Obfsproxy, Viscosity, OpenVPN

Updated 20-Sep-2023

OpenVPN is great, and the OpenVPN command line client and the Viscosity GUI are also nice. However, all configurations need to be checked to ensure there is no information leakage. Secondly, the basic OpenVPN connection needs another layer of encryption and/or obfuscation, in order to interoperate with Internet firewalls and services that use deep packet inspection to determine vpn/proxy traffic.

Viscosity

Viscosity is probably the best gui client for OSX and Windows. That said, there is a lot to be desired. In fact, it is wise to skip the gui altogether with most things.

For OSX, the connections are separate, numbered folders, with copied keys and certs and a config.conf file, located in ~/Library/Application Support/Viscosity/OpenVPN/1 with second and subsequent configurations in /2, /3, etc.

Manually edit these files, and copy the ca.crt, username.crt, and username.key, and put those filenames in the entries. Set the security to chmod 700 on the certs and keys.

Example:

#-- Configuration Generated By Viscosity --#
#viscosity startonopen false
#viscosity protocol openvpn
#viscosity dns full
#viscosity usepeerdns true
#viscosity dnsserver 10.10.0.1
#viscosity autoreconnect true
#viscosity name host.domain.tld
#viscosity dhcp true
remote 12.34.56.78 1194 udp
nobind
dev tun
redirect-gateway def1
tun-mtu 1500
persist-tun
persist-key
compress lzo
pull
tls-client
ca username-ca.crt
cert username-cert.crt
key username-key.key
push "redirect-gateway def1"
comp-lzo
mssfix 1450
resolv-retry infinite
tun-mtu-extra 32
reneg-sec 0

Current Problems with my OpenVPN Configuration

SSL Tunnel with Stunnel for OpenVPN

... Incomplete, more to follow ...

SSH Tunnel

... Incomplete, more to follow ...

Obfsproxy

... Incomplete, more to follow ...

OpenVPN Client for IOS

The OpenVPN Connect client app for IOS works well. First, configure Viscosity, then copy the config.conf file and rename to config.ovpn. Next, install the OpenVPN IOS app, and hen share all four files (the two certificates, the key, and the configuration file) via iTunes or email (select Help button).

Go to Settings > OpenVPN and enable Seamless tunnel and Reconnect on wakeup. Set the protocol, compression, connection timeout, network state detection, and IPv6 settings.

Resources Consulted