OpenVPN over DNS

DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

OpenVPN over DNS

Postby DanielR » Wed Jun 07, 2017 3:19 pm

Hi. Is it possible to establish a connection to my OpenVPN, via DNS protocol instead of HTTP protocol?

This is done by few apps, such as: your-freedom.

This app makes a connection via DNS protocol, using query type AAAA and port 53.

I would like to implement this method and make it work with OpenVPN, for all versions of your client, especially for Windows and Android.

Is this possible?

Thank you for your answers!

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2720
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN over DNS

Postby TinCanTech » Wed Jun 07, 2017 4:48 pm

Which version of openvpn do you use on your server ?

DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

Re: OpenVPN over DNS

Postby DanielR » Wed Jun 07, 2017 5:06 pm

Access Server version: 2.0.10

novaflash
OpenVPN Expert
Posts: 395
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN over DNS

Postby novaflash » Wed Jun 07, 2017 5:10 pm

The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.

So short answer: no.

Long answer: yes, with a lot of work, extra software, etc...

DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

Re: OpenVPN over DNS

Postby DanielR » Wed Jun 07, 2017 5:23 pm

novaflash wrote:The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.

So short answer: no.

Long answer: yes, with a lot of work, extra software, etc...


I perfectly understand. It seems that I will have to use extra software to achieve my goal.

You are very kind and I thank you for taking a few minutes of your time to read and respond to my restlessness!


Return to “Access Server”

Who is online

Users browsing this forum: No registered users and 2 guests