OpenVPN and SSH Tunnels

[chichow]

Apparently countries such as Iran and China are using deep packet inspection to block openvpn

https://forums.openvpn.net/topic11790.html

==

Is there a way to configure the router to encapsulate the openvpn server running on port 1194 UDP service in a SSH tunnel 22 TCP?

 

[AdvHomeServer]

Apparently countries such as Iran and China are using deep packet inspection to block openvpn

https://forums.openvpn.net/topic11790.html

==

Is there a way to configure the router to encapsulate the openvpn server running on port 1194 UDP service in a SSH tunnel 22 TCP?

I don't know if this helps, but my DD-WRT / OpenVPN configuration uses port 443 TCP. The changes to the 'typical' configuration are minimal. My web site has a three part article on setting up OpenVPN for DD-WRT and illustrates using port 443 TCP and making sure the connection is encapsulated in the tunnel. It's said (by others who I researched while writing the articles) that OpenVPN on port 443 TCP looks like normal HTTPS when set up in this way. Since a port is only a port, there's no reason why port 22 TCP couldn't work --- try it and see.

 

[cosmoxl]

VPN provider AirVPN has a setup for openvpn through SSH and SSL tunnels.

This is the script used to make the SSH connection to AirVPN and to start a local daemon to receive the openvpn connection.

#!/bin/bash
# --------------------------------------------------------
# Air VPN | https://airvpn.org | Monday 13th of October 2014 04:02:55 AM
# SSH Client Configuration, Linux/OSX
# AirVPN_SG-Antares_SSH-80
# --------------------------------------------------------

chmod 600 sshtunnel.key
while :
do
echo ""; echo "AirVPN SSH Tunnel"
ssh -i sshtunnel.key -L 1412:127.0.0.1:2018 sshtunnel@VPNIPAddress -p 80 -N -T -v
read -t 5 -p "Retry? (or wait 5 sec for Y)" yn
if [[ $yn == "n" || $yn == "N" ]]; then break; fi
done

The openvpn config main points for how it connects are:

remote 127.0.0.1 1412
route VPNIPAddress 255.255.255.255 net_gateway

so that it first connects to the daemon the script created, but then tunnels through it to the VPN server

maybe this will help you.

 

[chichow]

Thank you for the responses. In my case, I was trying to use my Asus as a openvpn server sitting outside of China. Not as a openvpn client to a commercial VPN provider.

Regardless this is great information and something I might need to know if I want to set up a SSH tunnel first.

 

[Mistermoonlight]

I am using 2 open vpn server on my asus rt-n66 device and one is setup as tcp 443 port, working perfectly well because i don't have any other web server on this port...