Why run both? On September 26, 2017 8:34:25 PM GMT+02:00, Matej Kovacic <matej.kova...@owca.info> wrote: >Hi, > >I am not sure if this is a correct place to ask, but I will risk.... >:-) > >I am trying to set up OpenVPN server with Obfsproxy. I am using >Obfsproxy 0.2.13 on both sides (server and client). > >On server (Debian 9), there is OpenVPN server listening on 443 TCP >port. >I am also using port sharing in OpenVPN so if someone connects to my >server to 443 port with OpenVPN, he gets OpenVPN connection, but if >someone connects to my server to 443 port with web browser (HTTPS), it >will get website. (This is possible because OpenVPN can distinguish >OpenVPN and other connections - others are relayed to webserver running >on localhost on some other port.) > >Then I run Obfsproxy on the server with the following command: > >sudo obfsproxy --log-min-severity=debug >--data-dir=/tmp/scramblesuit-server scramblesuit >--password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest=127.0.0.1:443 server >0.0.0.0:8080 > >So basically, server is listening to port 8080 and relaying all >connections to 443 TCP where they are taken over by OpenVPN. > > >Now the client side (Ubuntu 17.04). > >I installed Obfsproxy via pip install and am running this command: > >obfsproxy --log-min-severity=debug --data-dir=/tmp/scramblesuit-client >scramblesuit --password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest >xx.xx.xx.xx:8080 socks 127.0.0.1:10194 > >So basically, Obfsproxy is connecting to my server to port 8080 and >opening socks on client's localhost on port 10194. > >And finally, OpenVPN client config has basically just socks-proxy line >added: > >client >remote xx.xx.xx.xx 443 >proto tcp >socks-proxy 127.0.0.1 10194 >dev tun >... >... > > >Now the problem is, that when I run OpenVPN client, it can't connect >and >the problem is in Obfsproxy client. > >Here is the Obfsproxy's log: > >################################################ >Do NOT rely on ScrambleSuit for strong security! >################################################ > >2017-09-26 19:54:16,672 [DEBUG] Setting the state location to >`/tmp/scramblesuit-client/scramblesuit/'. >2017-09-26 19:54:16,673 [INFO] OBFSSOCKSv5Factory starting on 10194 >2017-09-26 19:54:16,673 [INFO] Starting factory ><obfsproxy.network.socks.OBFSSOCKSv5Factory instance at 0x7fc077f6b2d8> >2017-09-26 19:54:16,673 [DEBUG] socks_fact_0x7fc077f6b2d8: Starting up >SOCKS server factory. >2017-09-26 19:54:16,673 [INFO] Launched 'socks' listener at >'[scrubbed]:10194' for transport 'scramblesuit'. >2017-09-26 19:54:54,126 [DEBUG] socks_fact_0x7fc077f6b2d8: New >connection. >2017-09-26 19:54:54,126 [DEBUG] Initialising ScrambleSuit. >2017-09-26 19:54:54,126 [DEBUG] Switching to state ST_WAIT_FOR_AUTH. >2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance. >2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance. >2017-09-26 19:54:54,126 [DEBUG] Dumping probability distribution. >2017-09-26 19:54:54,127 [DEBUG] P(271) = 0.623 >2017-09-26 19:54:54,127 [DEBUG] P(321) = 0.321 >2017-09-26 19:54:54,127 [DEBUG] P(1374) = 0.031 >2017-09-26 19:54:54,127 [DEBUG] P(127) = 0.014 >2017-09-26 19:54:54,127 [DEBUG] Dumping probability distribution. >2017-09-26 19:54:54,127 [DEBUG] P(0.00310045817413) = 0.012 >2017-09-26 19:54:54,127 [DEBUG] P(0.00813930754249) = 0.703 >2017-09-26 19:54:54,127 [DEBUG] P(0.00224023279255) = 0.269 >2017-09-26 19:54:54,127 [DEBUG] P(0.00564475385899) = 0.011 >2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting downstream >connection (socks_down_0x7fc0781d9710). >2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting upstream >connection (socks_up_0x7fc0781eab90). >2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Circuit completed. >2017-09-26 19:54:54,161 [DEBUG] Attempting to read master key and >ticket >from file `/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml'. >2017-09-26 19:54:54,161 [DEBUG] File >`/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml' does not >exist (yet?). >2017-09-26 19:54:54,161 [DEBUG] No session ticket to redeem. Running >UniformDH. >2017-09-26 19:54:54,162 [DEBUG] Creating UniformDH handshake message. >2017-09-26 19:54:54,176 [DEBUG] circ_0x7fc077f845a8: upstream: Received >88 bytes. >2017-09-26 19:54:54,176 [DEBUG] Buffered 88 bytes of outgoing data. >2017-09-26 19:54:54,185 [DEBUG] socks_down_0x7fc0781d9710: Recived 0 >bytes. >2017-09-26 19:54:54,186 [DEBUG] circ_0x7fc077f845a8: downstream: >Received 0 bytes. >2017-09-26 19:54:54,186 [DEBUG] Unable to finish UniformDH handshake >just yet. >2017-09-26 19:54:54,297 [DEBUG] socks_down_0x7fc0781d9710: Recived 652 >bytes. >2017-09-26 19:54:54,297 [DEBUG] circ_0x7fc077f845a8: downstream: >Received 652 bytes. >2017-09-26 19:54:54,297 [DEBUG] Attempting to extract the remote >machine's UniformDH public key out of 652 bytes of data. >2017-09-26 19:54:54,297 [DEBUG] Could not find the mark just yet. >2017-09-26 19:54:54,297 [DEBUG] Unable to finish UniformDH handshake >just yet. >2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Connection was >lost (Connection was closed cleanly.). >2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Closing >connection. >2017-09-26 19:54:54,299 [DEBUG] circ_0x7fc077f845a8: Tearing down >circuit. >2017-09-26 19:54:54,299 [DEBUG] socks_down_0x7fc0781d9710: Closing >connection. > > >Is this problem somehow connected with warning about >session_ticket.yaml? > >Directory /tmp/scramblesuit-client/scramblesuit/ on a client exists, >but >is empty. > >Any help will be much appreciated. > >Regards, >M. >-- >PGP Fingerprint: 1918 8C72 E5D6 B523 86E1 AC24 C82A C043 3D92 568D >PGP Key: >https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC82AC0433D92568D >Personal blog: https://telefoncek.si >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- Take Care Sincerely flipchan layerprox dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk