-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathopenvpn-cloak.html
137 lines (116 loc) · 8.3 KB
/
openvpn-cloak.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>OpenVPN + Cloak</title>
<link rel="stylesheet" href="css/style.css">
<meta property="og:title" content="OpenVPN + Cloak">
<meta property="og:description" content="Cloak enhances traditional tools like OpenVPN to evade sophisticated censorship and data discrimination">
<meta property="og:type" content="website">
<meta property="og:image" content="https://computerscot.github.io/img/computerscot.png">
<meta property="og:url" content="https://computerscot.github.io/openvpn-cloak.html">
</head>
<body>
<div id="bar">
<div class="wrapper">
<p><a href="https://computerscot.github.io">computerscot.github.io</a></p>
</div>
</div>
<div class="wrapper">
<h1>OpenVPN + Cloak</h1>
<p><em>August 20, 2023</em></p>
<p>Cloak enhances traditional tools like OpenVPN to evade sophisticated censorship and data discrimination.</p>
<p>This is an introductory tutorial. If you would like to learn more about Cloak, visit its GitHub repository at <a href="https://github.com/cbeuw/Cloak">https://github.com/cbeuw/Cloak</a>.</p>
<h2>Server</h2>
<p>The server in the tutorial runs Ubuntu 22.04. The process will be similar on a Debian server. It is assumed that you are logged in as <code>root</code>.</p>
<p>Open ports <code>tcp/80</code> and <code>tcp/443</code> for Cloak. (You can, if you wish, change these ports in the Cloak server configuration file by changing the value of <code>BindAddr</code>.)</p>
<p>Install OpenVPN:</p>
<blockquote><code>curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh</code></blockquote>
<blockquote><code>chmod +x openvpn-install.sh</code></blockquote>
<blockquote><code>./openvpn-install.sh</code></blockquote>
<p>When you are asked for the IP address, enter the public IP address of your server. You can use port <code>1194</code> for OpenVPN, since traffic will pass through Cloak before it reaches the OpenVPN server. <strong>Use protocol TCP for OpenVPN.</strong></p>
<p>At the end of the script's run, you are prompted to choose a name for the client, e.g. <code>xxxxxxxx</code>. The script then generates a client configuration file named, for example, <code>xxxxxxxx.ovpn</code>.</p>
<p>Optionally reconfigure the OpenVPN server so that it listens on localhost only. This is optional because we assume you keep the firewall closed for port <code>udp/1194</code>. Edit your OpenVPN server configuration file, e.g. <code>/etc/openvpn/server.conf</code>. Make OpenVPN listen on localhost only by inserting a line:</p>
<blockquote><code>local 127.0.0.1</code></blockquote>
<p>Save the file. Restart OpenVPN server with your revised configuration:</p>
<blockquote><code>systemctl restart openvpn@server</code></blockquote>
<p>Download the latest release of Cloak and copy it to an executable directory:</p>
<blockquote><code>wget https://github.com/cbeuw/Cloak/releases/download/v2.7.0/ck-server-linux-amd64-v2.7.0</code></blockquote>
<blockquote><code>cp ck-server-linux-amd64-v2.7.0 /usr/local/bin/ck-server</code></blockquote>
<blockquote><code>chmod +x /usr/local/bin/ck-server</code></blockquote>
<p>Generate public and private keys:</p>
<blockquote><code>ck-server -key</code></blockquote>
<p>Give the public key to your users. The private key should be kept secret. You will copy the private key into your server configuration file in a moment.</p>
<p>Example public key:</p>
<blockquote><code>Fl1lvohMZwGxuZTVkLFe5PyAWijtgRZPwvkq8/UVqXg=</code></blockquote>
<p>Example private key:</p>
<blockquote><code>GJic5FRzCDK3MozjBK2KoddMY7hFQDP2Qr9ZgKZliGQ=</code></blockquote>
<p>Generate an initial user id:</p>
<blockquote><code>ck-server -uid</code></blockquote>
<p>Example user id:</p>
<blockquote><code>sEy7bAYtNj8lv59lf0onJQ==</code></blockquote>
<p>Create a configuration file:</p>
<blockquote><code>mkdir ~/cloak</code></blockquote>
<blockquote><code>vi ~/cloak/ckserver.json</code></blockquote>
<p>Use <a href="https://github.com/cbeuw/Cloak/tree/master/example_config">https://github.com/cbeuw/Cloak/tree/master/example_config</a> as a model. Our example:</p>
<pre>{
"ProxyBook": {
"openvpn": [
"tcp",
"127.0.0.1:1194"
]
},
"BindAddr": [
":443",
":80"
],
"BypassUID": [
"sEy7bAYtNj8lv59lf0onJQ=="
],
"RedirAddr": "cloudflare.com",
"PrivateKey": "GJic5FRzCDK3MozjBK2KoddMY7hFQDP2Qr9ZgKZliGQ=",
"DatabasePath": "userinfo.db"
}</pre>
<p>Change the <code>BypassUID</code> and <code>PrivateKey</code> to the user id and private key you just generated.</p>
<p>Run the Cloak server:</p>
<blockquote><code>screen -S cloak</code></blockquote>
<blockquote><code>ck-server -c ~/cloak/ckserver.json</code></blockquote>
<p>Do <strong>Ctrl</strong>+<strong>a</strong> then <strong>d</strong> to detach from the <code>screen</code> session in which Cloak is running.</p>
<p><code>ck-server</code> is now listening on ports <code>tcp/80</code> and <code>tcp/443</code>.</p>
<p>Your work on the server is completed.</p>
<blockquote><code>exit</code></blockquote>
<h2>Client</h2>
<p>Our client in this tutorial runs Windows.</p>
<p>Install the OpenVPN client from <a href="https://openvpn.net/community-downloads">https://openvpn.net/community-downloads</a>. For Windows you get an installer named <code>OpenVPN-2.6.6-I001-amd64.msi</code>, which you must run to install the Windows OpenVPN GUI client.</p>
<p>Download the client configuration file:</p>
<blockquote><code>scp root@YOUR.SERVER.IP.ADDRESS:xxxxxxxx.ovpn Downloads</code></blockquote>
<p>Do not import the client configuration file into the Windows OpenVPN GUI client just yet. You have to make a few changes to it. We will do that toward the end of the client set-up.</p>
<p>Before finalizing the OpenVPN configuration, we'll set up Cloak. Download the latest release of Cloak from <a href="https://github.com/cbeuw/Cloak/releases">https://github.com/cbeuw/Cloak/releases</a>. For Windows the client is named <code>ck-client-windows-amd64-v2.7.0.exe</code>.</p>
<p>Obtain the server public key and your personal user id from the administrator of your server. In our example, the server public key is <code>Fl1lvohMZwGxuZTVkLFe5PyAWijtgRZPwvkq8/UVqXg=</code>, and your user id is <code>sEy7bAYtNj8lv59lf0onJQ==</code>.</p>
<p>Start with the client configuration file from <a href="https://github.com/cbeuw/Cloak/tree/master/example_config">https://github.com/cbeuw/Cloak/tree/master/example_config</a> as a model. Enter your information. Our example:</p>
<pre>{
"Transport": "direct",
"ProxyMethod": "openvpn",
"EncryptionMethod": "chacha20-poly1305",
"UID": "sEy7bAYtNj8lv59lf0onJQ==",
"PublicKey": "Fl1lvohMZwGxuZTVkLFe5PyAWijtgRZPwvkq8/UVqXg=",
"ServerName": "www.bing.com",
"NumConn": 4,
"BrowserSig": "chrome",
"StreamTimeout": 300
}</pre>
<p>Save this file as, for example, <code>Downloads\\ckclient.json<code>. If you are using Windows Notepad as your text editor, make sure Notepad does not add an extra <code>.txt</code> at the end of the file name.</p>
<p>Open a Windows Command Prompt window. Run Cloak client from the command line:</p>
<blockquote><code>cd Downloads</code></blockquote>
<blockquote><code>ren ck-client-windows-amd64-v2.7.0.exe ck-client.exe</code></blockquote>
<blockquote><code>ck-client -c ckclient.json -s YOUR.SERVER.IP.ADDRESS</code></blockquote>
<p>Cloak listens on localhost port <code>tcp/1984</code> for the OpenVPN client's input. Therefore you must change your client configuration file, <code>Downloads\\xxxxxxxx.ovpn</code>. The remote server appears to be on localhost. You must define a static route to the real server IP address.</p>
<pre>remote 127.0.0.1 1984
route YOUR.SERVER.IP.ADDRESS 255.255.255.255 net_gateway</pre>
<p>Save the <code>.ovpn</code> file.</p>
<p>Now you can import the <code>.ovpn</code> file and connect to your OpenVPN server via Cloak.</p>
</div>
<!-- Cloudflare Web Analytics --><script defer src='https://static.cloudflareinsights.com/beacon.min.js' data-cf-beacon='{"token": "94e45ea74d58413395c468ebe6bab324"}'></script><!-- End Cloudflare Web Analytics -->
</body>
</html>