2015-04-30 12:08:49 +02:00
|
|
|
OpenVPN over Obfsproxy
|
|
|
|
======================
|
|
|
|
|
2015-05-24 06:23:19 +02:00
|
|
|
`Obfsproxy` is a pluggable transport proxy written in python.
|
|
|
|
It provides several obfuscation method. I consider `scramblesuit` the best.
|
2015-04-30 13:39:20 +02:00
|
|
|
I will update this image if there's better one.
|
|
|
|
|
2015-05-24 06:23:19 +02:00
|
|
|
![obfsproxy](http://www.cs.kau.se/philwint/scramblesuit/images/big_picture.png)
|
|
|
|
|
|
|
|
`scramblesuit` can transport any application that supports SOCKS.
|
|
|
|
This includes `Tor`, `VPN`, `SSH`, and many other protocols.
|
|
|
|
|
|
|
|
We can transport `OpenVPN` over `Obfsproxy`, so that firewall cannot detect it.
|
2016-04-02 02:19:22 +02:00
|
|
|
In the following example, you should run `vimagick/openvpn` container first.
|
2015-05-24 06:23:19 +02:00
|
|
|
Don't forget to edit `/etc/openvpn/openvpn.conf` to use `proto tcp`.
|
2015-04-30 12:32:52 +02:00
|
|
|
|
2015-04-30 12:08:49 +02:00
|
|
|
## docker-compose.yml
|
|
|
|
|
|
|
|
```
|
2015-04-30 13:39:20 +02:00
|
|
|
data:
|
2016-04-02 02:19:22 +02:00
|
|
|
image: busybox
|
2015-04-30 13:39:20 +02:00
|
|
|
volumes:
|
2015-04-30 13:50:32 +02:00
|
|
|
- /etc/openvpn
|
2015-04-30 13:39:20 +02:00
|
|
|
|
|
|
|
server:
|
2016-04-02 02:19:22 +02:00
|
|
|
image: vimagick/openvpn
|
2015-04-30 13:39:20 +02:00
|
|
|
ports:
|
2015-04-30 13:50:32 +02:00
|
|
|
- "1194:1194/tcp"
|
2015-04-30 13:39:20 +02:00
|
|
|
volumes_from:
|
2015-04-30 13:50:32 +02:00
|
|
|
- data
|
2015-04-30 13:39:20 +02:00
|
|
|
cap_add:
|
2015-04-30 13:50:32 +02:00
|
|
|
- NET_ADMIN
|
2015-04-30 13:39:20 +02:00
|
|
|
restart: always
|
|
|
|
|
2015-04-30 12:08:49 +02:00
|
|
|
obfsproxy:
|
2016-04-02 02:19:22 +02:00
|
|
|
image: vimagick/obfsproxy
|
2015-04-30 12:08:49 +02:00
|
|
|
ports:
|
|
|
|
- "4911:4911"
|
|
|
|
links:
|
2015-04-30 13:39:20 +02:00
|
|
|
- server:openvpn
|
|
|
|
environment:
|
|
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
2015-05-01 11:54:38 +02:00
|
|
|
- DEST_ADDR=openvpn
|
2015-04-30 13:39:20 +02:00
|
|
|
- DEST_PORT=1194
|
|
|
|
- LISTEN_ADDR=0.0.0.0
|
|
|
|
- LISTEN_PORT=4911
|
|
|
|
restart: always
|
|
|
|
```
|
|
|
|
|
|
|
|
To link a existing `openvpn` container, please use `external_links` instead of `links`.
|
|
|
|
|
2015-04-30 13:46:33 +02:00
|
|
|
```
|
2015-04-30 13:39:20 +02:00
|
|
|
obfsproxy:
|
2016-04-02 02:19:22 +02:00
|
|
|
image: vimagick/obfsproxy
|
2015-04-30 13:39:20 +02:00
|
|
|
ports:
|
|
|
|
- "4911:4911"
|
|
|
|
external_links:
|
2015-04-30 12:08:49 +02:00
|
|
|
- openvpn_server_1:openvpn
|
|
|
|
environment:
|
|
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
2015-05-01 11:54:38 +02:00
|
|
|
- DEST_ADDR=openvpn
|
2015-04-30 12:08:49 +02:00
|
|
|
- DEST_PORT=1194
|
|
|
|
- LISTEN_ADDR=0.0.0.0
|
|
|
|
- LISTEN_PORT=4911
|
|
|
|
restart: always
|
|
|
|
```
|
|
|
|
|
2015-05-01 11:17:40 +02:00
|
|
|
The default run mode is `server`. You can also run container in `client` mode.
|
|
|
|
The following example shows us how to make a OpenVPN relay:
|
2015-05-01 10:25:42 +02:00
|
|
|
|
|
|
|
```
|
|
|
|
obfsproxy:
|
2016-04-02 02:19:22 +02:00
|
|
|
image: vimagick/obfsproxy
|
2015-05-01 11:17:40 +02:00
|
|
|
ports:
|
2015-05-01 11:49:42 +02:00
|
|
|
- "1194:1194/tcp"
|
2015-05-01 10:25:42 +02:00
|
|
|
environment:
|
2015-05-01 11:17:40 +02:00
|
|
|
- PASSWORD=J23TNHPJPAOQJLTCPLFD4CQYVFY6MEVP
|
2016-05-01 03:06:20 +02:00
|
|
|
- DEST_ADDR=vpn.easypi.info
|
2015-05-01 11:17:40 +02:00
|
|
|
- DEST_PORT=4911
|
2015-05-01 10:25:42 +02:00
|
|
|
- RUN_MODE=client
|
2015-05-01 11:17:40 +02:00
|
|
|
- LISTEN_ADDR=0.0.0.0
|
2015-05-01 11:49:42 +02:00
|
|
|
- LISTEN_PORT=1194
|
2015-05-01 11:17:40 +02:00
|
|
|
restart: always
|
2015-05-01 10:25:42 +02:00
|
|
|
```
|
|
|
|
|
2015-04-30 13:39:20 +02:00
|
|
|
The password should be encoded by Base32 with fixed length.
|
|
|
|
You can generate one via this command:
|
|
|
|
|
2015-04-30 13:46:33 +02:00
|
|
|
```
|
2015-04-30 13:39:20 +02:00
|
|
|
python -c 'import base64, os; print base64.b32encode(os.urandom(20))'
|
|
|
|
```
|
2015-05-12 10:49:35 +02:00
|
|
|
|
|
|
|
Note: There's no ports exposed in Dockerfile. You need to expose port explicitly.
|