Hi David > From: David Sommerseth <openvpn.l...@topphemmelig.net> > Sent: Tue May 12 23:07:52 CEST 2015 > To: Lisa Minogue <lmino...@mail.be>, Jonathan K. Bullard <jkbull...@gmail.com> > Subject: Re: [Openvpn-devel] Request peer review of modified OpenVPN client > software > > So if there are issues in stunnel, try asking that community instead. They > know much more about that than what we do here.
Thank you for pointing me in the right direction. > The XOR patch which we've basically rejected so far, modifies how OpenVPN > packets looks like. Piping the traffic through stunnel will actually encrypt > the OpenVPN packets once more, thus the packets will not look like OpenVPN > packets. And the same happens if you use obfsproxy > from the Tor project, which also is used to mangle the network packets. Briefly what are your reasons for rejecting the XOR patch? > We have generally recommended obfsproxy, as that's a tool especially designed > to do this clever magic in a very flexible way. So when a firewall learns > the new packet fingerprint, obfsproxy can easily and quickly be extended with > another mangler. And that is why we don't want this > functionality built into OpenVPN. Because it is far harder for OpenVPN to > follow what passes through various "Great Firewalls" (you have more countries > doing that than just China). The Tor projects have a special interest in > making such mangling work as smooth as possible, with great > success. Hence that has been our primary recommendation. Thanks once again for your time and effort in helping me understand the advantages of using obfsproxy over XOR patch or stunnel4. Do OpenVPN developers have an official wiki on how to use obfsproxy with OpenVPN? Or is the article referenced by the following URL--https://community.openvpn.net/openvpn/wiki/TrafficObfuscation--your official guide? Best regards. Lisa ----------------------------------------------------- Mail.be, WebMail and Virtual Office http://www.mail.be
