Как заявляет разработчик
OpenVPN xor scramble patch
This patch adds obfuscation capability to OpenVPN, allowing it to bypass network traffic sensors which aim to detect usage of the protocol and block it.
То есть мы можем скрывать заголовок OpenVPN для каждого пакета
Это может быть полезно, если провайдер определяет и блокирует зашифрованный трафик OpenVPN
Качаем патч с гита
# apt-get install git # git clone https://github.com/clayface/openvpn_xorpatch
Качаем исходники OpenVPN. На текущий момент актуальна версия 2.3.11
# wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.11.tar.gz # tar xvf openvpn-2.3.11.tar.gz # cd openvpn-2.3.11
Сама установка патча
# patch -p1 < ../openvpn_xorpatch/openvpn_xor.patch patching file src/openvpn/forward.c Hunk #1 succeeded at 675 (offset 1 line). Hunk #2 succeeded at 1155 (offset 2 lines). patching file src/openvpn/options.c Hunk #1 succeeded at 792 (offset 7 lines). Hunk #2 succeeded at 910 (offset 4 lines). Hunk #3 succeeded at 1372 (offset 18 lines). Hunk #4 succeeded at 5140 (offset 82 lines). patching file src/openvpn/options.h patching file src/openvpn/socket.c patching file src/openvpn/socket.h Hunk #1 succeeded at 245 (offset -5 lines).
Сборка, установка и проверка
# ./configure # make # make install # whereis openvpn openvpn: /usr/sbin/openvpn.rej /usr/sbin/openvpn.orig /etc/openvpn /usr/local/sbin/openvpn /usr/local/lib/openvpn # openvpn --version OpenVPN 2.3.11 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on May 11 2016 library versions: OpenSSL 1.0.1e 11 Feb 2013, LZO 2.06 Originally developed by James Yonan Copyright (C) 2002-2010 OpenVPN Technologies, Inc. sales@openvpn.net; Compile time defines: enable_crypto=yes enable_crypto_ofb_cfb=yes enable_debug=yes enable_def_auth=yes enable_dlopen=unknown enable_dlopen_self=unknown enable_dlopen_self_static=unknown enable_fast_install=yes enable_fragment=yes enable_http_proxy=yes enable_iproute2=no enable_libtool_lock=yes enable_lzo=yes enable_lzo_stub=no enable_management=yes enable_multi=yes enable_multihome=yes enable_pam_dlopen=no enable_pedantic=no enable_pf=yes enable_pkcs11=no enable_plugin_auth_pam=yes enable_plugin_down_root=yes enable_plugins=yes enable_port_share=yes enable_selinux=no enable_server=yes enable_shared=yes enable_shared_with_static_runtimes=no enable_small=no enable_socks=yes enable_ssl=yes enable_static=yes enable_strict=no enable_strict_options=no enable_systemd=no enable_win32_dll=yes enable_x509_alt_username=no with_aix_soname=aix with_crypto_library=openssl with_gnu_ld=yes with_mem_check=no with_plugindir='$(libdir)/openvpn/plugins' with_sysroot=no # ls -la /usr/local/sbin/ | grep openvpn -rwxr-xr-x 1 root staff 3642601 May 11 18:51 openvpn