Obfsproxy, Viscosity, OpenVPN

OpenVPN is great, and the OpenVPN command line client and the Viscosity GUI are also nice. However, all configurations need to be checked to ensure there is no information leakage. Secondly, the basic OpenVPN connection needs another layer of encryption and/or obfuscation, in order to interoperate with Internet firewalls and services that use deep packet inspection to determine vpn/proxy traffic.


Viscosity is probably the best gui client for OSX and Windows. That said, there is a lot to be desired. In fact, it is wise to skip the gui altogether with most things.

For OSX, the connections are separate, numbered folders, with copied keys and certs and a config.conf file, located in ~/Library/Application Support/Viscosity/OpenVPN/1 with second and subsequent configurations in /2, /3, etc.

Manually edit these files, and copy the ca.crt, username.crt, and username.key, and put those filenames in the entries. Set the security to chmod 700 on the certs and keys.


#-- Configuration Generated By Viscosity --#

#viscosity startonopen false
#viscosity protocol openvpn
#viscosity dns full
#viscosity usepeerdns true
#viscosity dnsserver
#viscosity autoreconnect true
#viscosity name host.domain.tld
#viscosity dhcp true
remote 1194 udp
dev tun
redirect-gateway def1
tun-mtu 1500
compress lzo
ca username-ca.crt
cert username-cert.crt
key username-key.key
push "redirect-gateway def1"
mssfix 1450
resolv-retry infinite
tun-mtu-extra 32
reneg-sec 0

Current Problems with my OpenVPN Configuration

SSL Tunnel with Stunnel for OpenVPN

... Incomplete, more to follow ...

SSH Tunnel

... Incomplete, more to follow ...


... Incomplete, more to follow ...

OpenVPN Client for IOS

The OpenVPN Connect client app for IOS works well. First, configure Viscosity, then copy the config.conf file and rename to config.ovpn. Next, install the OpenVPN IOS app, and hen share all four files (the two certificates, the key, and the configuration file) via iTunes or email (select Help button).

Go to Settings > OpenVPN and enable Seamless tunnel and Reconnect on wakeup. Set the protocol, compression, connection timeout, network state detection, and IPv6 settings.

Resources Consulted