How to hide OpenVPN traffic using Obfsproxy on a Windows computer and Linux EC2 server

We’ll present the necessary steps to set up Obfsproxy with a homemade OpenVPN server and a Windows computer. This will help you to prevent firewalls and censors from using deep packet inspection to find out if you are using OpenVPN to encrypt your traffic. In order to follow these steps, you will need a working OpenVPN servers and a Windows client already set up on Amazon Web Services EC2 instance. With Obfsproxy, you can defeat the blocks imposed on VPN in China and other countries. It is also an effective solution to bypass the VPN ban on Netflix so that you can enjoy content from different locations.

Getting started

Obfsproxy stands out for obfuscation proxy and it is a solution that aims to bypass censorship by disguising encrypted traffic and making it appear as regular traffic. It was applied by Tor, but it works independently from it. This means that it can be used to obfuscate OpenVPN traffic. In order to be able to use Obfsproxy with OpenVPN, you need to configure it on the client, as well as on the server. It is possible to find pre-configured servers from VPN providers like NordVPN and in that case, you will only need to configure the client. Below is a list of the technology required:

  • A working OpenVPN server on Amazon Linux EC2 instance
  • The OpenVPN Connect GUI, which is the app in the client side
  • Python 2.7
  • Microsoft C++ Compiler for Python 2.7
  • PuTTy
  • ProxySwitchy Sharp or a similar proxy software
  • OpenSSL Light for Windows

Configuring client-side Obfsproxy on Windows

If your VPN provider offers servers that have been already configured, you will only need to worry about the client-side configuration. You can follow the below steps:

  1. Install Python 2.7 in the default directory with the default settings. Since Obfsproxy is a Python program, the installation is necessary. Even if you already have more recent versions of Python, it is advisable to install 2.7. The installation file is available when you get NordVPN’s zip file and you will find it in the Step 3 folder.
  2. Now you have to install the Microsoft C++ Compiler for Python 2.7, which can be found in the Step 4 folder from NordVPN’s configuration files. The reason why it is more practical to install Python 2.7 is that the compiler is available just for this version of the software.
  3. After installing the C++ compiler with the help of the default settings and directory, you can go to the Step 5 folder. With the default settings, install OpenSSL Light. It is possible that you get asked for a donation, but if preferre,d you can ignore this by closing the pop up window. Bookmark the page, restart your computer and open the page again.

Obfsproxy and OpenVPN setup

Now that you have all the elements needed to run Obfsproxy, the next step is to configure it to ensure that it can be used with OpenVPN.

  1. The first step is to modify the existing .ovpn files in the OpenVPN directory. If OpenVPN was installed in the default directory, you will find the configuration files in the C:/Program Files/OpenVPN/config.
  2. Right click on Notepad or another text editor, select “Run as Administrator” and then open the config file that is normally used to connect to your OpenVPN server.Click File, then Save As and give it a different name. This will allow you to modify the copy, while keeping the original intact.

The config file will be modified to look like this:

proto tcp-client
remote 8080
pory 1194
dev tun1
secret ovpn.key
redirect-gateway def1
ifconfig 10.4.0.2 10.4.0.1
socks-proxy-retry
socks-proxy 127.0.0.1 10194

As you can see, there are two lines added at the bottom, as well as a port number on the end of the remote line. You can replace with the IP address of your Amazon EC2 instance. This address will change whenever you stop and start your instance, unless you have set up an elastic IP address on Amazon.

The port number on the remote line, can be anything beyond the reserved range of ports. In this case, 8080 has been used due to its high compatibility with pretty much all web servers. However, you can also use 21194. The important thing is to keep in mind that the information entered there has to match with what will be configured on the server side. If you are using a server from a VPN provider that has already been configured, they will supply the config files. If you use NordVPN, you will find them in the Step 2 folder.

3. Now you need to save your new config file, avoiding to overwrite the previous one. It is also important to ensure that your text editor doesn’t automatically mark the file name with .txt. It has to be a .ovpn file instead.

4. Once OpenVPN is configured, Obfsproxy has to be installed and run. At this point, we will need the newly installed Python. Type “Command prompt” in the Windows search bar. Then right click the Command Prompt application and press “Run as administrator”. Type the following commands one by one and press enter after each of them.

cd C:\Python27\Scripts

pip install — upgrade pip

pip install obfsproxy

obfsproxy — log-min-severity=info obfs2 — shared-secret+ socks 127.0.0.1:10194

It is possible that you see some error messages or notifications after the second command, but they can be ignored.

5. Next you will need to replace the part that says with the password you prefer. Make sure that you keep this password safe and that you remember it. If you are using the pre-configured servers of your VPN provider, they will give you this command.

6. After the last line, your command prompt should notify you that it is listening for obfsproxy traffic. You will need to go to the Scripts directory (first command), provide the last command (Obfsproxy command) and leave the command prompt open at any stage when you want to use Obfsproxy.

Proxy Setup

While this is not necessary and Obfsproxy will work even if you don’t do this, setting up a proxy is needed is you want to use Obfsproxy along with a VPN connection to watch content from online streaming services like Netflix from outside the US or another region where your VPN server is located. The steps to set up a proxy connection may vary according to the application, but it is possible to set it up in the Windows Internet settings, or on an app-by app basis, if preferred. Usually you can set up a proxy in the settings of each app. You would see the below:

SOCKS host: 127.0.0.1
Port: 8080 (or the data that appears in your OpenVPN config file on the remote line).
SOCKS version 5 (SOCKS5)
You can use a proxy extension to set this up easily on a browser.

Obfsproxy server configuration on Linux EC2 instance

Once your Windows computer is ready to connect, you can get the server ready.

AWS Security Group

Prior to installing and running obfsproxy on the server, you have to add a new rule to the server’s security group to ensure that the EC2 instance’s firewall doesn’t block the traffic.

In order to do this, you can log into the AWS account, click EC2 and then under Network and Security, you can go to Security. There you can select to create a new security group and add it to the server or modify one that already exists.

Right click a rule and choose “Edit inbound rules”. Select all TCP traffic under Type. Set source to “My IP” or the IP of the device that you wnat to use to connect. Right click and go to “edit outbound rules”. Just select the dropdown option for “all traffic” under Type.

If a new security group was set up, click Instances in the left sidebar, then right click your VPN instance, scroll down to Networking. Select Change Security Groups. Then check your new security group and select Save.

Setting up Obfsproxy server

In order to connect to your server via SSH, you can use PuTTy. Keep in mind that the username in the Amazon Linux AMI server is “ec2-user”. You can run OpenVPN using the below command:

sudo service openvpn start

Your OpenVPN configuration file on the server (etc/openvpn/openvpn.conf) should have port 1194 open. If you are using the Linux 14.04 distribution, Python would be already installed. You can enter the following commands one line at a time in the PuTTy terminal. Press enter after each of them:

sudo yum install gcc

sudo pip install obfsproxy

obfsproxy –log-min-severity+info obfs2 –dest+127.0.0.1:1194 –shared-secret= server 0.0.0.0:8080

It is possible that older versions of Linux use “apt-get” instead of yum in the first command. Keep in mind that you need to replace in the last command using the same password as on the client side. You will see a similar message on this terminal as on the command prompt, showing that the server is listening on port 8080 for obfsproxy.

How to connect through Obfsproxy

  1. Now you are ready to connect. Obfsproxy should be running on both your local device (command prompt) and your server (PuTTy), then run the OpenVPN GUI. Right click it and use your new config to connect. The OpenVPN icon has to turn green and you will see a notification with the IP address that was assigned to you.
  2. To be able to bypass geo-blocks and access content from Netflix outside your region, enable the proxy settings in your apps. The proxy may also be added in the Windows Internet settings. Now it won’t be possible to distinguish your OpenVPN traffic from standard HTTP traffic and you will be able to defeat online restrictions.
(Visited 61 times, 1 visits today)

Leave a Reply

Your email address will not be published. Required fields are marked *