All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Scrambled OpenVPN Auto Installer Script(2017)
ISPs in high authorian regimes such as in China , Iran and Pakistan can easily detect and block standard VPN traffic.This bash script automatically install OpenVPN and Obfsproxy to obsfucate openvpn traffic making it very difficult to detect and block.At the time of this writing this method successfully bypasses current firewalls and internet filters.
This script is a major upgrade from the [old one i coded in 2014].(https://www.lowendtalk.com/discussion/23555/scrambled-openvpn-auto-installer-script).
Changelog :
Uses a completely new method ( OpenVPN + obfsproxy) that requires no patching making it very easy to update via yum.
OpenVPN config has been upgraded to meet current security standards
Added compatibility with cloud platforms like Google Compute Engine
As always it is fully opensource and i welcome contributions via github.
Github : https://github.com/khavishbhundoo/obfsproxy-openvpn
I hope you guys will like it and use it ....
Regards,
Khav
Comments
nice, i will try it, thanks
Thanks. Client add and remove option available? @khav
Its in my todo list ....Do you mind opening an issue on github so that i can keep track of it.I also welcome pull requests so feel free to contribute
Can you make a script for ubuntu/debian please? The old one did not have this option.
Installed on Google Compute Engine (Centos 7) but unfortunately is not working for me. Got few errors during install:
**unable to write 'random state'
Generating a 2048 bit RSA private key **
sudo rm ~/.rnd -> fixed above error
**getent passwd $SUDO_USER | cut -d: -f6 **
will generate below error:
./vpn.sh: line 185: $HOME/details.txt: ambiguous redirect
cat: /root: Is a directory
cat: /bin: Is a directory
cat: /sbin: Is a directory
cat: /var/adm: Is a directory
cat: /var/spool/lpd: Is a directory
cat: /sbin: Is a directory
cat: /sbin: Is a directory
cat: /sbin: Is a directory
cat: /var/spool/mail: Is a directory
cat: /root: Is a directory
cat: /usr/games: Is a directory
cat: /var/ftp: Is a directory
cat: /: Is a directory
cat: /: Is a directory
cat: /: Is a directory
cat: /var/run/avahi-daemon: Is a directory
cat: /var/lib/avahi-autoipd: Is a directory
cat: /etc/ntp: Is a directory
cat: /var/spool/postfix: Is a directory
cat: /var/empty/sshd: Is a directory
cat: /: Is a directory
cat: /: Is a directory
cat: /home/alien: Is a directory
cat: /var/clamav: Is a directory
cat: /var/spool/squid: Is a directory
cat: /etc/openvpn: Is a directory
cat: /var/lib/znc: Is a directory
cat: /home/silent/details.txt: No such file or directory
getent passwd $USER | cut -d: -f6 -> fixed above error
I had to change tcp port in server.conf to 21194 from 443 as it is not binding on 21194 but i would get error Transport Paused, it worked only if i would set up tcp port to 21194.
Once connected there is no traffic allowed even if firewall settings are done as per instructions.
@hellb0y
You need to open the port 21194 check here
Can you reinstall the os again , add the firewall rule and then use the following command to launch script
curl -so vpn.sh -L https://raw.githubusercontent.com/khavishbhundoo/obfsproxy-openvpn/master/vpn.sh && sudo su && sudo bash vpn.sh
Notice that it has
sudo su
You will also need install and run obfsproxy on your desktop , check the github page for tutorial
Thank you for testing the script
Port 21194 is opened as per tutorial but server.conf is binding on 443.
@hellb0y that's because we are using obfsproxy
echo "obfsproxy --log-file=obfsproxy.log --log-min-severity=info obfs3 --dest=127.0.0.1:443 server 0.0.0.0:21194" >> /etc/rc.d/rc.local
You need to reboot the server after setup complete....i will release an update soon so that reboot isn't necessary soon.
I updated the script , now reboot is no longer necessary
Here is a video tutorial :
Why sudo su and sudo bash?
vote +1 for ubuntu/debian
@netomx
I was trying to diagnose the issue @hellb0y was getting.The following work just fine
curl -so vpn.sh -L https://raw.githubusercontent.com/khavishbhundoo/obfsproxy-openvpn/master/vpn.sh && sudo bash vpn.sh
@DNname and @bashlyk
I welcome a debian port from you guys.I am not very well verse with debian
I just updated the script to make openvpn use lz4 compression as its much faster than lzo
Wait for Ubuntu version
I ran the script and hit the same error hellb0y got with the cat $HOME/ isn't a directory. I checked /root and the .ovpn file was there. I downloaded it and tried to run it in OpenVPN client and got the following error:
OpenVPNClient start scrambled_client_p4086: process started and then immediately exited: []
Any help?
@TheRealMakan
You need to use the following command to get the script
curl -so vpn.sh -L https://raw.githubusercontent.com/khavishbhundoo/obfsproxy-openvpn/master/vpn.sh && sudo bash vpn.sh
Are you running the script on a cloud platform like GCE or AWS ?
What you get when you run the following on your server
sudo getent passwd $SUDO_USER | cut -d: -f6)
Check the video to ensure you enter correct data for the certificates.
@khav Yep realized I had a bad install of Obs. Is there any way to connect to it using Android? Guessing there are no clients at the moment to do that.
@TheRealMakan
Did the script wrongly installed Obfsproxy or you already had one installed before running the script ?
I coded the script with the assumption that people will use it on a server where openvpn or obfsproxy proxy wasn't installed
Let me know what the issue was so that i can upgrade the script
For android i have seen orbot
https://proxy.sh/panel/knowledgebase/1167/Combine-OpenVPN-with-obfsproxy-for-stealth-mode-Android.html
https://github.com/n8fr8/orbot
The script has been updated to v0.1
There is two tcp ports you need to keep open 21194 and 443
There's no need in obfsproxy anymore, just use
--tls-crypt
OpenVPN option.@ValdikSS That's interesting!
--tls-crypt
seems to be a replacement for--tls-auth
.Does the--tls-crypt
technique currently bypass GFWThanks for the heads up:)
@khav yes, most probably.
--tls-crypt
encrypts control channel where handshake and other technical data is transmitted, so GFW shouldn't be able to detect it.@ValdikSS i found some additional info with some digging
Source : http://www.mail-archive.com/[email protected]/msg03395.html
How do I use it on an Android device?
I just released an updated version of the script.
11 June 2017, v0.2