[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

[Openvpn-users] Trying to create a private proxy server

  • Subject: [Openvpn-users] Trying to create a private proxy server
  • From: Peter Barwich <pbarwich@xxxxxxxxxxx>
  • Date: Fri, 06 Apr 2007 20:58:30 +0100


This one comes up time and again either from students, or from employees 
or from places like Saudi and China. All are restricted by some sort of 
outgoing firewall/proxy. It's easy enough to tunnel through; you can use 
open ssh with Apache set up as a proxy server, open ssh with Putty at 
the client end, which effectively does port forwarding, open vpn with 
3proxy and proxycap which socksifies all outgoing requests from 
applications of your choice and pushes them down (possibly, but not 
necessarily), a vpn tunnel to 3proxy which is a small proxy server; etc, 
etc, etc. All of these work, though there is a significant speed hit, 
but there are two main problems.

The first is finding someone who will co-operate with setting up some 
form of proxy outside your firewall. There are organisations which do 
this or which have individuals signed up who will do it, but they're not 
that easy to find.

The second is that although your communication is fully encrypted (and 
therefore unreadable) it is always going to a particular IP, i.e. the 
one where your friend is running a proxy server of some kind. What this 
means is that any intelligent outgoing firewall will notice that lots of 
your traffic is going to this particular IP and it is a simple matter to 
blacklist it. Associated with this problem is the fact that you need 
outward access through a particular port. You can choose port 80 but 
then the presence of encrypted traffic gives things away, or you could 
use port 443 which a watcher would expect to be encrypted, but you're 
still stuck with using a particular IP, and you're still stuck with the 
fact that your outgoing traffic is all encrypted which is unusual.

You could look at the Tor network which I believe changes addresses and 
routes, but it still sends out 100% encrypted traffic which is a giveaway.

Put simply, the problem is that you not only need to tunnel, you need to 
do so invisibly and, in an environment where being detected may put you 
in jail (or get you sacked) you might want to think a bit about that.

OpenVPN mailing lists