Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hello,
I want to set up a VPS somewhere else in the world and tunnel my connection through that remote server. What kind of communication do you suggest? Tools like OpenVPN and Tor are easily detected and blocked.
Hello,
Thank you so much gor your reply.
I want to set up a server that clients like Windows and Android can easily connect to. Something like OpenVPN.
And what makes it difficult? Connection requires 3 things: host, port, protocol.
Hello,
Thank you so much for your reply.
Which one? Shadowsocks or SSH?
On mobile phones, applications that convert SSH to VPN usually require root access. This is not good at all.
I can’t visualize what your “use case” actually is. Where, exactly, is the server going to be? And, were the people connecting to it? And, for what ultimate purpose?
OpenVPN does have a nice feature called “tls-auth” which makes the server essentially undetectable to those who are not authorized to attempt to connect to it. But this requires a disciplined approach using digital certificates.
I can’t visualize what your “use case” actually is. Where, exactly, is the server going to be? And, were the people connecting to it? And, for what ultimate purpose?
OpenVPN does have a nice feature called “tls-auth” which makes the server essentially undetectable to those who are not authorized to attempt to connect to it. But this requires a disciplined approach using digital certificates.
See paragraph #1 …
Hello,
Thank you so much for your reply.
About OpenVPN, the tls-crypt is more secure than tls-auth.
Suppose you want to set up a VPN server for someone in a country that censors the Internet. Internet censorship devices detect programs such as OpenVPN and Tor easily. You need to do obfuscation so that internet censors don't detect the app. For example, hide OpenVPN on HTTPS.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,011
Rep:
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).
That's the closest you will get to having your vpn as it uses tcp 443 which is also used for https.
Pretty much detectable by any worthwile security providers (think PaloAlto, etc) but if tcp 443 is blocked, then it's a massive business impact.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,011
Rep:
Quote:
Originally Posted by yvesjv
That's the closest you will get to having your vpn as it uses tcp 443 which is also used for https.
Pretty much detectable by any worthwile security providers (think PaloAlto, etc) but if tcp 443 is blocked, then it's a massive business impact.
Everything can be detected, unless one is disconnected from the net. However, if there is no special interest in specific person, this works pretty well.
Internet censorship devices detect programs such as OpenVPN and Tor easily. You need to do obfuscation so that internet censors don't detect the app. For example, hide OpenVPN on HTTPS.
It looks like you don't understand a lot of things. OpenVPN is not an app, tor is not an app. Better to say they are services, and they do not run on a single host, but on several hosts (different parts of them). Some parts of these tools are just a special kind of network config (like firewall, routing), some other parts are just (protected) network communication between two hosts.
The goal of onion routing was to have a way to use the internet with as much privacy as possible, and the idea was to route traffic through multiple servers and encrypt it each step of the way. This is still a simple explanation for how Tor works today.
You can run VPN in ssl tunnel. This means that your vpn will look like https traffic. However not many vpn providers offer this (if you are looking for vpn provider).
Hello,
Thank you so much for your reply.
Can I use OpenVPN with SSL? I want to set up my own VPN server.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Undetectable VPN
