[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Obfsproxy question
Why run both?
On September 26, 2017 8:34:25 PM GMT+02:00, Matej Kovacic <matej.kovacic@xxxxxxxxx> wrote:
>Hi,
>
>I am not sure if this is a correct place to ask, but I will risk....
>:-)
>
>I am trying to set up OpenVPN server with Obfsproxy. I am using
>Obfsproxy 0.2.13 on both sides (server and client).
>
>On server (Debian 9), there is OpenVPN server listening on 443 TCP
>port.
>I am also using port sharing in OpenVPN so if someone connects to my
>server to 443 port with OpenVPN, he gets OpenVPN connection, but if
>someone connects to my server to 443 port with web browser (HTTPS), it
>will get website. (This is possible because OpenVPN can distinguish
>OpenVPN and other connections - others are relayed to webserver running
>on localhost on some other port.)
>
>Then I run Obfsproxy on the server with the following command:
>
>sudo obfsproxy --log-min-severity=debug
>--data-dir=/tmp/scramblesuit-server scramblesuit
>--password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest=127.0.0.1:443 server
>0.0.0.0:8080
>
>So basically, server is listening to port 8080 and relaying all
>connections to 443 TCP where they are taken over by OpenVPN.
>
>
>Now the client side (Ubuntu 17.04).
>
>I installed Obfsproxy via pip install and am running this command:
>
>obfsproxy --log-min-severity=debug --data-dir=/tmp/scramblesuit-client
>scramblesuit --password=ZKRSAUKWPH6A3GMINURTUG2I6GJQR4ZV --dest
>xx.xx.xx.xx:8080 socks 127.0.0.1:10194
>
>So basically, Obfsproxy is connecting to my server to port 8080 and
>opening socks on client's localhost on port 10194.
>
>And finally, OpenVPN client config has basically just socks-proxy line
>added:
>
>client
>remote xx.xx.xx.xx 443
>proto tcp
>socks-proxy 127.0.0.1 10194
>dev tun
>...
>...
>
>
>Now the problem is, that when I run OpenVPN client, it can't connect
>and
>the problem is in Obfsproxy client.
>
>Here is the Obfsproxy's log:
>
>################################################
>Do NOT rely on ScrambleSuit for strong security!
>################################################
>
>2017-09-26 19:54:16,672 [DEBUG] Setting the state location to
>`/tmp/scramblesuit-client/scramblesuit/'.
>2017-09-26 19:54:16,673 [INFO] OBFSSOCKSv5Factory starting on 10194
>2017-09-26 19:54:16,673 [INFO] Starting factory
><obfsproxy.network.socks.OBFSSOCKSv5Factory instance at 0x7fc077f6b2d8>
>2017-09-26 19:54:16,673 [DEBUG] socks_fact_0x7fc077f6b2d8: Starting up
>SOCKS server factory.
>2017-09-26 19:54:16,673 [INFO] Launched 'socks' listener at
>'[scrubbed]:10194' for transport 'scramblesuit'.
>2017-09-26 19:54:54,126 [DEBUG] socks_fact_0x7fc077f6b2d8: New
>connection.
>2017-09-26 19:54:54,126 [DEBUG] Initialising ScrambleSuit.
>2017-09-26 19:54:54,126 [DEBUG] Switching to state ST_WAIT_FOR_AUTH.
>2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance.
>2017-09-26 19:54:54,126 [DEBUG] Initialising AES-CTR instance.
>2017-09-26 19:54:54,126 [DEBUG] Dumping probability distribution.
>2017-09-26 19:54:54,127 [DEBUG] P(271) = 0.623
>2017-09-26 19:54:54,127 [DEBUG] P(321) = 0.321
>2017-09-26 19:54:54,127 [DEBUG] P(1374) = 0.031
>2017-09-26 19:54:54,127 [DEBUG] P(127) = 0.014
>2017-09-26 19:54:54,127 [DEBUG] Dumping probability distribution.
>2017-09-26 19:54:54,127 [DEBUG] P(0.00310045817413) = 0.012
>2017-09-26 19:54:54,127 [DEBUG] P(0.00813930754249) = 0.703
>2017-09-26 19:54:54,127 [DEBUG] P(0.00224023279255) = 0.269
>2017-09-26 19:54:54,127 [DEBUG] P(0.00564475385899) = 0.011
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting downstream
>connection (socks_down_0x7fc0781d9710).
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Setting upstream
>connection (socks_up_0x7fc0781eab90).
>2017-09-26 19:54:54,161 [DEBUG] circ_0x7fc077f845a8: Circuit completed.
>2017-09-26 19:54:54,161 [DEBUG] Attempting to read master key and
>ticket
>from file `/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml'.
>2017-09-26 19:54:54,161 [DEBUG] File
>`/tmp/scramblesuit-client/scramblesuit/session_ticket.yaml' does not
>exist (yet?).
>2017-09-26 19:54:54,161 [DEBUG] No session ticket to redeem. Running
>UniformDH.
>2017-09-26 19:54:54,162 [DEBUG] Creating UniformDH handshake message.
>2017-09-26 19:54:54,176 [DEBUG] circ_0x7fc077f845a8: upstream: Received
>88 bytes.
>2017-09-26 19:54:54,176 [DEBUG] Buffered 88 bytes of outgoing data.
>2017-09-26 19:54:54,185 [DEBUG] socks_down_0x7fc0781d9710: Recived 0
>bytes.
>2017-09-26 19:54:54,186 [DEBUG] circ_0x7fc077f845a8: downstream:
>Received 0 bytes.
>2017-09-26 19:54:54,186 [DEBUG] Unable to finish UniformDH handshake
>just yet.
>2017-09-26 19:54:54,297 [DEBUG] socks_down_0x7fc0781d9710: Recived 652
>bytes.
>2017-09-26 19:54:54,297 [DEBUG] circ_0x7fc077f845a8: downstream:
>Received 652 bytes.
>2017-09-26 19:54:54,297 [DEBUG] Attempting to extract the remote
>machine's UniformDH public key out of 652 bytes of data.
>2017-09-26 19:54:54,297 [DEBUG] Could not find the mark just yet.
>2017-09-26 19:54:54,297 [DEBUG] Unable to finish UniformDH handshake
>just yet.
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Connection was
>lost (Connection was closed cleanly.).
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Closing
>connection.
>2017-09-26 19:54:54,299 [DEBUG] circ_0x7fc077f845a8: Tearing down
>circuit.
>2017-09-26 19:54:54,299 [DEBUG] socks_down_0x7fc0781d9710: Closing
>connection.
>
>
>Is this problem somehow connected with warning about
>session_ticket.yaml?
>
>Directory /tmp/scramblesuit-client/scramblesuit/ on a client exists,
>but
>is empty.
>
>Any help will be much appreciated.
>
>Regards,
>M.
>--
>PGP Fingerprint: 1918 8C72 E5D6 B523 86E1 AC24 C82A C043 3D92 568D
>PGP Key:
>https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xC82AC0433D92568D
>Personal blog: https://telefoncek.si
>--
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
Take Care Sincerely flipchan layerprox dev
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk