LinuxQuestions.org
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Undetectable VPN (https://www.linuxquestions.org/questions/linux-security-4/undetectable-vpn-4175733172/)

Jason.nix 01-25-2024 06:54 AM
Undetectable VPN
 
Hello,
I want to set up a VPS somewhere else in the world and tunnel my connection through that remote server. What kind of communication do you suggest? Tools like OpenVPN and Tor are easily detected and blocked.

Thank you.

smallpond 01-25-2024 11:02 AM
Have you looked at Shadowsocks?

enigma9o7 01-25-2024 11:05 AM
ssh -X, just run everything on the server.

Jason.nix 01-25-2024 12:05 PM
Quote:
Originally Posted by smallpond (Post 6479230)
Have you looked at Shadowsocks?
Hello,
Thank you so much for your reply.
I have never heard of such a thing before. Is it as easy to use as OpenVPN?

Jason.nix 01-25-2024 12:07 PM
Quote:
Originally Posted by enigma9o7 (Post 6479234)
ssh -X, just run everything on the server.
Hello,
Thank you so much gor your reply.
I want to set up a server that clients like Windows and Android can easily connect to. Something like OpenVPN.

pan64 01-25-2024 01:10 PM
And what makes it difficult? Connection requires 3 things: host, port, protocol.

Jason.nix 01-25-2024 02:02 PM
Quote:
Originally Posted by pan64 (Post 6479270)
And what makes it difficult? Connection requires 3 things: host, port, protocol.
Hello,
Thank you so much for your reply.
Which one? Shadowsocks or SSH?
On mobile phones, applications that convert SSH to VPN usually require root access. This is not good at all.

sundialsvcs 01-25-2024 02:03 PM
I can’t visualize what your “use case” actually is. Where, exactly, is the server going to be? And, were the people connecting to it? And, for what ultimate purpose?

OpenVPN does have a nice feature called “tls-auth” which makes the server essentially undetectable to those who are not authorized to attempt to connect to it. But this requires a disciplined approach using digital certificates.

See paragraph #1 …

Jason.nix 01-25-2024 02:35 PM
Quote:
Originally Posted by sundialsvcs (Post 6479283)
I can’t visualize what your “use case” actually is. Where, exactly, is the server going to be? And, were the people connecting to it? And, for what ultimate purpose?

OpenVPN does have a nice feature called “tls-auth” which makes the server essentially undetectable to those who are not authorized to attempt to connect to it. But this requires a disciplined approach using digital certificates.

See paragraph #1 …
Hello,
Thank you so much for your reply.
About OpenVPN, the tls-crypt is more secure than tls-auth.
Suppose you want to set up a VPN server for someone in a country that censors the Internet. Internet censorship devices detect programs such as OpenVPN and Tor easily. You need to do obfuscation so that internet censors don't detect the app. For example, hide OpenVPN on HTTPS.

Aeterna 01-26-2024 12:08 PM
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).

yvesjv 01-26-2024 01:45 PM
Quote:
Originally Posted by Aeterna (Post 6479479)
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).
That's the closest you will get to having your vpn as it uses tcp 443 which is also used for https.
Pretty much detectable by any worthwile security providers (think PaloAlto, etc) but if tcp 443 is blocked, then it's a massive business impact.

Aeterna 01-26-2024 02:12 PM
Quote:
Originally Posted by yvesjv (Post 6479498)
That's the closest you will get to having your vpn as it uses tcp 443 which is also used for https.
Pretty much detectable by any worthwile security providers (think PaloAlto, etc) but if tcp 443 is blocked, then it's a massive business impact.
Everything can be detected, unless one is disconnected from the net. However, if there is no special interest in specific person, this works pretty well.

rkelsen 01-26-2024 06:19 PM
Quote:
Originally Posted by Jason.nix (Post 6479294)
Internet censorship devices detect programs such as OpenVPN and Tor easily.
Can they really? Or do they just block standard ports? What happens if you use a non-standard port?

pan64 01-27-2024 02:01 AM
Quote:
Originally Posted by Jason.nix (Post 6479294)
Internet censorship devices detect programs such as OpenVPN and Tor easily. You need to do obfuscation so that internet censors don't detect the app. For example, hide OpenVPN on HTTPS.
It looks like you don't understand a lot of things. OpenVPN is not an app, tor is not an app. Better to say they are services, and they do not run on a single host, but on several hosts (different parts of them). Some parts of these tools are just a special kind of network config (like firewall, routing), some other parts are just (protected) network communication between two hosts.

Check this page: https://www.torproject.org/about/history/
Quote:
The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. This is still a simple explanation for how Tor works today.
Tor browser itself is just an "improved" firefox.

Here you can read about your topic a bit more: https://tb-manual.torproject.org/circumvention/

So can you tell me how can any kind of censorship detect and exactly what?

Jason.nix 01-27-2024 04:30 AM
Quote:
Originally Posted by Aeterna (Post 6479479)
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).
Hello,
Thank you so much for your reply.
Can I use OpenVPN with SSL? I want to set up my own VPN server.


All times are GMT -5. The time now is 09:33 AM.
Page 1 of 2 1 2
Show 50 post(s) from this thread on one page