On Fri, 16 Jan 2015 12:05:41 +0100 Alfredo Palhares masterkorp@masterkorp.net wrote:
Between the OpenVPN I an obfsproxy server outside the country and a client inside the country. But what I've found out is that Obfsproxy server needs to be running as the OpenVPN server and Obfsproxy client needs to be on the same machine as the OpenVPN client.
So what you're saying is, you want to do something like:
* There is an obfsproxy client instance running on c.example.com.
* There is an obfsproxy server instance running on s.example.com, that feeds into an OpenVPN server instance running on v.example.com.
* Multiple clients use c.example.com as the SOCKS proxy for the OpenVPN client, connect to s.example.com to get to the OpenVPN server running on v.example.com.
My thoughts on the matter are:
1. This should work. If it can be shown to be broken via a trivial application/test case (Eg: netcat), then it should be fixed (The trival test case requirement is because I don't want to debug OpenVPN again).
2. Oh god, c.example.com is going to be running a public SOCKS proxy. Granted people trying to use it to get to most destinations will have a connection that fails, but bad people can use it as a DDoS amplification host (The SOCKS dialog is much much shorter than any of the client requests that would be sent).
3. I don't know enough about the OpenVPN protocol/implementation to know if there are application specific quirks unique to OpenVPN that would prevent this configuration from working. That would be an OpenVPN problem, unless obfsproxy is altering the data it's relaying (Extremely unlikely).
I'll hold off on closing the ticket for now, but unless the code is broken in the "1." sense, I'm inclined to do so.
Regards,