular.

Ubuntu Setup

Preparation

For this guide, we assume:


Code:
You have already installed the latest version of Ubuntu (18.04 at time of writing)

You have root access to this installation of Ubuntu via terminal or ssh

You have already setup a TCP (not UDP) OpenVPN server

You already have a copy of Viscosity installed on your client device

The OpenVPN server can be on this installation of Ubuntu, or another machine, it doesn't matter. If you haven't already setup an OpenVPN server, please check out our setup guides.

Make sure to set the OpenVPN server protocol to TCP, not UDP. We also assume that this installation of Ubuntu is a fresh install, possibly with an OpenVPN server installed as well. If you don't have a copy of Viscosity already installed on your client machine, then please check out this setup guide for installing Viscosity (Mac | Windows).


Getting Started
This guide will walk you through setting up one of the following obfuscation protocols:

Code:
obfs2
obfs3
scramblesuit
obfs4

To begin, log in to the command line as root with sudo su -. Once logged in, we need to ensure that Ubuntu's repository list is up to date by typing the following:

sudo apt-get update

For obfs2, obfs3 and obfs4 we will use obfs4proxy. To install obfs4proxy, run the following:

sudo apt install -y obfs4proxy

For scramblesuit, you will need obfsproxy instead, install this with the following and then skip to the scramblesuit section further down:

sudo apt install -y obfsproxy

A final note before continuing, this guide uses port 12345 as an example, for the majority of cases, this works just fine. However, you might wish to change this to port 443 or 80 if you are going to use obfsproxy in places that block all other ports. Please keep in mind, this may interfere with your servers ability to host websites or connect to external sources itself, so if you choose these ports, make sure you test everything!
 

_.:=iTake=:._

Administrator
Staff member
ZeuS
Super Moderator
+Lifetime VIP+
Registered
Joined
Oct 20, 2018
Messages
1,370
Reaction score
1,431
Points
113
Credits
14,854
Obfs4proxy Server Configuration
To get started setting up obfs4proxy, for if you want to use the obfs2, obfs3 or obfs4 protocol, we first setup the config. Create a directory for the obfs4proxy configuration with the following:

sudo mkdir -p /var/lib/tor/pt_state/obfs4

Next, create the config:

sudo nano /var/lib/tor/pt_state/obfs4/obfs4.config

And paste in the following:

Code:
TOR_PT_MANAGED_TRANSPORT_VER=1
TOR_PT_STATE_LOCATION=/var/lib/tor/pt_state/obfs4
TOR_PT_SERVER_TRANSPORTS=obfs4
TOR_PT_SERVER_BINDADDR=obfs4-0.0.0.0:12345
TOR_PT_ORPORT=127.0.0.1:443

You can make the following changes as necessary:

Code:
TOR_PT_SERVER_TRANSPORTS - This is the protocol to use, change this to obfs2 or obfs3 if you wish to use a different protocol.
TOR_PT_SERVER_BINDADDR - Again, change obfs4 to obfs2 or obfs3 if you wish to use a different protocol. 12345 is the port obfs4proxy is listening on, you may also change this as you wish.
TOR_PT_ORPORT - This is the address of your OpenVPN server. If you are running the obfs4proxy server on the same system as your OpenVPN server using port 443, nothing needs to change, otherwise change this address and port as needed.

Save the configuration and exit nano.
Next we need to setup a service for obfs4proxy. To do this, create a new file and open it in the nano editor with the following:

sudo nano /etc/systemd/system/obfs4proxy.service

And paste in the following, save and close nano:

Code:
[Unit]
Description=obfs4proxy Server

[Service]
EnvironmentFile=/var/lib/tor/pt_state/obfs4/obfs4.config
ExecStart=/usr/bin/obfs4proxy -enableLogging true -logLevelStr INFO

[Install]
WantedBy=multi-user.target

Next, start the service and enable it to automatically start after rebooting:

sudo systemctl start obfs4proxy.service

sudo systemctl enable obfs4proxy.service

You can check it started succesfully with:

sudo systemctl status obfs4proxy.service

Finally, if you are using the obfs4 protocol, when you start the server for the first time a password key will be generated which you will need to paste into Viscosity.

Print it out with:

sudo cat /var/lib/tor/pt_state/obfs4/obfs4_bridgeline.txt | grep 'Bridge obfs4' | sed -e 's/^.*cert=\(.*\) .*$/\1/'
 

_.:=iTake=:._

Administrator
Staff member
ZeuS
Super Moderator
+Lifetime VIP+
Registered
Joined
Oct 20, 2018
Messages
1,370
Reaction score
1,431
Points
113
Credits
14,854
Scramblesuit Server Setup
Scramblesuit requires a different configuration using the older obfsproxy program. To get started, create an empty directory for obfsproxy with:

sudo mkdir -p /var/lib/tor/pt_state/scramblesuit

Next, we need to generate a password to use. To do this, type the following into terminal:

python -c 'import os,base64; print base64.b32encode(os.urandom(20))'

This will output a line of numbers and letters, make a copy of this, this is your password key for scramblesuit which we will need below and for Viscosity later.

Next, create a service configuration and open it with nano:

sudo nano /etc/systemd/system/obfsproxy.service

And paste in the following:

Code:
[Unit]
Description=Obfsproxy Server

[Service]
ExecStart=/usr/bin/obfsproxy --log-min-severity=info --data-dir=/var/lib/tor/pt_state scramblesuit --password=YOURPASSWORD --dest=127.0.0.1:443 server 0.0.0.0:12345

[Install]
WantedBy=multi-user.target

Make the following changes as necessary:

  • YOURPASSWORD - Replace this with the password key we generated above.
  • 127.0.0.1:443 - This is the address to your OpenVPN server. This is valid if your OpenVPN server is running on the same system as obfsproxy and is listening on port 443, otherwise change this as required.
  • 0.0.0.0:12345 - This where obfsproxy is listening for connections. You can change 12345 to a different port as required.

Save the service configuration and exit nano. We can then start the service and enable it to start automatically after reboot with:

sudo systemctl start obfsproxy.service

sudo systemctl enable obfsproxy.service

You can check it started succesfully with:
sudo systemctl status obfsproxy.service

Firewall Setup
Finally we need to allow external connections to Obfsproxy. Assuming you setup ufw (Uncomplicated Firewall) following our Ubuntu server guide, simply enter the following:

sudo ufw allow 12345
sudo ufw reload

If you changed your port from 12345 which is shown in this guide, adjust the number in the first command accordingly.
 

_.:=iTake=:._

Administrator
Staff member
ZeuS
Super Moderator
+Lifetime VIP+
Registered
Joined
Oct 20, 2018
Messages
1,370
Reaction score
1,431
Points
113
Credits
14,854
Setting Up Viscosity

The interface provided by the Mac and Windows versions of Viscosity are intentionally very similar. As such, we will focus our guide on the Mac version, pointing out any differences with the Windows version as they arise.

If you do not have Viscosity already running, start Viscosity now. In the Mac version you will see the Viscosity icon appear in the menu bar. In the Windows version you will see the Viscosity icon appear in the system tray.

Click the Viscosity icon in the menu bar (Windows: system tray) and select 'Preferences...':



This shows you the list of available VPN connections. We assume you have already created a connection to your OpenVPN server. If you haven't set created a Viscosity connection to your OpenVPN server, please check out our OpenVPN server guides. Select your previously configured connection and click "Edit":

Configuring the Connection

You will now need to modify the connection parameters as outlined below:
  1. In the General tab, replace the server address with the IP address of your Obfsproxy server. This will be unchanged if your Obfsproxy server is running on the same machine as your OpenVPN server.
  2. Update the port to the Obfsproxy port set in the configuration above (12345 in our example).
  3. The protocol must be set to TCP.



4. Click the Transport tab.
5. Set the obfuscation method to the obfuscation method selected in the Obfsproxy server configuration.
6. You cannot use a proxy when using obfuscation, so make sure the "Connect using proxy" option is unchecked.
7. If you are using obfs4 or scramblesuit, paste the password key in the "Key" field.



8. Click the Save button.

Connecting and Using Your VPN Connection

You are now ready to connect. Click on the Viscosity icon in the menu bar (Windows: system tray) and select 'Connect DemoConnection'. That's it, you should see a notification that you're now connected!

To check that the VPN is up and running, you can use the Viscosity details window. Click the Viscosity menu bar (Windows: system tray) icon and select 'Details...'. This will bring up the details window.



This window will show you the traffic passing through the VPN connection.

Source: SparkLabs
 
shape1
shape2
shape3
shape4
shape7
shape8
Top