OpenVPN over DNS

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

OpenVPN over DNS

Post by DanielR » Wed Jun 07, 2017 3:19 pm

Hi. Is it possible to establish a connection to my OpenVPN, via DNS protocol instead of HTTP protocol?

This is done by few apps, such as: your-freedom.

This app makes a connection via DNS protocol, using query type AAAA and port 53.

I would like to implement this method and make it work with OpenVPN, for all versions of your client, especially for Windows and Android.

Is this possible?

Thank you for your answers!

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN over DNS

Post by TinCanTech » Wed Jun 07, 2017 4:48 pm

Which version of openvpn do you use on your server ?

DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

Re: OpenVPN over DNS

Post by DanielR » Wed Jun 07, 2017 5:06 pm

Access Server version: 2.0.10

User avatar
novaflash
OpenVPN Inc.
Posts: 1073
Joined: Fri Apr 13, 2012 8:43 pm

Re: OpenVPN over DNS

Post by novaflash » Wed Jun 07, 2017 5:10 pm

The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.

So short answer: no.

Long answer: yes, with a lot of work, extra software, etc...
I'm still alive, just posting under the openvpn_inc alias now as part of a larger group.

DanielR
OpenVpn Newbie
Posts: 3
Joined: Wed Jun 07, 2017 3:00 pm

Re: OpenVPN over DNS

Post by DanielR » Wed Jun 07, 2017 5:23 pm

novaflash wrote:The OpenVPN Access Server definitely does not have an option to just enable such a thing. Sure you can switch to port TCP/UDP 53, but it won't be DNS traffic and it will easily be discovered as OpenVPN traffic. What you appear to be looking for is obfuscation. To do that you'll need to use some sort of proxy server that accepts traffic locally, any traffic, like OpenVPN traffic, and then obfuscates that, make it look like something else, and sends it on to another such proxy server on the other end, which then passes the traffic out again locally there again. It's possible, I've seen people do it. Definitely not standard procedure though and definitely not something that OpenVPN Technologies will support for the OpenVPN Access Server product.

So short answer: no.

Long answer: yes, with a lot of work, extra software, etc...
I perfectly understand. It seems that I will have to use extra software to achieve my goal.

You are very kind and I thank you for taking a few minutes of your time to read and respond to my restlessness!

Post Reply