On 20/12/16 17:44, Sebastian Rubenstein wrote: > I assume you were referring to vpn.ac? Some of my friends tried its > service in China and found it to be patchy at best. The deep > inspection technologies employed by the Chinese authorities are > capable of sniffing out VPN connections.
This is a very good example of the argument we developers have had against the XOR patch. It will work for a limited time, until the DPI firewalls are updated. And which is why we primarily suggest using obfsproxy, which is explicitly designed for such tasks. With that said, I do understand the advantage of not depending on additional software - which is even more relevant on the mobile/tablet devices. But hard-wiring into OpenVPN will just be more maintenance work for the core OpenVPN developers. What have been discussed, is to extend the --plugin interface to allow a module to be loaded at runtime which allows the OpenVPN wire packets to be mangled before being sent to the remote site and de-mangled immediately after having received packets from the remote site. This allows users to switch between available obfuscation modules at runtime, without modifying the core OpenVPN at all. Depending on the loaded module, it will do whatever is appropriate. If it is doing some static crypto (kind of like stunnel), some XOR operations or speaks the obfsproxy protocol directly, it entirely depends on this third-party module. The challenge with this will be to encourage some developers to write such mangling plug-in modules. But the plan is to provide an API for it. As I've worked a lot with the --plugin interface, I do have some interest in enabling such an API. Hopefully I can manage to get something ready for the next major OpenVPN release. -- kind regards, David Sommerseth
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/intel
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
