UPDATED: 13/09/2016
I patched the the current version 2.3.10 and pushed it in to my git hub:
https://github.com/shenavaa/openvpn
UPDATED 15/07/2014:
I managed to patch and compile the latest version of Openvpn-2.3.4 for Windows. Please download compiled windows Autoinstaller binaries from here and the sources from here.
----
I went somewhere for a while and during my visit, I had a chance to play around OpenVPN. During a lazy afternoon I came up with a silly idea adding a layer of XOR obfuscation on top of whatever already exists in OpenVPN. I even managed to compile the windows client of openVPN and run it on windows.
The good thing about XOR obfuscation is that, it has no overhead on top of packets and it is so fast and easy.
The bigger an organization is, the harder it would be for LI/Security layers to detect the algorithm or the protocol of the packets on the network. I have seen AI engines learning protocols and used to block unwanted and recently undetected packets ! - Their solution is sillier than what I just did. Trust me. ;)
I've generally done it by adding one simple function obviously and couple of hacks in other source files.
## in xor.h
#ifndef _XOR_H
#define _XOR_H
void encbuffer(unsigned char* buf,int size ,unsigned char key);
#endif /* _XOR_H */
## in xor.c
#include "xor.h"
void encbuffer(unsigned char* buf,int size ,unsigned char key) {
int i;
for (i = 0; i < size ; i++) {
*(buf + i) = *(buf + i) ^ key;
}
}
So my OpenVPN configutation file simply turns to something as follows:
## On the server
local X.X.X.X
dev tap
verb 4
#mute 10
port 36
tun-mtu-extra 32
tun-mtu 1500
up-delay
ifconfig 172.16.4.1 255.255.255.0
ping 10
comp-lzo yes
fragment 1100
xorkey 52
## On the client
remote X.X.X.X
dev tap
verb 4
#mute 10
port 36
tun-mtu-extra 32
tun-mtu 1500
up-delay
ifconfig 172.16.4.2 255.255.255.0
ping 10
comp-lzo yes
fragment 1100
xorkey 52
My sources are here for whoever is interested to see. It's Openvpn 2.3.1. I've cleaned it up and all you need to compile the source, after unpacking, is "./configure; make; make install"
This is the beauty of open source software. Feel free to distribute the love.
I patched the the current version 2.3.10 and pushed it in to my git hub:
https://github.com/shenavaa/openvpn
UPDATED 15/07/2014:
I managed to patch and compile the latest version of Openvpn-2.3.4 for Windows. Please download compiled windows Autoinstaller binaries from here and the sources from here.
----
I went somewhere for a while and during my visit, I had a chance to play around OpenVPN. During a lazy afternoon I came up with a silly idea adding a layer of XOR obfuscation on top of whatever already exists in OpenVPN. I even managed to compile the windows client of openVPN and run it on windows.
The good thing about XOR obfuscation is that, it has no overhead on top of packets and it is so fast and easy.
The bigger an organization is, the harder it would be for LI/Security layers to detect the algorithm or the protocol of the packets on the network. I have seen AI engines learning protocols and used to block unwanted and recently undetected packets ! - Their solution is sillier than what I just did. Trust me. ;)
I've generally done it by adding one simple function obviously and couple of hacks in other source files.
## in xor.h
#ifndef _XOR_H
#define _XOR_H
void encbuffer(unsigned char* buf,int size ,unsigned char key);
#endif /* _XOR_H */
## in xor.c
#include "xor.h"
void encbuffer(unsigned char* buf,int size ,unsigned char key) {
int i;
for (i = 0; i < size ; i++) {
*(buf + i) = *(buf + i) ^ key;
}
}
So my OpenVPN configutation file simply turns to something as follows:
## On the server
local X.X.X.X
dev tap
verb 4
#mute 10
port 36
tun-mtu-extra 32
tun-mtu 1500
up-delay
ifconfig 172.16.4.1 255.255.255.0
ping 10
comp-lzo yes
fragment 1100
xorkey 52
## On the client
remote X.X.X.X
dev tap
verb 4
#mute 10
port 36
tun-mtu-extra 32
tun-mtu 1500
up-delay
ifconfig 172.16.4.2 255.255.255.0
ping 10
comp-lzo yes
fragment 1100
xorkey 52
My sources are here for whoever is interested to see. It's Openvpn 2.3.1. I've cleaned it up and all you need to compile the source, after unpacking, is "./configure; make; make install"
This is the beauty of open source software. Feel free to distribute the love.
