OpenVPN —— over SSH or SSL Tunnel for highest security

角色

根据[1]，用443 TCP Port与银行的443 TCP Port是不一样，所以要block OpenVPN用的TCP 443 port是不足够的，他们用machine去侦测你的是用银行的TCP 443 port，还是OpenVPN的TCP 443呢？如果不是银行的TCP 443 port，那么就可以block你。所以建议大家可以考虑用OpenVPN over a SSH or SSL tunnel.

Reference:
[1] https://www.bestvpn.com/blog/591 ... ic-an-introduction/

tomleehk

Personally I feel the response was slower when compared to the only-SSH or the only-OpenVPN connections.

The procedure was quite simple as I used DD-WRT version which already supports SSH and OpenVPN on the same router at the same time.

1) Procedure of SSH connection was already shared below
http://www.telecom-cafe.com/forum/viewthread.php?tid=5682
Additional step : Created a C2S port forwarding at bitvise ( verified that without this step, OpenVPN connection could not be made )
Listen Interface : 127.0.0.1
List. Port : 443
Destination Host : localhost
Dest. Port : 443

2) Procedure of OpenVPN connection was also shared below
http://www.telecom-cafe.com/forum/viewthread.php?tid=5112

Of course, at DD-WRT configuration, I used different port number for SSH and OpenVPN. (e.g. SSH - port 22 , OpenVPN - port 443 )

Both SSH and OpenVPN connections were being in-use and in this morning just tested again to verify/confirm their individual connection functionality.

To combine together..

Step 1> First used bitvise to connect to DD-WRT router via SSH
Connection established successfully..
No need to do any configuration/setting (e.g. SOCKS, proxy ) at IE..

Step 2> Amended the OpenVPN client configuration so as to access 127.0.0.1 ( other than the usual OpenVPN server's IP address/URL )
e.g.
         remote 127.0.0.1 443
         client
         dev tun0
         ....

Steop 3> Then made the OpenVPN connection call.
Connection established successfully as well..

I accessed the virtual IP address of OpenVPN router (e.g. 192.168.60.1) at IE, it gave the dd-wrt configuration screen.
I accessed getip.com at IE, it showed the DD-WRT router's WAN IP address.

No need to do any configuration/setting (e.g. SOCKS, proxy ) at IE..

角色

How was the performance?

Could you share the exact procedure that could allow us to access the remote gateway over the  SSH tunnel?

tomleehk

Noted..

Just tried in the morning after successful SSH connection using Bitvise, the client was also able to connect to the 127.0.0.1 using OpenVPN client.

Hope anyone can comment if this is an OpenVPN over SSH implementation.

If so, anyway to verify an successful OpenVPN over SSH implementation ?

角色

As mentioned in the first post, I just summarised the message as reported by someone on the Internet.

Since this is a non-standard way for connection the two sides using OpenVPN over SSL or SSH tunnel, I believe that we initially use any SSL/SSH tunnel to connect both sides with two known internal IPs. Based on these two IPs, both OpenVPNs on each side form another tunnel protected by the outer-most SSL/SSH layer.

tomleehk

回復 1# 角色
   

Assuming I am using DD-WRT router with SSH and OpenVPN properly configurated on the same router, if I need to implement OpenVPN over SSH.

Does it mean I need to
1) First connect client side to DD-WRT router using say Putty, then after connection
2) On the same PC use OpenVPN client to connect to 127.0.0.1
?

Ching, please comment..