[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Obfsproxy question

To: tor-talk@xxxxxxxxxxxxxxxxxxxx,Matej Kovacic <matej.kovacic@xxxxxxxxx>
Subject: Re: [tor-talk] Obfsproxy question
From: flipchan <flipchan@xxxxxxxxxx>
Date: Fri, 29 Sep 2017 15:25:32 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 29 Sep 2017 11:25:55 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1506698736; bh=4vfgGjeJQuCs+kZs+cFpPyyj7ZwdB2gpPCQeEsiflj8=; h=Date:In-Reply-To:References:Subject:To:From:From; b=HBEMvhnyXtDGNQUBzc1vVN5fVe0GnwB9f+Qteo7/MffckX7Ak9ZK6j0E69nChR/nr aJtavEJ+4ysbiYqOWOaZzdOyCVGgU5oiIaCuzDH9knYbYfzeqw6CNviYLDO0t5kySe TevPQof7FVStDNWWnR+MR5ZU+qENhnBPNglyYxvE=
In-reply-to: <c1f5948e-7211-387c-9720-154498bf58a9@owca.info>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <c1f5948e-7211-387c-9720-154498bf58a9@owca.info>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Why run both?

On September 26, 2017 8:34:25 PM GMT+02:00, Matej Kovacic <matej.kovacic@xxxxxxxxx> wrote:
>Hi,
>
>I am not sure if this is a correct place to ask, but I will risk....
>:-)
>
>I am trying to set up OpenVPN server with Obfsproxy. I am using
>Obfsproxy 0.2.13 on both sides (server and client).
>
>On server (Debian 9), there is OpenVPN server listening on 443 TCP
>port.
>I am also using port sharing in OpenVPN so if someone connects to my
>server to 443 port with OpenVPN, he gets OpenVPN connection, but if
>someone connects to my server to 443 port with web browser (HTTPS), it
>will get website. (This is possible because OpenVPN can distinguish
>OpenVPN and other connections - others are relayed to webserver running
>on localhost on some other port.)
>
>Then I run Obfsproxy on the server with the following command:
>
>sudo obfsproxy --log-min-severity=debug
>--data-dir=/tmp/scramblesuit-server scramblesuit
>--password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest=127.0.0.1:443 server
>0.0.0.0:8080
>
>So basically, server is listening to port 8080 and relaying all
>connections to 443 TCP where they are taken over by OpenVPN.
>
>
>Now the client side (Ubuntu 17.04).
>
>I installed Obfsproxy via pip install and am running this command:
>
>obfsproxy --log-min-severity=debug --data-dir=/tmp/scramblesuit-client
>scramblesuit --password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest
>xx.xx.xx.xx:8080 socks 127.0.0.1:10194
>
>So basically, Obfsproxy is connecting to my server to port 8080 and
>opening socks on client's localhost on port 10194.
>
>And finally, OpenVPN client config has basically just socks-proxy line
>added:
>
>client
>remote xx.xx.xx.xx 443
>proto tcp
>socks-proxy 127.0.0.1 10194
>dev tun
>...
>...
>
>
>Now the problem is, that when I run OpenVPN client, it can't connect
>and
>the problem is in Obfsproxy client.
>
>Here is the Obfsproxy's log:
>
>################################################
>Do NOT rely on ScrambleSuit for strong security!
>################################################
>
>2017-09-26 19:54:16,672 [DEBUG] Setting the state location to
>`/tmp/scramblesuit-client/scramblesuit/'.
>2017-09-26 19:54:16,673 [INFO] OBFSSOCKSv5Factory starting on 10194
>2017-09-26 19:54:16,673 [INFO] Starting factory
><obfsproxy.network.socks.OBFSSOCKSv5Factory instance at 0x7fc077f6b2d8>
>2017-09-26 19:54:16,673 [DEBUG] socks_fact_0x7fc077f6b2d8: Starting up
>SOCKS server factory.
>2017-09-26 19:54:16,673 [INFO] Launched 'socks' listener at
>'[scrubbed]:10194' for transport 'scramblesuit'.
>2017-09-26 19:54:54,126 [DEBUG] socks_fact_0x7fc077f6b2d8: New
>connection.
>2017-09-26 19:54:54,126 [DEBUG] Initialising ScrambleSuit.
>2017-09-26 19:54:54,126 [DEBUG] Switching to state ST_WAIT_FOR_AUTH.
>2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance.
>2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance.
>2017-09-26 19:54:54,126 [DEBUG] Dumping probability distribution.
>2017-09-26 19:54:54,127 [DEBUG] P(271) = 0.623
>2017-09-26 19:54:54,127 [DEBUG] P(321) = 0.321
>2017-09-26 19:54:54,127 [DEBUG] P(1374) = 0.031
>2017-09-26 19:54:54,127 [DEBUG] P(127) = 0.014
>2017-09-26 19:54:54,127 [DEBUG] Dumping probability distribution.
>2017-09-26 19:54:54,127 [DEBUG] P(0.00310045817413) = 0.012
>2017-09-26 19:54:54,127 [DEBUG] P(0.00813930754249) = 0.703
>2017-09-26 19:54:54,127 [DEBUG] P(0.00224023279255) = 0.269
>2017-09-26 19:54:54,127 [DEBUG] P(0.00564475385899) = 0.011
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting downstream
>connection (socks_down_0x7fc0781d9710).
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting upstream
>connection (socks_up_0x7fc0781eab90).
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Circuit completed.
>2017-09-26 19:54:54,161 [DEBUG] Attempting to read master key and
>ticket
>from file `/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml'.
>2017-09-26 19:54:54,161 [DEBUG] File
>`/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml' does not
>exist (yet?).
>2017-09-26 19:54:54,161 [DEBUG] No session ticket to redeem.  Running
>UniformDH.
>2017-09-26 19:54:54,162 [DEBUG] Creating UniformDH handshake message.
>2017-09-26 19:54:54,176 [DEBUG] circ_0x7fc077f845a8: upstream: Received
>88 bytes.
>2017-09-26 19:54:54,176 [DEBUG] Buffered 88 bytes of outgoing data.
>2017-09-26 19:54:54,185 [DEBUG] socks_down_0x7fc0781d9710: Recived 0
>bytes.
>2017-09-26 19:54:54,186 [DEBUG] circ_0x7fc077f845a8: downstream:
>Received 0 bytes.
>2017-09-26 19:54:54,186 [DEBUG] Unable to finish UniformDH handshake
>just yet.
>2017-09-26 19:54:54,297 [DEBUG] socks_down_0x7fc0781d9710: Recived 652
>bytes.
>2017-09-26 19:54:54,297 [DEBUG] circ_0x7fc077f845a8: downstream:
>Received 652 bytes.
>2017-09-26 19:54:54,297 [DEBUG] Attempting to extract the remote
>machine's UniformDH public key out of 652 bytes of data.
>2017-09-26 19:54:54,297 [DEBUG] Could not find the mark just yet.
>2017-09-26 19:54:54,297 [DEBUG] Unable to finish UniformDH handshake
>just yet.
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Connection was
>lost (Connection was closed cleanly.).
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Closing
>connection.
>2017-09-26 19:54:54,299 [DEBUG] circ_0x7fc077f845a8: Tearing down
>circuit.
>2017-09-26 19:54:54,299 [DEBUG] socks_down_0x7fc0781d9710: Closing
>connection.
>
>
>Is this problem somehow connected with warning about
>session_ticket.yaml?
>
>Directory /tmp/scramblesuit-client/scramblesuit/ on a client exists,
>but
>is empty.
>
>Any help will be much appreciated.
>
>Regards,
>M.
>-- 
>PGP Fingerprint: 1918 8C72 E5D6 B523 86E1  AC24 C82A C043 3D92 568D
>PGP Key:
>https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC82AC0433D92568D
>Personal blog: https://telefoncek.si
>-- 
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Obfsproxy question
  - From: Matej Kovacic

References:
- [tor-talk] Obfsproxy question
  - From: Matej Kovacic

Prev by Author: Re: [tor-talk] Tor Research presentation at the CCC
Next by Author: Re: [tor-talk] Please tell me the ways of donating any file to tor & talk to other tor users
Previous by thread: [tor-talk] Obfsproxy question
Next by thread: Re: [tor-talk] Obfsproxy question
Index(es):
- Author
- Thread