This is useful if you are behind a restrictive firewall that uses SPI to block services rather than plain old port blocking. An SPI firewall is able to distinguish between one packet type and another, without just checking the port that is in use.
You’ll need root access to the OpenVPN Server, as you have to change some of the server config files.
You need to do the folllowing changes:
- change the line proto udp to proto tcp on client and server configuration file
- add socks-proxy localhost 5555 in the OpenVPN client configuration file
- create an SSH tunnel between the client machine and the OpenVPN Server. Assuming you’re running Linux/Unix with the OpenSSH client binary installed then run the command:
[codesyntax lang="bash"]
ssh -ND5555 user@test.org
[/codesyntax]
Note: If you are using Windows please read what this guy wrote here: http://blog.ramin-hossaini.com/2009/10/06/creating-a-tunnel-and-socks-proxy-with-putty/
Thank you! My machine where the OpenVPN Server is running is saying "channel 2: open failed: connect failed: Connection refused". Any idea?
I would first try this:
ssh -ND5555 user@test.org -v -v
You can use "-v" up to 3 times to increase verbosity to see what is happening there.
Second, I would try to change this:
socks-proxy localhost 5555
to this:
socks-proxy 127.0.0.1 5555
Thank you very much for your reply! Connection seems to work, but trying to open a website the remote machine says: "debug2: channel 2: open confirm rwindow 2097152 rmax 32768 Write failed: Broken pipe".
My client config is like this:
dev tun
client
proto tcp-client
remote localhost
socks-proxy localhost 5555
resolv-retry infinite
...
I'm note sure about the "remote localhost" line.
Sorry for my late reply.
At this moment I don't have access to any server which I can use to run some tests, but try to comment the line "remote localhost" line and try to connect again.