Monday, July 13, 2015

HowTo compile OpenVPN + obfuscation with xorpatch on Debian

  1. # apt-get install build-essential libssl-dev liblzo2-dev libpam0g-dev easy-rsa 
  2. # wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.7.tar.xz
  3. # wget https://raw.githubusercontent.com/clayface/openvpn_xorpatch/master/openvpn_xor.patch
  4. # tar xvf openvpn-2.3.7.tar.xz
  5. # cd openvpn-2.3.7.tar.xz
  6. # patch -p1 < ../openvpn_xor.patch
  7. # ./configure
  8. # ./make
  9. # ./make install

You need to put one of the following options in server.conf and client config! 
"scramble reverse" - This simply reverses all the data in the packet. This is enough to get past the regular expression detection in both China and Iran.
"scramble xorptrpos" - This performs a xor operation, utilizing the current position in the packet payload.
"scramble obfuscate password" - This method is more secure. It utilizes the 3 types of scrambling mentioned above. "password" is the string which you want to use.

1 comment:

  1. Hi, great tutorial. Does the client have to be patched as well, or is it enough to only patch the server? Thank you

    ReplyDelete