[sslh] obfs4 over sslh?
Yves Rutschle
yves at rutschle.net
Wed Oct 10 20:40:56 UTC 2018
Oops, sorry, I should have kept this on the list...
On Mon, Oct 08, 2018 at 03:56:51PM +0100, Alexandre Badalo wrote:
> I would like to connect to a obfs4proxy server (that in turn connects to
> a openvpn server), but the problem is that obfs4 is suposed to be
> obfuscated in a way that not even DPI proxies can distinguish it.
Well, sslh is essentially doing a simple DPI to figure out
what the protocol is, so in theory that shouldn't be
possible. The easiest way to have obfs4 and https on the
same port would be to set up an https probe, and an
`anyprot` setting to forward all unknown protocols
(including obfs4) to the obfs4 proxy.
> My question is if there is some way to "tag" the obfs4 traffic before it
> being sent to sslh and then remove it after being processed by sslh?
That would make the obfs4 traffic detectable, which I guess
defeats the purpose.
More information about the sslh
mailing list