OPNsense Forum

English Forums => General Discussion => Topic started by: deodion on August 16, 2017, 10:38:52 am

Title: Stunnel and SSH tunneling VPN
Post by: deodion on August 16, 2017, 10:38:52 am

Is there anyway to get around ISP VPN blocking?

I read here: https://www.bestvpn.com/privacy-news/how-to-bypass-vpn-blocks

I'm suspecting my ISP is using Deep Packet Inspection (DPI) technology to control VPN traffic,

Perhaps actually OPNsense is built-in with stunnel or SSH tunneling?

Thank you,

Title: Re: Stunnel and SSH tunneling VPN
Post by: franco on August 16, 2017, 10:44:33 am

Mostly SSL VPN (OpenVPN) through 443. Or is that already specifically blocked? There is the XOR patch which we have as well to prevent this detection in site-to-site deployments where you control both sites:

https://tunnelblick.net/cOpenvpn_xorpatch.html

You can also tunnel quite a bit through SSH, which is preinstalled.

We don't have stunnel as a package right now, but you could install that manually as well.


Cheers,
Franco

Title: Re: Stunnel and SSH tunneling VPN
Post by: deodion on August 16, 2017, 11:13:10 am

Quote from: franco on August 16, 2017, 10:44:33 am

Mostly SSL VPN (OpenVPN) through 443. Or is that already specifically blocked?

You can also tunnel quite a bit through SSH, which is preinstalled.

Cheers,
Franco

I will try to change it to 443 tonight,

And could you help point out how to use SSH tunneling in OPNsense and the client, please?
may be like just follow this link?: https://www.howtogeek.com/168145/how-to-use-ssh-tunneling

Title: Re: Stunnel and SSH tunneling VPN
Post by: franco on August 16, 2017, 01:41:16 pm

Sure, if you want to connect to the GUI of a remote OPNsense that you only configured via SSH access from WAN:

# ssh -L 443:localhost:8443 10.0.0.1

In the browser, just open https://localhost:8443 to see the remote GUI.


Cheers,
Franco

Title: Re: Stunnel and SSH tunneling VPN
Post by: fabian on August 16, 2017, 04:26:54 pm

or use -D port (socks proxy of the ssh command)