# Hide OpenVPN Traffic?



## Gesichterlos (Jul 16, 2015)

Hi. I installed a fresh FreeBSD 10.1 on my server and have a working OpenVPN now (I used this tutorial for that). Some hotels block OpenVPN traffic; it's also blocked in countries like China. Is there a tutorial which explain how I could tunnel the traffic through a SSH or SSL connection to hide it?


----------



## SirDice (Jul 16, 2015)

If you're going to tunnel through SSH you might as well skip OpenVPN completely. Did you know you can use SSH's port forwarding as SOCKS proxy? 

`ssh -D8080 myuser@mysystem.example.com`
Then configure your browser to use 127.0.0.1:8080 as a SOCKS5 proxy. 

If I'm not mistaken OpenVPN can also be configured to use SSL over port 443. That would make it seem like it's HTTPS traffic allowing you to bypass certain restrictions.


----------



## kpa (Jul 16, 2015)

You can use port 443 for OpenVPN but the traffic is still distinguishable from the regular HTTPS and could be blocked by a proxy/firewall.


----------



## Gesichterlos (Jul 16, 2015)

SirDice: I tried `ssh -D8080`, but couldn't load website in a browser with that. Even it would work, how "safe" would it be?
I want to use it mainly on my Android phone and tablet.
And yes, you can use port 443 for OpenVPN, but like kpa said, the traffic is still not hidden, so a SSL or SSH tunnel is necessary.


----------



## SirDice (Jul 16, 2015)

Gesichterlos said:


> SirDice: I tried the `ssh -D8080`, but couldn't load website in a browser with that. Even it would work, how "safe" would it be?


It's just as safe as a 'regular' SSH session, everything is encrypted. If you used Firefox be sure to enable "Remote DNS" so the DNS resolving happens at the other end of the SSH tunnel.


----------



## tobik@ (Jul 16, 2015)

Take a look at ssh(1) (section SSH-BASED VIRTUAL PRIVATE NETWORKS) for an alternative but more complicated setup.

But `ssh -D` works great, I've used it in the past as a quick way to get access to my university's network. OpenVPN can use a SOCKS5 proxy natively so would work with it too.


----------



## abishai (Jul 16, 2015)

Well, in case of China it won't help.


----------



## Gesichterlos (Jul 16, 2015)

What would help for China?


----------



## juiced (Jul 17, 2015)

Connect via SSL or SSH first then do the OpenVPN connection inside it. If common ports are used it normally last a while 'isp depending in China'.


----------



## abishai (Jul 17, 2015)

Gesichterlos said:


> What would help for China?


OpenVPN, even on 443 port guaranteed not to work, it's handshake is detected by DPI. SSH is questionable, SSL has the highest chances. Use security/stunnel as obfuscation layer for OpenVPN


----------

