Sometimes it’s useful to obfuscate the fact that your traffic is generated by OpenVPN. For example, if your ISP is blocking OpenVPN for some reason. This article describes various ways to obfuscate OpenVPN traffic so that it’s not as easily detected and blocked. Most of the content here originates from this email thread. Additionally, for some reason this mail was not included in Gmane archives.
Use static keys
“My recent suggestion to someone regarding this was to use a static-key tunnel to encapsulate a second secure channel (either openvpn with TLS or ssh(1) as needed.) The static key tunnel looks like random junk to a sniffer. Nothing should identify it as being openvpn.”
“That said, it DOES look suspicious. Maintain a moving target if possible … changing ports and IP addresses. Also, because of the potential weakness of static keys, you should rotate them on a timetable, such as weekly or monthly.”
Use obfsproxy
Obfsproxy is a Tor subproject. It can be used to obfuscate (any) traffic so that it becomes unrecognizable.
“However, the obfsproxy project sounds very interesting. And it should be possible to use obfsproxy (as it can talk like a SOCKS proxy) with OpenVPN, by using the –socks-proxy argument. But I’m not aware of any openvpn services providing obfsproxy services in conjunction with OpenVPN.”
A user provided an OpenVPN installer which bundles OpenVPN with obfsproxy. Look here for downloads and instructions.
好文学习了,但还是没明白怎么安装obfsproxy!