Linux - Using SSL Tunnel with AirVPN

[Bob.Dole 0]

Hi there

Ok so I love this VPN service, been using it for a good few months now and am convinced I made the right choice, but one thing that never happened for me was being able to dodge my ISP (TalkTalk in the UK) traffic shaping policy. Tried getting help with it at first but looks like my ISP is throttling all encrypted traffic, or at least VPN traffic.

Anyway, noticed there are a couple of new options for attempting to male VPN traffic indistinguishable from other SSL traffic and thought that was worth trying in case it screwed up their throttling... but as always with linux my noobyness has got me stumped and I need to ask a question that I should be able to answer myself by now:

For command line (root NOT required):

stunnel "AirVPN <..> - SSL <..>.ssl"

From another command line (as root):

openvpn "AirVPN <..> - SSL <..>.ovpn"

I don't know how to write these commands properly. I have 2 files, *.ssl and *.ovpn, where do I put them in these commands? Do I leave the "AirVPN" and "SSL" text in the commands or should that be removed and replaced with filenames? What goes in the "<..>"? So far each variation I have tried hasn't worked Maybe I have done it right one of the times and it's something else that needs done, I noticed a line saying to update openssl libraries... not sure how to do that either tbh and googling hasn't helped.

Thank in advance.

[Staff 9972]

Hello!

Let's make a practical example.

Let's assume that, after you have installed the stunnel package, you want to connect over OpenVPN over SSL to Bootis and also that you do not select the option "Separate keys/certs from .ovpn file".

After you have used the configuration generator, you will have two files, as you have noticed:

AirVPN_GB-Bootis_SSL-443.ovpn

AirVPN_GB-Bootis_SSL-443.ssl

Put them in any directory you like.

Now, open two shells: one as normal user, the other as root.

If you don't have a "root shell", in the second shell elevate to root with the command "su". If you have an Ubuntu distribution su is not available by default, so you will have to use the command "sudo" (see below).

In the first shell, as normal user, go to the directory where you put the files (cd ) and issue the command:

stunnel AirVPN_GB-Bootis_SSL-443.ssl

Now switch to the second shell, where you are root, go to the same directory and issue the command:

openvpn AirVPN_GB-Bootis_SSL-443.ovpn

If you have Ubuntu and you're not root on the second shell, the command is:

sudo openvpn AirVPN_GB-Bootis_SSL-443.ovpn

OpenVPN should connect to Bootis over SSL. Check that the connection is successfully established by browsing to our web site and making sure that the central bottom box is green and displays "Connected!".

In case of issues please copy the output of both commands and paste them in a message.

Kind regards

[Bob.Dole 0]

Thanks for the reply

Ok here's the outputs I am getting:

No limit detected for the number of clients

signal_pipe: FD=4 allocated (non-blocking mode)

signal_pipe: FD=5 allocated (non-blocking mode)

stunnel 4.42 on x86_64-pc-linux-gnu platform

Compiled with OpenSSL 1.0.0e 6 Sep 2011

Running with OpenSSL 1.0.1 14 Mar 2012

Update OpenSSL shared libraries or rebuild stunnel

Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6

Reading configuration from descriptor 3

PRNG seeded successfully

Line 1: End of section stunnel: SSL server needs a certificate

str_stats: 48 block(s), 1962 byte(s)

and

Sun Mar 24 16:38:09 2013 OpenVPN 2.3.0 x86_64-pc-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [iPv6] built on Jan 8 2013

Sun Mar 24 16:38:09 2013 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables

Sun Mar 24 16:38:09 2013 Socket Buffers: R=[87380->131072] S=[16384->131072]

Sun Mar 24 16:38:09 2013 Attempting to establish TCP connection with [AF_INET]127.0.0.1:1413 [nonblock]

Sun Mar 24 16:38:09 2013 TCP: connect to [AF_INET]127.0.0.1:1413 failed, will try again in 5 seconds: Connection refused

[Bob.Dole 0]

Oh I got it to work. I had to change "stunnel" to "stunnel4" in the command. It still says update libraries, but it seems to be working, showing as connected to the vpn.

sudo stunnel4 '/home/tony/VPN Servers/SSL/AirVPN/AirVPN_NL-Leporis_SSL-443.ssl'

2013.03.24 17:40:31 LOG5[28520:139746749650688]: stunnel 4.42 on x86_64-pc-linux-gnu platform

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Compiled with OpenSSL 1.0.0e 6 Sep 2011

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Running with OpenSSL 1.0.1 14 Mar 2012

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Update OpenSSL shared libraries or rebuild stunnel

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Threading:PTHREAD SSL:ENGINE Auth:LIBWRAP Sockets:POLL,IPv6

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Reading configuration from file /home/tony/VPN Servers/SSL/AirVPN/AirVPN_NL-Leporis_SSL-443.ssl

2013.03.24 17:40:31 LOG6[28520:139746749650688]: Initializing SSL context for service openvpn

2013.03.24 17:40:31 LOG6[28520:139746749650688]: SSL context initialized

2013.03.24 17:40:31 LOG5[28520:139746749650688]: Configuration successful

2013.03.24 17:40:47 LOG5[28520:139746749806336]: Service openvpn accepted connection from 127.0.0.1:36461

2013.03.24 17:40:47 LOG6[28520:139746749806336]: connect_blocking: connecting 95.211.191.42:443

2013.03.24 17:40:47 LOG5[28520:139746749806336]: connect_blocking: connected 95.211.191.42:443

2013.03.24 17:40:47 LOG5[28520:139746749806336]: Service openvpn connected remote server from 192.168.1.3:51544

2013.03.24 17:40:47 LOG6[28520:139746749806336]: SSL connected: new session negotiated

2013.03.24 17:40:47 LOG6[28520:139746749806336]: Negotiated ciphers: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1