dnmaster 0 Posted ... Mullvad provides a useful "obfuscation" layer that tunnels the UDP VPN packets through a TCP connection to their server. I still use mullvad largely because of this feature, as it gets through many firewalls that TCP OpenVPN or shadowsocks fail to bypass. It is implemented in rust and is open-sourced on github: https://github.com/mullvad/udp-over-tcp/ I realize this is a big wish and probably not feasible but having this feature in AirVPN would make it even more useful for me Has anyone else had experience using this layer? Quote Share this post Link to post
go558a83nk 364 Posted ... I've found that tls-crypt TCP 443 allows me to connect when tls-auth openvpn requires me to use stunnel. Are you sure that this UDP in TCP is required for your location? Quote Share this post Link to post
dnmaster 0 Posted ... I'll try tls-crypt next time I need to, thank you for the advice. Quote Share this post Link to post
dnmaster 0 Posted ... I used the automatic protocol selector in eddie and it worked perfectly first try! Thank you for the advice. Quote Share this post Link to post
ss11 20 Posted ... On 9/8/2023 at 6:24 AM, go558a83nk said: I've found that tls-crypt TCP 443 allows me to connect when tls-auth openvpn requires me to use stunnel. Are you sure that this UDP in TCP is required for your location? This is a very good question, I think there is a high probability udp-over-tcp is not actually the solution, it's the tls-crypt that also alters the handshake. It's unclear what the obfuscation mechanism is, as from what it can be read on github it's just a forwarder from tcp to udp. Quote Share this post Link to post
Air4141841 25 Posted ... On 9/8/2023 at 9:24 AM, go558a83nk said: I've found that tls-crypt TCP 443 allows me to connect when tls-auth openvpn requires me to use stunnel. Are you sure that this UDP in TCP is required for your location? this is great for us Airvpn users. since mullvad doesn’t even use tls auth, let alone crypt it’s no wonder they have so many issues it’s connectivity Quote Share this post Link to post
go558a83nk 364 Posted ... 16 minutes ago, Air4141841 said: this is great for us Airvpn users. since mullvad doesn’t even use tls auth, let alone crypt it’s no wonder they have so many issues it’s connectivity mullvad doesn't use a TLS key? Quote Share this post Link to post
Air4141841 25 Posted ... 4 hours ago, go558a83nk said: mullvad doesn't use a TLS key? use tls key = unchecked Why I stopped using them https://mullvad.net/en/help/using-pfsense-mullvad/ 1 fsy reacted to this Quote Share this post Link to post
fsy 34 Posted ... Holy Moly, lemme get it straight, so the "whoa amazing'" Mullvad "always on the bleeding edge": doesn't offer remote port forwarding, doesn't run OpenVPN with TLS key, provides a lame traffic splitting app with built-in dns leaks "in"... I wouldn't go so far as to say that as North and Express it is a syphilitic little sidewalk whore passed off as a high-class escort, but ... good thing I left it. 1 1 Air4141841 and go558a83nk reacted to this Quote Share this post Link to post
Air4141841 25 Posted ... 8 minutes ago, fsy said: Holy Moly, lemme get it straight, so the "whoa amazing'" Mullvad "always on the bleeding edge": doesn't offer remote port forwarding, doesn't run OpenVPN with TLS key, provides a lame traffic splitting app with built-in dns leaks "in"... I wouldn't go so far as to say that as North and Express it is a syphilitic little sidewalk whore passed off as a high-class escort, but ... good thing I left it. we are very limited….. still thankful Airvpn is included in one of the top tier providers with tls crypt option 1 fsy reacted to this Quote Share this post Link to post
ss11 20 Posted ... This is because AirVPN, at its core, does not employ random sysadmins. The Core team seams to be specialized in and understand very well cryptography, network / systems security, threat models and various attacks and looks to do diligence research for every feature or option deployed. I was able to tell this by how a ticket that sent to professional support was processed. It's the main reason I'm here and referring this service. Also: can anyone here read Go lang better? Is there actually any obfuscation algorithm in that tcp2udp tool because to me it looks like a lightweight forwarder that wraps and unwraps udp in tcp transparently to the daemon listening on the UDP port. I am not saying it's not good, tools like this should be encouraged to exist as I am sure many users will find valid use cases for them, but I saw it's advertised as an "obfuscation" solution and I want to understand if it technically is (for example like Tor's obfsproxy tool). 1 PWolverine reacted to this Quote Share this post Link to post
OpenSourcerer 1441 Posted ... 14 hours ago, ss11 said: Also: can anyone here read Go lang better? Is there actually any obfuscation algorithm in that tcp2udp tool because to me it looks like a lightweight forwarder that wraps and unwraps udp in tcp transparently to the daemon listening on the UDP port. I am not saying it's not good, tools like this should be encouraged to exist as I am sure many users will find valid use cases for them, but I saw it's advertised as an "obfuscation" solution and I want to understand if it technically is (for example like Tor's obfsproxy tool). Quick note: It's not Go, it's Rust, and no, there are no crate dependencies or code samples suggesting any obfuscation going on. Where did you saw it advertised as such, though? It's basically the forward_traffic.rs file: The "glue" is process_udp_over_tcp which taps into process_tcp2udp or process_udp2tcp depending on the direction, along with a few helper functions. udp2tcp wraps a datagram into a TCP packet and simply appends the length of the datagram to the header. In the other direction tcp2udp simply writes into a UDP buffer and forwards complete datagrams to the UDP socket address specified until the TCP stream is closed. 1 PWolverine reacted to this Quote Hide OpenSourcerer's signature Hide all signatures NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT. LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too! Want to contact me directly? All relevant methods are on my About me page. Share this post Link to post
Stalinium 47 Posted ... On 9/17/2023 at 9:23 PM, ss11 said: Is there actually any obfuscation algorithm in that tcp2udp tool It does not need to be sophisticated to break simple traffic pattern matching, which is 99% of all common firewalls you are going to see. Yes I would still call it obfuscation. Quote Share this post Link to post