Use Stunnel as an HTTPS-proxy for your OpenVPN connection
How to install your OpenVPN server and set everything up to connect with a client I already explained. But if you want to tunnel your vpn-connection through an SSL-tunnel to make it look like you are connecting to an HTTPS-Server, follow these instructions - this might help if the described setup with obfsproxy does not work, because blocking all HTTPS-traffic would cripple the internet quite severely.
Installing stunnel4
The easiest way is to just install it via apt-get
$sudo apt-get install stunnel4
This creates a new user/group called stunnel4 so the stunnel-instance is able to run in its own user context. To be able to actually start stunnel, you have to enable it by setting the option in /etc/default/stunnel4 to:
ENABLED = 1
Configuring your stunnel server
The /etc/stunnel/stunnel.conf file should contain these lines:
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
debug = 7
output = /stunnel.log
cert = /etc/stunnel/server.crt
key = /etc/stunnel/server.key
verify = 3
CAfile = /etc/stunnel/ca.crt
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
#your client connects to port 443 and your OpenVPN server is listening on port 1194
[OpenVPN]
accept = 443
connect = 127.0.0.1:1194
Start stunnel via sudo service stunnel4 start
- now your server is ready for incoming connections.
Configure stunnel on your client
To configure your client to connect to your server, add the following lines to your /etc/stunnel/stunnel.conf file
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
debug = 7
output = /stunnel.log
cert = /etc/stunnel/client.crt
key = /etc/stunnel/client.key
verify = 3
CAfile = /etc/stunnel/ca.crt
options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE
#your client connects to port 443 and your OpenVPN server is listening on port 1194
[OpenVPN]
client = yes
accept = 127.0.0.1:1994
connect = your.vpn.server:443
Configure your OpenVPN client
This is the easiest part, you have to change just one line in your /etc/openvpn/client.conf file to actually use stunnel
remote 127.0.0.1 1194
Now everything is set up, you should be able to connect to your OpenVPN server over an HTTPS-tunnel using stunnel4.
The route your traffic goes looks like this: Client --> OpenVPN-Client --> Stunnel4-Client --> Stunnel4-Server --> OpenVPN-Server --> Internet/LAN.