OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • OpenVpn XOR Scramble patch example
« previous next »
  • Print
Pages: [1]

Author Topic: OpenVpn XOR Scramble patch example  (Read 6709 times)

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
OpenVpn XOR Scramble patch example
« on: September 02, 2016, 01:23:13 pm »
The highest version I could get to work with Clayface's 2015 patch is OpenVpn 2.3.11 (Currently it is at 2.3.12)
Here is the steps I took to patch it.
First off this is what versions I started with:
  OPNsense 16.7.3-amd64
  FreeBSD 10.3-RELEASE-p7
  OpenSSL 1.0.2h 3 May 2016
  OpenVPN 2.3.12 (soon to be downgraded)

Start a SSH session,
Code: [Select]
#pkg install wget
#pkg install git
#cd ~
#mkdir XOR
#cd XOR
#wget https://github.com/clayface/openvpn_xorpatch/archive/master.zip
#unzip master.zip
#wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.11.tar.xz
#tar -xf openvpn-*
#cp openvpn_xorpatch-master/openvpn_xor.patch ~/XOR/openvpn-2.3.11/
#cd openvpn-2.3.11
#git apply openvpn_xor.patch
#./configure CFLAGS="-I/usr/local/include" LDFLAGS="-L/usr/local/lib"
#make
#make install
I know those above commands can be combined, but my skills are not the best, I just keep it simple.

I am guessing at this next bit- go into the web GUI-->System--->Firmware--->Packages---> Lock openvpn from being updated. (even though it says a different version, if you check the log it says openvpn 2.3.11)

That is it. I tested it on my VPS. Hopefully the patch gets updated.
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13643
  • Karma: 1174
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #1 on: September 02, 2016, 03:17:41 pm »
Hold on, you do know that we ship the Tunnelblick version of the XOR patch and have also updated it to work with version 2.3.12?

https://tunnelblick.net/cOpenvpn_xorpatch.html

We have done so since version 15.1.10.2. ;)


Cheers,
Franco
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #2 on: September 03, 2016, 01:58:16 am »
wait, Franco -your saying I didn't need to patch it, because it is already patched by default? I could have just put in the advanced config area: scramble obfuscate password from the get go?

Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13643
  • Karma: 1174
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #3 on: September 03, 2016, 10:17:17 am »
Yes, take a look at this old thread that asked for inclusion: https://forum.opnsense.org/index.php?topic=398
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #4 on: September 03, 2016, 11:50:40 am »
doh very nice inclusion :-)
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #5 on: December 06, 2016, 08:31:04 am »
If anybody has updated Opnsense, but held back on openvpn (2.3.12_2) (using XOR patch)
You will get:
Shared object "libcrypto.so.8" not found, required by "openvpn"
Shared object "libssl.so.8" not found, required by "openvpn"

To fix it temporarily:
 ln -s /usr/local/lib/libssl.so.9 /usr/local/lib/libssl.so.8
ln -s /usr/local/lib/libcrypto.so.9 /usr/local/lib/libcrypto.so.8
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 13643
  • Karma: 1174
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #6 on: December 06, 2016, 10:23:39 am »
Not sure why you bring this up, we built all our OpenVPN versions with XOR... ALPHA, BETA, production... :)
Logged

cake

  • Jr. Member
  • **
  • Posts: 53
  • Karma: 13
    • View Profile
Re: OpenVpn XOR Scramble patch example
« Reply #7 on: December 07, 2016, 01:05:16 am »
my bad Franco, for some reason I couldn't apply the git patch to openvpn 2.3.13 source a while back on a ubuntu system, I assumed it wasn't working for anything past 2.3.12. Just checked and now I can apply the patch and make it. I stand corrected.
cheers!
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • OpenVpn XOR Scramble patch example
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2