Scramble options
Scramble options can be used to obfuscate the connection this can be useful to escape censoring.
Note: scramble options must be the same on client and server side!
In the Additional config add:
scramble "password"
DDWRT OpenVPN Client Setup guide by egc, last modified: 23-Aug-22 page 13
scramble is the leftmost option name. This can be followed by a string which will be used to perform a simple xor
operation the packet payload.
However if the following are used instead, a different action will occur.
scramble reverse
This simply reverses all the data in the packet. This is enough to get past the regular expression detection in both
China and Iran.
scramble xorptrpos
This performs a xor operation, utilising the current position in the packet payload.
scramble obfuscate "password"
This method is more secure. It utilises the 3 types of scrambling mentioned above. "password" is the string which
you want to use.
Question:
If i add scramble obfuscate "password" to the ovpn additional config section what is added to the client ovpn config to match?
Trying to let a friend use my server/wan out to access his emails while away on a ship but DPI is picking up he's using a vpn. Currently configured with UDP on a high port 48917 not 1194 etc
Also will the scramble obfuscate "password" work with both TCP & UDP?
Would i add scramble obfuscate "password" in both server side (additional config section) and client config & or do i change the "password" to my ovpn password and remove the ""?
i currently dont use user and pass i removed when i added tls key but i can add again pretty sure it #'ed out in config still.
Sorry penny hasn't dropped with this as i am unsure how it works.
Cheers for any input _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
Last edited by foz111 on Fri Sep 30, 2022 13:15; edited 1 time in total
I can't seem to get this to work with an android client
added: scramble obfuscate password into server additional config and rebooted router and added the same into client ovpn file (obviously not used the word password).
Tried openvpn connect & openvpn for android apps but get error, unrecognized option in stdin:128:scramble (2.6_master) so assume this will not work with official ovpn android app or am i doing something wrong?
it's my understanding from what i've read that this should work on any port and with TCP & UDP any idea's why this is not working?
I see this is an unofficial patch is this why it's not working in the android apps but if that's the case will it work with official windows app (cant test this myself)? _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
i thought that must be the case egc thanks for confirming this.
i see vpn client pro supports scrambled, this a paid Android app but i will let him know.
Cheers _________________ Netgear R7800 PPPoE Main Router
Network IPV4 - Isolated Vlan's with IoT Devices. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. OVPN Server With Paid Commercial Wireguard Client's. Gateway Mode, DNSMasq, Static Leases & DHCP, Pi-Hole DNS & Running Unbound.
No one can build you the bridge on which you, and only you, must cross the river of life!
For anybody searching for this:-
I've found a free project that has re-coded Android and windows clients with xor scramble patch.
Please check code as this is nothing to do with me!
Github:
https://github.com/lawtancool