Need run Openvpn client config with TLS 1.2+Stealth (Scramble)

Hichkas

New Around Here
Greeting all and special salute to dear @RMerlin

After test a lot of openvpn Config from most known vpn provider such as expressvpn, surfshark ,nordvpn ,IVPN ,mullvad
Right now only openvpn configuration working in my country is TORGUARD with just only this specific setting on android.( TCP+Stealth 4443+AES256 GCM+ sTunnel active in setting)
aza.jpg
az.jpg

This configuration (TCP+TLS 1.2+Stealth) available on torguard client area only for DD-WRT
i put that config here to check this out
#!/bin/sh

USERNAME="USERNAME-HERE"
PASSWORD="PASSWORD-HERE"

PROTOCOL="tcp"
# Add - delete - edit servers between ##BB## and ##EE##
REMOTE_SERVERS="
##BB##
#
remote us-nj.torguard.com 4443
##EE##
"

#### DO NOT CHANGE below this line unless you know exactly what youre doing ####

CA_CRT="-----BEGIN CERTIFICATE-----
MIIDMTCCAhmgAwIBAgIJAKnGGJK6qLqSMA0GCSqGSIb3DQEBCwUAMBQxEjAQBgNV
BAMMCVRHLVZQTi1DQTAgFw0xOTA1MjExNDIzMTFaGA8yMDU5MDUxMTE0MjMxMVow
FDESMBAGA1UEAwwJVEctVlBOLUNBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAlv0UgPD3xVAvhhP6q1HCmeAWbH+9HPkyQ2P6qM5oHY5dntjmq8YT48FZ
GHWv7+s9O47v6Bv7rEc4UwQx15cc2LByivX2JwmE8JACvNfwEnZXYAPq9WU3ZgRr
AGvA09ItuLqK2fQ4A7h8bFhmyxCbSzP1sSIT/zJY6ebuh5rDQSMJRMaoI0t1zorE
Z7PlEmh+o0w5GPs0D0vY50UcnEzB4GOdWC9pJREwEqppWYLN7RRdG8JyIqmA59mh
ARCnQFUo38HWic4trxFe71jtD7YInNV7ShQtg0S0sXo36Rqfz72Jo08qqI70dNs5
DN1aGNkQ/tRK9DhL5DLmTkaCw7mEFQIDAQABo4GDMIGAMB0GA1UdDgQWBBR7Dcym
XBp6u/jAaZOPUjUhEyhXfjBEBgNVHSMEPTA7gBR7DcymXBp6u/jAaZOPUjUhEyhX
fqEYpBYwFDESMBAGA1UEAwwJVEctVlBOLUNBggkAqcYYkrqoupIwDAYDVR0TBAUw
AwEB/zALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBAE79ngbdSlP7IBbf
nJ+2Ju7vqt9/GyhcsYtjibp6gsMUxKlD8HuvlSGj5kNO5wiwN7XXqsjYtJfdhmzz
VbXksi8Fnbnfa8GhFl4IAjLJ5cxaWOxjr6wx2AhIs+BVVARjaU7iTK91RXJnl6u7
UDHTkQylBTl7wgpMeG6GjhaHfcOL1t7D2w8x23cTO+p+n53P3cBq+9TiAUORdzXJ
vbCxlPMDSDArsgBjC57W7dtdnZo7gTfQG77JTDFBeSwPwLF7PjBB4S6rzU/4fcYw
y83XKP6zDn9tgUJDnpFb/7jJ/PbNkK4BWYJp3XytOtt66v9SEKw+v/fJ+VkjU16v
E/9Q3h4=
-----END CERTIFICATE-----"

OPVPNENABLE=`nvram get openvpncl_enable | awk '$1 == "0" {print $1}'`

if [ "$OPVPNENABLE" != 0 ]; then
nvram set openvpncl_enable=0
nvram commit
fi

sleep 10
mkdir /tmp/torguard; cd /tmp/torguard
echo -e "$USERNAME\n$PASSWORD" > userpass.conf
echo "$CA_CRT" > ca.crt
echo "#!/bin/sh
iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE" > route-up.sh
echo "#!/bin/sh
iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE" > route-down.sh
chmod 644 ca.crt; chmod 600 userpass.conf; chmod 700 route-up.sh route-down.sh
sleep 10
echo "client
auth-user-pass /tmp/torguard/userpass.conf
management 127.0.0.1 5001
management-log-cache 50
dev tun0
proto $PROTOCOL
compress
ncp-disable
fast-io
script-security 2
mtu-disc yes
verb 4
mute 5
auth SHA256
key-direction 1
setenv CLIENT_CERT 0
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
770e8de5fc56e0248cc7b5aab56be80d
0e19cbf003c1b3ed68efbaf08613c3a1
a019dac6a4b84f13a6198f73229ffc21
fa512394e288f82aa2cf0180f01fb3eb
1a71e00a077a20f6d7a83633f5b4f47f
27e30617eaf8485dd8c722a8606d56b3
c183f65da5d3c9001a8cbdb96c793d93
6251098b24fe52a6dd2472e98cfccbc4
66e63520d63ade7a0eacc36208c3142a
1068236a52142fbb7b3ed83d785e12a2
8261bccfb3bcb62a8d2f6d18f5df5f36
52e59c5627d8d9c8f7877c4d7b08e19a
5c363556ba68d392be78b75152dd55ba
0f74d45089e84f77f4492d886524ea6c
82b9f4dd83d46528d4f5c3b51cfeaf28
38d938bd0597c426b0e440434f2c451f
-----END OpenVPN Static key V1-----
</tls-crypt>
cipher AES-128-CBC
tun-mtu 48000
sndbuf 393216
rcvbuf 393216
resolv-retry infinite
nobind
persist-key
persist-tun
tls-client
tls-version-min 1.2
remote-cert-tls server
log-append torguard.log
ca ca.crt
scramble obfuscate M7Dca}m~s9Rb%*py{<ZTk0jHP1Pxo]+mL6-9)<)DCt(5SQ]3pbd&,,?{_)W7Ds*CKvCyGvQC8K1flvUgQYta_ESGBV]4X3qb58)<o4:eE03:,Ng-JLwnd|o],)G}I(KhZFT_+x;|x.63tjwgHfC
status-version 3
status status
daemon
$REMOTE_SERVERS" > torguard.conf
ln -s /tmp/torguard/torguard.log /tmp/torguard.log
ln -s /tmp/torguard/status /tmp/status
(killall openvpn; openvpn --config /tmp/torguard/torguard.conf --route-up /tmp/torguard/route-up.sh --down /tmp/torguard/route-down.sh) &
exit

HOW can i make it WORK on Asus merlin Firmware

any idea and help would be appreciated
 
Last edited:

egc

Occasional Visitor
StrongVPN also has the ability to use the scramble option.

As far as I know to use the scramble option your OpenVPN client has to be compiled with the scramble patch, this is not standard OpenVPN.

So either you have to compile yourself or ask RMerlin to do that or use other software which has it compiled in.

For WireGuard there also exists an obfuscation option to dodge the (great) firewall but it is also non standard but can be added later
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top