Use Stunnel as an HTTPS-proxy for your OpenVPN connection
How to install your OpenVPN server and set everything up to connect with a client I already explained. But if you want to tunnel your vpn-connection through an SSL-tunnel to make it look like you are connecting to an HTTPS-Server, follow these instructions - this might help if the described setup with obfsproxy does not work, because blocking all HTTPS-traffic would cripple the internet quite severely.
Installing stunnel4
The easiest way is to just install it via apt-get
$sudo apt-get install stunnel4
This creates a new user/group called stunnel4 so the stunnel-instance is able to run in its own user context. To be able to actually start stunnel, you have to enable it by setting the option in /etc/default/stunnel4 to:
ENABLED = 1
Configuring your stunnel server
The /etc/stunnel/stunnel.conf file should contain these lines:
chroot = /var/lib/stunnel4/setuid = stunnel4setgid = stunnel4pid = /stunnel4.piddebug = 7output = /stunnel.logcert = /etc/stunnel/server.crtkey = /etc/stunnel/server.keyverify = 3CAfile = /etc/stunnel/ca.crtoptions = NO_SSLv2options = SINGLE_ECDH_USEoptions = SINGLE_DH_USE#your client connects to port 443 and your OpenVPN server is listening on port 1194[OpenVPN]accept = 443connect = 127.0.0.1:1194
Start stunnel via sudo service stunnel4 start - now your server is ready for incoming connections.
Configure stunnel on your client
To configure your client to connect to your server, add the following lines to your /etc/stunnel/stunnel.conf file
chroot = /var/lib/stunnel4/setuid = stunnel4setgid = stunnel4pid = /stunnel4.piddebug = 7output = /stunnel.logcert = /etc/stunnel/client.crtkey = /etc/stunnel/client.keyverify = 3CAfile = /etc/stunnel/ca.crtoptions = NO_SSLv2options = SINGLE_ECDH_USEoptions = SINGLE_DH_USE#your client connects to port 443 and your OpenVPN server is listening on port 1194[OpenVPN]client = yesaccept = 127.0.0.1:1994connect = your.vpn.server:443
Configure your OpenVPN client
This is the easiest part, you have to change just one line in your /etc/openvpn/client.conf file to actually use stunnel
remote 127.0.0.1 1194
Now everything is set up, you should be able to connect to your OpenVPN server over an HTTPS-tunnel using stunnel4.
The route your traffic goes looks like this: Client --> OpenVPN-Client --> Stunnel4-Client --> Stunnel4-Server --> OpenVPN-Server --> Internet/LAN.
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
-1 OR 2+864-864-1=0+0+0+1 --: on 2025-02-10
-1 OR 2+211-211-1=0+0+0+1: on 2025-02-10
-1' OR 2+131-131-1=0+0+0+1 --: on 2025-02-10
-1' OR 2+853-853-1=0+0+0+1 or 'naxMxNRo'=': on 2025-02-10
-1" OR 2+954-954-1=0+0+0+1 --: on 2025-02-10
if(now()=sysdate(),sleep(15),0): on 2025-02-10
mGZaLUfS0'XOR(if(now()=sysdate(),sleep(15),0))XOR'Z: on 2025-02-10
mGZaLUfS0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z: on 2025-02-10
(select(0)from(select(sleep(15)))v)/*'+(select(0)from(select(sleep(15)))v)+'"+(select(0)from(select(sleep(15)))v)+"*/: on 2025-02-10
mGZaLUfS-1 waitfor delay '0:0:15' --: on 2025-02-10
mGZaLUfSJomsLxSe'; waitfor delay '0:0:15' --: on 2025-02-10
mGZaLUfSPtcngshY' OR 913=(SELECT 913 FROM PG_SLEEP(15))--: on 2025-02-10
mGZaLUfSaqKuq1fj') OR 690=(SELECT 690 FROM PG_SLEEP(15))--: on 2025-02-10
mGZaLUfSFmjQ0ulC')) OR 259=(SELECT 259 FROM PG_SLEEP(15))--: on 2025-02-10
mGZaLUfS'||DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(98)||CHR(98),15)||': on 2025-02-10
mGZaLUfS'": on 2025-02-10
mGZaLUfS????%2527%2522\'\": on 2025-02-10
@@i3h9N: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10
mGZaLUfS: on 2025-02-10