Hi. Is it possible to establish a connection to my OpenVPN, via DNS protocol instead of HTTP protocol?
This is done by few apps, such as: your-freedom.
This app makes a connection via DNS protocol, using query type AAAA and port 53.
I would like to implement this method and make it work with OpenVPN, for all versions of your client, especially for Windows and Android.
Is this possible?
Thank you for your answers!
OpenVPN over DNS
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: OpenVPN over DNS
Which version of openvpn do you use on your server ?
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jun 07, 2017 3:00 pm
Re: OpenVPN over DNS
Access Server version: 2.0.10
- novaflash
- OpenVPN Inc.
- Posts: 1073
- Joined: Fri Apr 13, 2012 8:43 pm
Re: OpenVPN over DNS
The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.
So short answer: no.
Long answer: yes, with a lot of work, extra software, etc...
So short answer: no.
Long answer: yes, with a lot of work, extra software, etc...
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.
-
- OpenVpn Newbie
- Posts: 3
- Joined: Wed Jun 07, 2017 3:00 pm
Re: OpenVPN over DNS
I perfectly understand. It seems that I will have to use extra software to achieve my goal.novaflash wrote:The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.
So short answer: no.
Long answer: yes, with a lot of work, extra software, etc...
You are very kind and I thank you for taking a few minutes of your time to read and respond to my restlessness!