Hi, I am not sure if this is a correct place to ask, but I will risk.... :-)
I am trying to set up OpenVPN server with Obfsproxy. I am using Obfsproxy 0.2.13 on both sides (server and client). On server (Debian 9), there is OpenVPN server listening on 443 TCP port. I am also using port sharing in OpenVPN so if someone connects to my server to 443 port with OpenVPN, he gets OpenVPN connection, but if someone connects to my server to 443 port with web browser (HTTPS), it will get website. (This is possible because OpenVPN can distinguish OpenVPN and other connections - others are relayed to webserver running on localhost on some other port.) Then I run Obfsproxy on the server with the following command: sudo obfsproxy --log-min-severity=debug --data-dir=/tmp/scramblesuit-server scramblesuit --password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest=127.0.0.1:443 server 0.0.0.0:8080 So basically, server is listening to port 8080 and relaying all connections to 443 TCP where they are taken over by OpenVPN. Now the client side (Ubuntu 17.04). I installed Obfsproxy via pip install and am running this command: obfsproxy --log-min-severity=debug --data-dir=/tmp/scramblesuit-client scramblesuit --password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest xx.xx.xx.xx:8080 socks 127.0.0.1:10194 So basically, Obfsproxy is connecting to my server to port 8080 and opening socks on client's localhost on port 10194. And finally, OpenVPN client config has basically just socks-proxy line added: client remote xx.xx.xx.xx 443 proto tcp socks-proxy 127.0.0.1 10194 dev tun ... ... Now the problem is, that when I run OpenVPN client, it can't connect and the problem is in Obfsproxy client. Here is the Obfsproxy's log: ################################################ Do NOT rely on ScrambleSuit for strong security! ################################################ 2017-09-26 19:54:16,672 [DEBUG] Setting the state location to `/tmp/scramblesuit-client/scramblesuit/'. 2017-09-26 19:54:16,673 [INFO] OBFSSOCKSv5Factory starting on 10194 2017-09-26 19:54:16,673 [INFO] Starting factory <obfsproxy.network.socks.OBFSSOCKSv5Factory instance at 0x7fc077f6b2d8> 2017-09-26 19:54:16,673 [DEBUG] socks_fact_0x7fc077f6b2d8: Starting up SOCKS server factory. 2017-09-26 19:54:16,673 [INFO] Launched 'socks' listener at '[scrubbed]:10194' for transport 'scramblesuit'. 2017-09-26 19:54:54,126 [DEBUG] socks_fact_0x7fc077f6b2d8: New connection. 2017-09-26 19:54:54,126 [DEBUG] Initialising ScrambleSuit. 2017-09-26 19:54:54,126 [DEBUG] Switching to state ST_WAIT_FOR_AUTH. 2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance. 2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance. 2017-09-26 19:54:54,126 [DEBUG] Dumping probability distribution. 2017-09-26 19:54:54,127 [DEBUG] P(271) = 0.623 2017-09-26 19:54:54,127 [DEBUG] P(321) = 0.321 2017-09-26 19:54:54,127 [DEBUG] P(1374) = 0.031 2017-09-26 19:54:54,127 [DEBUG] P(127) = 0.014 2017-09-26 19:54:54,127 [DEBUG] Dumping probability distribution. 2017-09-26 19:54:54,127 [DEBUG] P(0.00310045817413) = 0.012 2017-09-26 19:54:54,127 [DEBUG] P(0.00813930754249) = 0.703 2017-09-26 19:54:54,127 [DEBUG] P(0.00224023279255) = 0.269 2017-09-26 19:54:54,127 [DEBUG] P(0.00564475385899) = 0.011 2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting downstream connection (socks_down_0x7fc0781d9710). 2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting upstream connection (socks_up_0x7fc0781eab90). 2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Circuit completed. 2017-09-26 19:54:54,161 [DEBUG] Attempting to read master key and ticket from file `/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml'. 2017-09-26 19:54:54,161 [DEBUG] File `/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml' does not exist (yet?). 2017-09-26 19:54:54,161 [DEBUG] No session ticket to redeem. Running UniformDH. 2017-09-26 19:54:54,162 [DEBUG] Creating UniformDH handshake message. 2017-09-26 19:54:54,176 [DEBUG] circ_0x7fc077f845a8: upstream: Received 88 bytes. 2017-09-26 19:54:54,176 [DEBUG] Buffered 88 bytes of outgoing data. 2017-09-26 19:54:54,185 [DEBUG] socks_down_0x7fc0781d9710: Recived 0 bytes. 2017-09-26 19:54:54,186 [DEBUG] circ_0x7fc077f845a8: downstream: Received 0 bytes. 2017-09-26 19:54:54,186 [DEBUG] Unable to finish UniformDH handshake just yet. 2017-09-26 19:54:54,297 [DEBUG] socks_down_0x7fc0781d9710: Recived 652 bytes. 2017-09-26 19:54:54,297 [DEBUG] circ_0x7fc077f845a8: downstream: Received 652 bytes. 2017-09-26 19:54:54,297 [DEBUG] Attempting to extract the remote machine's UniformDH public key out of 652 bytes of data. 2017-09-26 19:54:54,297 [DEBUG] Could not find the mark just yet. 2017-09-26 19:54:54,297 [DEBUG] Unable to finish UniformDH handshake just yet. 2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Connection was lost (Connection was closed cleanly.). 2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Closing connection. 2017-09-26 19:54:54,299 [DEBUG] circ_0x7fc077f845a8: Tearing down circuit. 2017-09-26 19:54:54,299 [DEBUG] socks_down_0x7fc0781d9710: Closing connection. Is this problem somehow connected with warning about session_ticket.yaml? Directory /tmp/scramblesuit-client/scramblesuit/ on a client exists, but is empty. Any help will be much appreciated. Regards, M. -- PGP Fingerprint: 1918 8C72 E5D6 B523 86E1 AC24 C82A C043 3D92 568D PGP Key: https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC82AC0433D92568D Personal blog: https://telefoncek.si -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
