Featured post

Build scrambled openvpn (2.4.4) linux deb packages for VPS using sbuild


# Build scrambled openvpn deb packages
# Based on https://github.com/mattock/sbuild_wrapper
# and https://wiki.debian.org/sbuild
# scramble xor patch
# https://github.com/Tunnelblick/Tunnelblick/tree/master/third_party/sources/openvpn
# https://github.com/clayface/openvpn_xorpatch

# Built on a digitalocean VPS
# 512 MB Memory / 20 GB Disk / - Ubuntu 14.04.5 x64
################################################################
# Quick install already patched openvpn deb package for Ubuntu 14.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/seihrxs5osd0wnx/openvpn_2.4.4-trusty0_amd64.deb
dpkg -i openvpn_2.4.4-trusty0_amd64.deb
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 14.04 32-bit Minimal

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/opdgst9jpuw5qyk/openvpn_2.4.4-trusty0_i386.deb
dpkg -i openvpn_2.4.4-trusty0_i386.deb
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/vv78fc6z24q9tsh/openvpn_2.4.4-jessie0_amd64.deb
dpkg -i openvpn_2.4.4-jessie0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/2ezudrsjhauh9ey/openvpn_2.4.4-jessie0_i386.deb
dpkg -i dpkg -i openvpn_2.4.4-jessie0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/peuvr57kamtl4u0/openvpn_2.4.4-xenial0_amd64.deb
dpkg -i openvpn_2.4.4-xenial0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/5fz1rqpmio6s23a/openvpn_2.4.4-xenial0_i386.deb
dpkg -i openvpn_2.4.4-xenial0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################

# This is how I did it from the start
# and so I can remember the next time

apt-get update && apt-get install gcc rng-tools make automake autoconf dh-autoreconf file patch perl dh-make debhelper devscripts gnupg lintian quilt libtool pkg-config libssl-dev liblzo2-dev libpam0g-dev libpkcs11-helper1-dev openssl-blacklist openvpn-blacklist openssl sbuild git dh-systemd systemd -y
apt-get dist-upgrade -y

# Open a second separate shell just for the following rngd command
apt-get install rng-tools
rngd -f -r /dev/urandom

# This time, we need to update the config version
git clone https://github.com/mattock/sbuild_wrapper.git
cd sbuild_wrapper

## edit /config/version.conf to update openvpn verion

nano ./config/version.conf
PROGRAM_VERSION="${PROGRAM_VERSION:-2.4.4}"

## get changelog from https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn24
cp ./packaging/changelog-2.4.2 ./packaging/changelog-2.4.4
nano ./packaging/changelog-2.4.4

openvpn (2.4.4-debian0) stable; urgency=high
* Make this changelog so it can build, not worried about details
* Fix socks_proxy_port pointing to invalid data
-- Samuli Seppänen Thu, 11 May 2017 10:00:00 +0000

# Install
scripts/setup.sh
sbuild-update --keygen
scripts/setup_chroots.sh
sbuild-adduser $LOGNAME
cp /usr/share/doc/sbuild/examples/example.sbuildrc $HOME/.sbuildrc
schroot -l|grep sbuild|grep source

# Config each chroot

sbuild-shell trusty-amd64
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell trusty-i386
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell xenial-amd64
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-dev -y
apt-get install dh-systemd systemd -y
exit

sbuild-shell xenial-i386
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-dev
exit

sbuild-shell jessie-amd64
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell jessie-i386
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell wheezy-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell wheezy-i386
apt-get build-dep openvpn -y
exit

sbuild-shell precise-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell precise-i386
apt-get build-dep openvpn -y
exit

scripts/update-all.sh

# Fetch the scramble Openvpn Patch

cd $HOME
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.4/patches/02-tunnelblick-openvpn_xorpatch-a.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.4/patches/03-tunnelblick-openvpn_xorpatch-b.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.4/patches/04-tunnelblick-openvpn_xorpatch-c.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.4/patches/05-tunnelblick-openvpn_xorpatch-d.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.4/patches/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/jessie/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/precise/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/trusty/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/wheezy/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/xenial/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

# Prepare
cd $HOME/sbuild_wrapper/
scripts/prepare-all.sh
ls build/*/

# Now lets build it
scripts/build-all.sh

# Check output
ls ./output/*

# Do a Checksum

./output/sha256sum *

d14e645951caa58e9d8e2dbe56eeabda4762ebc89ef770b679183d85fd89e233 openvpn_2.4.4-jessie0_amd64.deb
1bbc8f58ec36186fc7539a2ab80889592dc5b8aca1528e801df173989ad70a65 openvpn_2.4.4-jessie0_i386.deb
adc992fb443d67d02f97da0838984d9f7131553305f58b87756daf3ead16bf18 openvpn_2.4.4-precise0_amd64.deb
fcf2715bf7328aedee01cd94fc8d274914557d19310b4b95a8d9a4a3cd55bfc6 openvpn_2.4.4-precise0_i386.deb
7244ce6fe9142673eb834c27881ddfcbe9a72a13f0af419043d181529f9eacfc openvpn_2.4.4-trusty0_amd64.deb
9fcab0551ab39638239ad25d4809bb180b88228b0ed5224e94a93b1c7222df06 openvpn_2.4.4-trusty0_i386.deb
ad7c2699d074acbadccbb5ebce6090dbc5d1ac6e70c22eb322c3d91b094243d4 openvpn_2.4.4-wheezy0_amd64.deb
820cb604194812f88c63312b18478b9cb2be3b4ade702bad1ae8cfea49f1df1f openvpn_2.4.4-wheezy0_i386.deb
218d0d69da6eb6952f29ea602834cb31abc0a796c9ef435506fd3b4275693c4c openvpn_2.4.4-xenial0_amd64.deb
426d5d98258096e399aed8e9ec3382ce9992b7cea575b61bc6ef3c3cca234fe0 openvpn_2.4.4-xenial0_i386.deb

./output/sha256sum * > ./output/checksum.log

# Dropbox links 2.4.4
https://www.dropbox.com/s/rb7qc8byj7vx1ht/checksum_2.4.4.log?dl=0
https://www.dropbox.com/s/vv78fc6z24q9tsh/openvpn_2.4.4-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/2ezudrsjhauh9ey/openvpn_2.4.4-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/a362uhjqppy58ar/openvpn_2.4.4-precise0_amd64.deb?dl=0
https://www.dropbox.com/s/gr662xxtem3u7s2/openvpn_2.4.4-precise0_i386.deb?dl=0
https://www.dropbox.com/s/seihrxs5osd0wnx/openvpn_2.4.4-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/opdgst9jpuw5qyk/openvpn_2.4.4-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/fwgg53c0inqfaya/openvpn_2.4.4-wheezy0_amd64.deb?dl=0
https://www.dropbox.com/s/34ce6rkdei2xpg1/openvpn_2.4.4-wheezy0_i386.deb?dl=0
https://www.dropbox.com/s/peuvr57kamtl4u0/openvpn_2.4.4-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/5fz1rqpmio6s23a/openvpn_2.4.4-xenial0_i386.deb?dl=0

# Dropbox links 2.4.1
https://www.dropbox.com/s/8vmzoit47x278wr/openvpn_2.4.1-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/is9bvmnks5v410r/openvpn_2.4.1-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/63fefoexhgiqq3i/openvpn_2.4.1-precise0_amd64.deb?dl=0
https://www.dropbox.com/s/ur4ff0h6v0sc9mm/openvpn_2.4.1-precise0_i386.deb?dl=0
https://www.dropbox.com/s/qijxlwrb58jr8rr/openvpn_2.4.1-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/t0aq1d1brsc5ly4/openvpn_2.4.1-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/k6g9xn605kv49eo/openvpn_2.4.1-wheezy0_amd64.deb?dl=0
https://www.dropbox.com/s/y9p0sgjtgsymzxj/openvpn_2.4.1-wheezy0_i386.deb?dl=0
https://www.dropbox.com/s/aoysxwzzk31wvu6/openvpn_2.4.1-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/doe8mdkkev8jblr/openvpn_2.4.1-xenial0_i386.deb?dl=0

# Dropbox links 2.3.14 all tested working
https://www.dropbox.com/s/8yxsrm7eh4rwbyk/openvpn_2.3.14-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/6ly8ek2gdirkcmy/openvpn_2.3.14-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/tyij9ysouhqyze7/openvpn_2.3.14-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/uxwb3gzg68fxnwb/openvpn_2.3.14-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/axukayantse89cl/openvpn_2.3.14-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/68i5jp13nbypyz0/openvpn_2.3.14-xenial0_i386.deb?dl=0

# Dropbox links 2.3.12
https://www.dropbox.com/s/o3e4s4bq90gx71j/openvpn_2.3.12-scramble-ubuntu1204_amd64.deb?dl=0
https://www.dropbox.com/s/8isbarc9xegyj4n/openvpn_2.3.12-scramble-ubuntu1204_i386.deb?dl=0
https://www.dropbox.com/s/xzcsfx6j4jkzbr4/openvpn_2.3.12-scramble-ubuntu1404_amd64.deb?dl=0
https://www.dropbox.com/s/ewgw1uje5kmtndn/openvpn_2.3.12-scramble-ubuntu1404_i386.deb?dl=0


# You can check if your target platforms are already supported by your
# operating system's debootstrap scripts:
# Ubuntu 14.04 already has these bootstrap for trusty, so I didn't need to do anything.
# ls /usr/share/debootstrap/scripts
# if you don't have them, then you need to fetch
# wget http://ftp.us.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.75_all.deb
# dpkg -i debootstrap_1.0.75_all.deb


# If you get the following error
# Not enough random bytes available. Please do some other work to give
# the OS a chance to collect more entropy!
#
# Then from another shell install random number generator
#
# apt-get install rng-tools
# rngd -f -r /dev/urandom

Advertisements
Featured post

Shadowsocks on Cent OS or Debian VPS


# lazy quick install

wget https://raw.githubusercontent.com/teddysun/shadowsocks_install/master/shadowsocks.sh --no-check-certificate && chmod +x shadowsocks.sh && ./shadowsocks.sh

# Check
cat /etc/shadowsocks.json

# Edit
nano /etc/shadowsocks.json

# Get Client from
http://shadowsocks.org/en/download/clients.html

# Comments
If VPS is NAT, it will not have correct server IP address.

 

Featured post

Install scrambled Openvpn server (from source code) on a openVZ box running Debian or Ubuntu


# Tested working on Ubuntu 14.04 32Bit - Minimal i386, on OpenVZ
#
# This time we install from source code and compile
#
# Summary of Files that we will use
###############################################
# Script to start openvpn [ /etc/init.d/openvpn ]
# https://www.dropbox.com/s/nz4dyons6tlsbr4/etcinitdopenvpn.sh
#
# Script to merge Client keys and certs
# https://www.dropbox.com/s/pdl8jyr0gzys3d6/merge.sh
#
# Script to merge Server keys and certs
# https://www.dropbox.com/s/9wc3we8ezfucj1j/merge_server.sh
#
# openvpn source code
# http://swupdate.openvpn.org/community/releases/openvpn-2.3.8.zip
###############################################

# We need to add a few components to be able to compile
# And please check your openssl version has heartbleed fix
apt-get update
apt-get install --only-upgrade openssl -y
apt-get install gcc make automake autoconf dh-autoreconf file patch perl dh-make debhelper devscripts gnupg lintian quilt libtool pkg-config libssl-dev liblzo2-dev libpam0g-dev libpkcs11-helper1-dev git -y

# fetch source code & apply patch
cd $HOME/
wget http://swupdate.openvpn.org/community/releases/openvpn-2.3.8.zip
unzip openvpn-2.3.8.zip
wget https://github.com/clayface/openvpn_xorpatch/archive/master.zip
unzip master.zip
cp openvpn_xorpatch-master/openvpn_xor.patch openvpn-2.3.8/
cd openvpn-2.3.8/
git apply --check openvpn_xor.patch
git apply openvpn_xor.patch

# This is the bit where we make and install the new openvpn server
mkdir /etc/openvpn/
cd $HOME/openvpn-2.3.8/
./configure --prefix=/usr
make
make install
wget --no-check-cert https://www.dropbox.com/s/nz4dyons6tlsbr4/etcinitdopenvpn.sh -O /etc/init.d/openvpn
chmod +x /etc/init.d/openvpn
update-rc.d openvpn defaults

# For test purposes only here are a pair of client/server scripts
# https://www.dropbox.com/s/u06t53fb7qwov47/client1.ovpn?dl=0
# https://www.dropbox.com/s/cxt7ajdxczifsqm/server.conf?dl=0
# Now we create keys and certs using the new easyrsa3
# You need to make a new passphrase during this process

mkdir $HOME/clientside
mkdir $HOME/serverside
cd $HOME/serverside
wget https://github.com/OpenVPN/easy-rsa/archive/master.zip
unzip master.zip
cd easy-rsa-master/easyrsa3
openvpn --genkey --secret ta.key
./easyrsa init-pki
./easyrsa --batch build-ca nopass
./easyrsa --batch build-server-full server nopass
./easyrsa --batch build-client-full client1 nopass
./easyrsa gen-dh

cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/ca.crt $HOME/serverside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/issued/server.crt $HOME/serverside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/dh.pem $HOME/serverside/dh2048.pem
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/private/server.key $HOME/serverside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/ta.key $HOME/serverside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/issued/client1.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/ta.key $HOME/clientside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/ca.crt $HOME/clientside/
cp $HOME/serverside/easy-rsa-master/easyrsa3/pki/private/client1.key $HOME/clientside/

# Client Script
nano $HOME/clientside/client1.ovpn

client
dev tun
scramble obfuscate test
proto udp
remote change_this_to_server_address 34557
resolv-retry infinite
nobind
sndbuf 0
rcvbuf 0
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
tls-auth ta.key 1
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
fast-io
script-security 2

# Now merge certs and keys into client script, so we only have one file to handle
cd $HOME/clientside/
wget https://www.dropbox.com/s/pdl8jyr0gzys3d6/merge.sh -O merge.sh
chmod +x merge.sh
$HOME/clientside/merge.sh

# Now transfer client script client1.ovpn
# in $HOME/clientside/ to your client PC
# Due to permissions, I had to transfer it to C:\
# Then in windows, copy the file
# to C:\Program Files (x86)\OpenVPN\config

# Below is OpenVPN server configuration
nano $HOME/serverside/server.conf

port 34557
proto udp
dev tun
scramble obfuscate test
ca ca.crt
cert server.crt
key server.key
tls-auth ta.key 0
dh dh2048.pem
sndbuf 0
rcvbuf 0
server 10.8.0.0 255.255.255.0
cipher AES-256-CBC
comp-lzo
persist-key
persist-tun
user nobody
group nogroup
status openvpn-status.log
verb 3
push "redirect-gateway def1"
push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"
keepalive 5 30

# Now merge certs and keys into server script, so we only have one file to handle
cd $HOME/serverside/
wget --no-check-cert https://www.dropbox.com/s/9wc3we8ezfucj1j/merge_server.sh -O merge_server.sh
chmod +x merge_server.sh
./merge_server.sh

# Now copy the merged server script to /etc/openvpn/
cp $HOME/serverside/server.conf /etc/openvpn/

# uncomment to allow data redirect
nano /etc/sysctl.conf

net.ipv4.ip_forward=1

# Make file for firewall setting
nano /usr/local/bin/firewall.sh

#!/bin/bash
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE

# Make firewall script executable, run it and check
chmod +x /usr/local/bin/firewall.sh
/usr/local/bin/firewall.sh
iptables --list

# add new text line into file /etc/rc.local
# before ‘exit 0' to ensure the firewall rules are run at reboot or power up.
nano /etc/rc.local

/usr/local/bin/firewall.sh

# Alternative Firewall setting
# iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source IP_ADDRESS_VPS
# iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source IP_ADDRESS_VPS

# Start everything
sysctl -w net.ipv4.ip_forward=1
/etc/init.d/openvpn restart

# Check server is running
/etc/init.d/openvpn status

# TIP: You can save the pair of scripts elsewhere for reuse later
# $HOME/clientside/client1.ovpn
# $HOME/serverside/server.conf

# TIP:restart server after changes to server script
/etc/init.d/openvpn restart
# TIP: after reinstall system turn TUN/TAP off, and on again
# TIP: otherwise I could not start server.

 

Build scrambled openvpn (2.4.1) linux deb packages for VPS using sbuild


# Build scrambled openvpn deb packages
# Based on https://github.com/mattock/sbuild_wrapper
# and https://wiki.debian.org/sbuild
# scramble xor patch
# https://github.com/Tunnelblick/Tunnelblick/tree/master/third_party/sources/openvpn
# https://github.com/clayface/openvpn_xorpatch

# Built on a digitalocean VPS
# 512 MB Memory / 20 GB Disk / - Ubuntu 14.04.5 x64
################################################################
# Quick install already patched openvpn deb package for Ubuntu 14.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/qijxlwrb58jr8rr/openvpn_2.4.1-trusty0_amd64.deb
dpkg -i openvpn_2.4.1-trusty0_amd64.deb
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 14.04 32-bit Minimal

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/t0aq1d1brsc5ly4/openvpn_2.4.1-trusty0_i386.deb
dpkg -i openvpn_2.4.1-trusty0_i386.deb
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/8vmzoit47x278wr/openvpn_2.4.1-jessie0_amd64.deb
dpkg -i openvpn_2.4.1-jessie0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/is9bvmnks5v410r/openvpn_2.4.1-jessie0_i386.deb
dpkg -i dpkg -i openvpn_2.4.1-jessie0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/aoysxwzzk31wvu6/openvpn_2.4.1-xenial0_amd64.deb
dpkg -i openvpn_2.4.1-xenial0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/doe8mdkkev8jblr/openvpn_2.4.1-xenial0_i386.deb
dpkg -i openvpn_2.4.1-xenial0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################

# This is how I did it from the start
# and so I can remember the next time

apt-get update && apt-get install gcc rng-tools make automake autoconf dh-autoreconf file patch perl dh-make debhelper devscripts gnupg lintian quilt libtool pkg-config libssl-dev liblzo2-dev libpam0g-dev libpkcs11-helper1-dev openssl-blacklist openvpn-blacklist openssl sbuild git dh-systemd systemd -y
apt-get dist-upgrade -y

# Open a second separate shell just for the following rngd command
apt-get install rng-tools
rngd -f -r /dev/urandom

# Install
git clone https://github.com/mattock/sbuild_wrapper.git
cd sbuild_wrapper
scripts/setup.sh
sbuild-update --keygen
scripts/setup_chroots.sh
sbuild-adduser $LOGNAME
cp /usr/share/doc/sbuild/examples/example.sbuildrc $HOME/.sbuildrc
schroot -l|grep sbuild|grep source

# Config each chroot

sbuild-shell trusty-amd64
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell trusty-i386
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell xenial-amd64
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-dev -y
apt-get install dh-systemd systemd -y
exit

sbuild-shell xenial-i386
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-dev
exit

sbuild-shell jessie-amd64
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell jessie-i386
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell wheezy-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell wheezy-i386
apt-get build-dep openvpn -y
exit

sbuild-shell precise-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell precise-i386
apt-get build-dep openvpn -y
exit

scripts/update-all.sh

# Fetch the scramble Openvpn Patch

cd $HOME
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.1/patches/02-tunnelblick-openvpn_xorpatch-a.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.1/patches/03-tunnelblick-openvpn_xorpatch-b.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.1/patches/04-tunnelblick-openvpn_xorpatch-c.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.1/patches/05-tunnelblick-openvpn_xorpatch-d.diff
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.4.1/patches/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/jessie/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/precise/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/trusty/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/wheezy/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

cd $HOME/sbuild_wrapper/packaging/xenial/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch-a.diff
QUILT_PATCHES=debian/patches quilt import $HOME/03-tunnelblick-openvpn_xorpatch-b.diff
QUILT_PATCHES=debian/patches quilt import $HOME/04-tunnelblick-openvpn_xorpatch-c.diff
QUILT_PATCHES=debian/patches quilt import $HOME/05-tunnelblick-openvpn_xorpatch-d.diff
QUILT_PATCHES=debian/patches quilt import $HOME/06-tunnelblick-openvpn_xorpatch-e.diff

# Prepare
cd $HOME/sbuild_wrapper/
scripts/prepare-all.sh
ls build/*/

# Now lets build it
scripts/build-all.sh

# Check output
ls ./output/*

# Dropbox links 2.4.1
https://www.dropbox.com/s/8vmzoit47x278wr/openvpn_2.4.1-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/is9bvmnks5v410r/openvpn_2.4.1-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/63fefoexhgiqq3i/openvpn_2.4.1-precise0_amd64.deb?dl=0
https://www.dropbox.com/s/ur4ff0h6v0sc9mm/openvpn_2.4.1-precise0_i386.deb?dl=0
https://www.dropbox.com/s/qijxlwrb58jr8rr/openvpn_2.4.1-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/t0aq1d1brsc5ly4/openvpn_2.4.1-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/k6g9xn605kv49eo/openvpn_2.4.1-wheezy0_amd64.deb?dl=0
https://www.dropbox.com/s/y9p0sgjtgsymzxj/openvpn_2.4.1-wheezy0_i386.deb?dl=0
https://www.dropbox.com/s/aoysxwzzk31wvu6/openvpn_2.4.1-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/doe8mdkkev8jblr/openvpn_2.4.1-xenial0_i386.deb?dl=0

# Dropbox links 2.3.14 all tested working
https://www.dropbox.com/s/8yxsrm7eh4rwbyk/openvpn_2.3.14-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/6ly8ek2gdirkcmy/openvpn_2.3.14-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/tyij9ysouhqyze7/openvpn_2.3.14-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/uxwb3gzg68fxnwb/openvpn_2.3.14-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/axukayantse89cl/openvpn_2.3.14-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/68i5jp13nbypyz0/openvpn_2.3.14-xenial0_i386.deb?dl=0

# Dropbox links 2.3.12
https://www.dropbox.com/s/o3e4s4bq90gx71j/openvpn_2.3.12-scramble-ubuntu1204_amd64.deb?dl=0
https://www.dropbox.com/s/8isbarc9xegyj4n/openvpn_2.3.12-scramble-ubuntu1204_i386.deb?dl=0
https://www.dropbox.com/s/xzcsfx6j4jkzbr4/openvpn_2.3.12-scramble-ubuntu1404_amd64.deb?dl=0
https://www.dropbox.com/s/ewgw1uje5kmtndn/openvpn_2.3.12-scramble-ubuntu1404_i386.deb?dl=0


# You can check if your target platforms are already supported by your
# operating system's debootstrap scripts:
# Ubuntu 14.04 already has these bootstrap for trusty, so I didn't need to do anything.
# ls /usr/share/debootstrap/scripts
# if you don't have them, then you need to fetch
# wget http://ftp.us.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.75_all.deb
# dpkg -i debootstrap_1.0.75_all.deb


# If you get the following error
# Not enough random bytes available. Please do some other work to give
# the OS a chance to collect more entropy!
#
# Then from another shell install random number generator
#
# apt-get install rng-tools
# rngd -f -r /dev/urandom

Openvpn and firewall data


# In this post we look at 3 different ways of setting
# up firewall data.
#
# OPTION 1
# Uncomplicated Firewall (ufw) is a front-end for iptables
# If you load your own iptables data on top of ufw
# it gets very complicated
#
# if openvpn is using port 1194 protocol UDP, Then UFW data is

apt-get install ufw
ufw status
ufw allow 1194 /udp
ufw allow ssh

# edit /etc/default/ufw
# Look for DEFAULT_FORWARD_POLICY="DROP". This must be changed from
# DROP to ACCEPT. It should look like this when done:

nano /etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"


#
# Check the interface name with ifconfig
# if openvz vps its usually venet0
# if kvm its usually eth0
#

nano /etc/ufw/before.rules

# START OPENVPN RULES
# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Allow traffic from OpenVPN client to venet0
-A POSTROUTING -s 10.8.0.0/8 -o venet0 -j MASQUERADE
COMMIT
# END OPENVPN RULES



# last thing, enable ufw, otherwise openvpn will not work
# you can connect, but internet traffic is not routed.

# ufw data Credit:
https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-14-04

# OPTION 2

# warning, if ufw is enabled and you pick this option,
# you cannot contact the server again

# Make file for firewall setting
nano /usr/local/bin/firewall.sh

#!/bin/bash
iptables -t filter -F
iptables -t nat -F
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s "10.8.0.0/24" -j ACCEPT
iptables -A FORWARD -j REJECT
iptables -t nat -A POSTROUTING -s "10.8.0.0/24" -j MASQUERADE

# Make firewall script executable, run it and check
chmod +x /usr/local/bin/firewall.sh
/usr/local/bin/firewall.sh
iptables --list

# add new text line into file /etc/rc.local
# before ‘exit 0' to ensure the firewall rules are run at reboot or power up.
nano /etc/rc.local

/usr/local/bin/firewall.sh

# OPTION 3 (not complete)


#  Firewall setting (you need to know if its venet0 or eth0, and IP server address)
iptables -t nat -A POSTROUTING -o venet0 -j SNAT --to-source IP_ADDRESS_VPS
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source IP_ADDRESS_VPS


# Then you need to save iptables.
# see https://askubuntu.com/questions/119393/how-to-save-rules-of-the-iptables

kcptun + shadowsocks

kcptun

#
#
# Ok, Lets start on the server side.
# KCPTUN Download from
# https://github.com/xtaci/kcptun/releases/
#
#
# For ubuntu 14.04 64bit
# example

wget https://github.com/xtaci/kcptun/releases/download/v20170322/kcptun-linux-amd64-20170322.tar.gz

gunzip kcptun-linux-amd64-20170322.tar.gz
tar -xvf kcptun-linux-amd64-20170322.tar


# client_linux_amd64
# server_linux_amd64
#
# Now Make config file for server

nano server.json

{
"listen": "server IP:port",
"target": "127.0.0.1:8989",
"key": "this is a secret text string",
"crypt": "salsa20",
"mode": "fast2",
"nocomp": false
}


# Server Side

./server_linux_amd64 -c server.json


# and another example suitable for auto start in /etc/rc.local

/usr/bin/nohup /root/kcptun/server_linux_386 -c /root/kcptun/server.json >> /dev/null &


###############################################################
###############################################################
# If client is linux
###############################################################
###############################################################


# KCPTUN Download from
# https://github.com/xtaci/kcptun/releases/


# Now Make config file for client

nano client.json

{
"localaddr": ":12948",
"remoteaddr": "server IP:port",
"key": "this is a secret text string",
"crypt": "salsa20",
"mode": "fast2",
"nocomp": false,
"conn": 1
}


# Client Side

./client_linux_amd64 -c client.json


###############################################################
###############################################################
# If client is android
###############################################################
###############################################################
# in google play store, search for shadowsocksr
# install the one from Max Lv
# install kcptun from Max Lv
#
# https://play.google.com/store/apps/details?id=com.github.shadowsocks&hl=en
# https://play.google.com/store/apps/details?id=com.github.shadowsocks.plugin.kcptun&hl=en
#
# Config for kcptun, command line parameters
# Add the following

key=this is a secret text string;mode=fast2;crypt=salsa20

# and change destination port to the kcptun port


android 6.0

Got error "Unknown plugin kcptun", checking notifications showed shadowsocks needed the permission to run secondary app kcptun. Once allowed, working again.

Reproduce.
uninstall and install kcptun. First time shadowsocks+kcptun connection works,
second time, gives error
"Unknown plugin kcptun"

Check Notifications shows
"Stopped Shadowsocks from launching secondary app kcptun"
when you click kcptun, its asks permission for kcptun to be launched by shadowsocks.
Click allow, and all working again.


android 8.0

Got error "Unknown plugin kcptun", no notifications
fix

goto
Settings/Battery/Launch

press kcptun (or simple-obfs), un-select automatic management.
Then within Manage Manually, select

Secondary launch
Can be launched by other apps


###############################################################
###############################################################
# If client is windows 7, 64-bit (using GUI, new way)
# Get Shadowsocks for Windows Version 4.0.10
# https://github.com/shadowsocks/shadowsocks-windows/releases
#
# Get kcptun (client_windows_amd64.exe) from
# https://github.com/shadowsocks/kcptun/releases
#
# example using SIP003 Plugin Options
# Plugin Program C:\client_windows_amd64.exe
# Plugin Options mode=fast2;key=Herekeyok;crypt=salsa20
#
# example using non-SIP003 Plugin Arguments
# Plugin Program C:\client_windows_amd64.exe
# Plugin Arguments --mode fast2 --key Herekeyok --crypt salsa20
#
# example using non-SIP003 Plugin Arguments
# Plugin Program C:\client_windows_amd64.exe
# Plugin Arguments -c C:\kcptun\kcptun_config.json
#
# where C:\kcptun\kcptun_config.json
# {
# "key": "Herekeyok",
# "crypt": "salsa20",
# "mode": "fast2"
# }
#
gui2
###############################################################
###############################################################
# The latest shadowsocks GUI supports plugins
# But the plugin needs to support SIP003,
# the standard kcptun does not support it yet.
#
# Get kcptun (client_windows_amd64.exe) from
https://github.com/shadowsocks/kcptun/releases
# e.g. https://github.com/shadowsocks/kcptun/releases/download/v20170718/kcptun-windows-amd64-20170718.tar.gz
#
# Does not work with standard kcptun (SIP003 not coded yet)
https://github.com/xtaci/kcptun/releases
#
# Config for kcptun, Shadowsocks GUI line parameters

Plugin Program C:\client_windows_amd64.exe
Plugin Options mode=fast2;key=this is a secret text string;crypt=salsa20

#
# also need to make a new instance of shadowsocks to connect to
# 185.123.456.789:12345
# where port 12345 is the kcptun listening port on the server
# (not the ss listening port on the server you normally connect to)

#
#
###############################################################
###############################################################
# If client is windows 7, 64-bit (CMD line way)
###############################################################
###############################################################
# Older way of doing it, running kcptun from CMD line
# still works.
# If client is windows 7, 64-bit
# Download latest from https://github.com/xtaci/kcptun/releases
# e.g.

https://github.com/xtaci/kcptun/releases/download/v20170322/kcptun-windows-amd64-20170322.tar.gz

# open directory, e.g. firefox downloads
# unzip gives
# client_windows_amd64.exe
# server_windows_amd64.exe
#
# e.g.
# G:\Firefox\Downloads\kcptun-windows-amd64-20170322\client_windows_amd64.exe
#
# copy client.json to same folder


# Use CMD or windows powershell, enter the following command
# from the directory where client_windows_amd64.exe is

> .\client_windows_amd64.exe -c client.json


# Or you can create a shortcut as follows.
#
# on desktop, right-click, click create new shortcut
# type the location of the item

cmd

# type the name of shortcut
kcptun_shortcut

# right click new shortcut and select properties
# change target to

C:\Windows\System32\cmd.exe /k G:\Firefox\Downloads\kcptun-windows-amd64-20170322\client_windows_amd64.exe -c G:\Firefox\Downloads\kcptun-windows-amd64-20170322\client.json

# in shadowsocks windows client, create new server
# same shadowsocks psw and protocol as before
# but change destination to

localhost
12948
#
###############################################################
###############################################################
# simple obfs
###############################################################
###############################################################
# For obfs linux server
# install
# https://github.com/shadowsocks/simple-obfs
# Debian / Ubuntu

apt-get install --no-install-recommends build-essential git autoconf libtool libssl-dev libpcre3-dev libev-dev asciidoc xmlto automake -y
git clone https://github.com/shadowsocks/simple-obfs.git
cd simple-obfs/
git submodule update --init --recursive
./autogen.sh
./configure && make
make install


# put in /etc/rc.local

/usr/bin/nohup /usr/local/bin/obfs-server -s 10.10.10.10 -p 18 --obfs http -r 127.0.0.1:18888 >> /root/nohup.out &

# where 10.10.10.10 -p 18 is IP and Port listening obfs
# where 127.0.0.1:18888 is local IP and Port of shadowsocks listening
#
#
# For obfs windows client
# Get obfs-local.exe from
#

https://github.com/shadowsocks/simple-obfs/releases

Plugin C:\obfs-local.exe
Plugin Options obfs=http;obfs-host=www.bing.com


# plugin data
# server setting

http


# Feature Setting

http://www.bing.com


# Again, need to make a new instance of shadowsocks to connect to the listening
# port of obfs-server, on the server.
# (not the ss listening port on the server you normally connect to)

###########################################

#
# basic

server.json
{
"listen": "server IP:port",
"target": "127.0.0.1:8989",
"key": "password",
"crypt": "aes",
"mode": "fast2",
"nocomp": true
}

client.json
{
"localaddr": ":12948",
"remoteaddr": "server IP:port",
"key": "password",
"crypt": "aes",
"mode": "fast2",
"nocomp": true
}

# cli
remoteaddr=server IP:port;key=password;mode=fast2;crypt=aes

# optimized for 50 Mbps,
# based upon https://wuwenhan.top/web/deploying-kcptun-to-make-shadowsocks-great-again/

server.json
{
"listen": "0.0.0.0:server_port",
"target": "127.0.0.1:ss-server_port",
"key": "password",
"crypt": "salsa20",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 1024,
"rcvwnd": 1024,
"datashard": 70,
"parityshard": 30,
"dscp": 46,
"nocomp": false,
"acknodelay": false,
"nodelay": 0,
"interval": 40,
"resend": 0,
"nc": 0,
"sockbuf": 4194304,
"keepalive": 10
}

client.json
{
"localaddr": ":client_port",
"remoteaddr": "your_server_ip:server_port",
"key": "password",
"crypt": "salsa20",
"mode": "fast2",
"mtu": 1400,
"sndwnd": 1024,
"rcvwnd": 1024,
"datashard": 70,
"parityshard": 30,
"dscp": 46,
"nocomp": false,
"acknodelay": false,
"nodelay": 0,
"interval": 40,
"resend": 0,
"nc": 0,
"sockbuf": 4194304,
"keepalive": 10
}

# cli setting for android clients

--key password --crypt salsa20 --mode fast2 --mtu 1400 --sndwnd 1024 --rcvwnd 1024 --datashard 70 --parityshard 30 --dscp 46

dscp=46;parityshard=30;key=password;mode=fast2;interval=40;nocomp=false;remoteaddr=your_server_ip:server_port;mtu=1400;rcvwnd=1024;datashard=70;sndwnd=1024;crypt=salsa20

#
# TIPs
# when using a NAT VPS as server, use the internal IP address
#
#
########################################################################

Build scrambled openvpn (2.3.14) linux deb packages for VPS using sbuild


# Build scrambled openvpn deb packages
# Based on https://github.com/mattock/sbuild_wrapper
# and https://wiki.debian.org/sbuild

# Built on a digitalocean VPS
# 512 MB Memory / 20 GB Disk / - Ubuntu 14.04.5 x64
################################################################
# Quick install already patched openvpn deb package for Ubuntu 14.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/tyij9ysouhqyze7/openvpn_2.3.14-trusty0_amd64.deb
dpkg -i openvpn_2.3.14-trusty0_amd64.deb
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 14.04 32-bit Minimal

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/uxwb3gzg68fxnwb/openvpn_2.3.14-trusty0_i386.deb
dpkg -i openvpn_2.3.14-trusty0_i386.deb
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/8yxsrm7eh4rwbyk/openvpn_2.3.14-jessie0_amd64.deb
dpkg -i openvpn_2.3.14-jessie0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #
##########################################################################
# Quick install patched openvpn deb package for Debian 8.7 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/6ly8ek2gdirkcmy/openvpn_2.3.14-jessie0_i386.deb
dpkg -i dpkg -i openvpn_2.3.14-jessie0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #

##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 64-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/axukayantse89cl/openvpn_2.3.14-xenial0_amd64.deb
dpkg -i openvpn_2.3.14-xenial0_amd64.deb
systemctl start openvpn@server.service # error code until server.conf exists #

##########################################################################
# Quick install patched openvpn deb package for Ubuntu 16.04 32-bit

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/68i5jp13nbypyz0/openvpn_2.3.14-xenial0_i386.deb
dpkg -i openvpn_2.3.14-xenial0_i386.deb
systemctl start openvpn@server.service # error code until server.conf exists #

##########################################################################
# Ubuntu 12.04 64bit amd64 (ok)

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/o3e4s4bq90gx71j/openvpn_2.3.12-scramble-ubuntu1204_amd64.deb
dpkg -i openvpn_2.3.12-scramble-ubuntu1204_amd64.deb
##########################################################################
# Ubuntu 12.04 32bit i386 ok

apt-get update && apt-get build-dep openvpn -y
wget --no-check-cert https://www.dropbox.com/s/8isbarc9xegyj4n/openvpn_2.3.12-scramble-ubuntu1204_i386.deb
dpkg -i openvpn_2.3.12-scramble-ubuntu1204_i386.deb
##########################################################################

# This is how we build from start

apt-get update && apt-get install gcc rng-tools make automake autoconf dh-autoreconf file patch perl dh-make debhelper devscripts gnupg lintian quilt libtool pkg-config libssl-dev liblzo2-dev libpam0g-dev libpkcs11-helper1-dev openssl-blacklist openvpn-blacklist openssl sbuild git dh-systemd systemd -y
apt-get dist-upgrade -y

# Open a second separate shell just for the following rngd command
apt-get install rng-tools
rngd -f -r /dev/urandom

# Install
git clone https://github.com/mattock/sbuild_wrapper.git
cd sbuild_wrapper
scripts/setup.sh
sbuild-update --keygen
scripts/setup_chroots.sh
sbuild-adduser $LOGNAME
cp /usr/share/doc/sbuild/examples/example.sbuildrc $HOME/.sbuildrc
schroot -l|grep sbuild|grep source

# Config each chroot

sbuild-shell trusty-amd64
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell trusty-i386
apt-get update
apt-get build-dep openvpn -y
exit

sbuild-shell xenial-amd64
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-daemon-dev
apt-get install dh-systemd systemd -y
exit

sbuild-shell xenial-i386
echo "deb http://fi.archive.ubuntu.com/ubuntu xenial main universe" > /etc/apt/sources.list
echo "deb-src http://fi.archive.ubuntu.com/ubuntu xenial main universe" >> /etc/apt/sources.list
apt-get update
apt-get install libsystemd-dev
exit

sbuild-shell jessie-amd64
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell jessie-i386
apt-get install libsystemd-daemon-dev -y
exit

sbuild-shell wheezy-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell wheezy-i386
apt-get build-dep openvpn -y
exit

sbuild-shell precise-amd64
apt-get build-dep openvpn -y
exit

sbuild-shell precise-i386
apt-get build-dep openvpn -y
exit

scripts/update-all.sh

# Fetch the scramble Openvpn Patch
cd $HOME

wget https://github.com/clayface/openvpn_xorpatch/archive/master.zip
unzip master.zip
cp ./openvpn_xorpatch-master/openvpn_xor.patch ./
rm -rf master.zip openvpn_xorpatch-master/

# Import scramble Openvpn Patch
cd $HOME/sbuild_wrapper/packaging/jessie/
QUILT_PATCHES=debian/patches quilt import $HOME/openvpn_xor.patch
cd $HOME/sbuild_wrapper/packaging/precise/
QUILT_PATCHES=debian/patches quilt import $HOME/openvpn_xor.patch
cd $HOME/sbuild_wrapper/packaging/trusty/
QUILT_PATCHES=debian/patches quilt import $HOME/openvpn_xor.patch
cd $HOME/sbuild_wrapper/packaging/wheezy/
QUILT_PATCHES=debian/patches quilt import $HOME/openvpn_xor.patch
cd $HOME/sbuild_wrapper/packaging/xenial/
QUILT_PATCHES=debian/patches quilt import $HOME/openvpn_xor.patch

# Prepare
cd $HOME/sbuild_wrapper/
scripts/prepare-all.sh
ls build/*/

# Now lets build it
scripts/build-all.sh

# Check output
ls ./output/*

# Dropbox links 2.3.14 all tested working
https://www.dropbox.com/s/8yxsrm7eh4rwbyk/openvpn_2.3.14-jessie0_amd64.deb?dl=0
https://www.dropbox.com/s/6ly8ek2gdirkcmy/openvpn_2.3.14-jessie0_i386.deb?dl=0
https://www.dropbox.com/s/tyij9ysouhqyze7/openvpn_2.3.14-trusty0_amd64.deb?dl=0
https://www.dropbox.com/s/uxwb3gzg68fxnwb/openvpn_2.3.14-trusty0_i386.deb?dl=0
https://www.dropbox.com/s/axukayantse89cl/openvpn_2.3.14-xenial0_amd64.deb?dl=0
https://www.dropbox.com/s/68i5jp13nbypyz0/openvpn_2.3.14-xenial0_i386.deb?dl=0

# Dropbox links 2.3.12
https://www.dropbox.com/s/o3e4s4bq90gx71j/openvpn_2.3.12-scramble-ubuntu1204_amd64.deb?dl=0
https://www.dropbox.com/s/8isbarc9xegyj4n/openvpn_2.3.12-scramble-ubuntu1204_i386.deb?dl=0
https://www.dropbox.com/s/xzcsfx6j4jkzbr4/openvpn_2.3.12-scramble-ubuntu1404_amd64.deb?dl=0
https://www.dropbox.com/s/ewgw1uje5kmtndn/openvpn_2.3.12-scramble-ubuntu1404_i386.deb?dl=0


# You can check if your target platforms are already supported by your
# operating system's debootstrap scripts:
# Ubuntu 14.04 already has these bootstrap for trusty, so I didn't need to do anything.
# ls /usr/share/debootstrap/scripts
# if you don't have them, then you need to fetch
# wget http://ftp.us.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.75_all.deb
# dpkg -i debootstrap_1.0.75_all.deb


# If you get the following error
# Not enough random bytes available. Please do some other work to give
# the OS a chance to collect more entropy!
#
# Then from another shell install random number generator
#
# apt-get install rng-tools
# rngd -f -r /dev/urandom

Build scrambled openvpn (2.3.10) linux deb packages for VPS using sbuild


# Build scrambled openvpn deb packages
# Based on https://github.com/mattock/sbuild_wrapper
# and https://wiki.debian.org/sbuild

# Built on a digitalocean VPS
# 512MB Ram 20GB SSD Disk San Francisco Ubuntu 14.04.3 x64
################################################################
# Quick install already patched openvpn deb package for Ubuntu 14.04 64-bit

apt-get update
apt-get install --only-upgrade openssl libssl1.0.0 -y
apt-get install liblzo2-dev libpkcs11-helper1-dev openvpn-blacklist openssl-blacklist -y
wget --no-check-cert https://www.dropbox.com/s/v8xqvml0xyao7yq/openvpn_2.3.10-scramble-ubuntu1404_amd64.deb
dpkg -i openvpn_2.3.10-scramble-ubuntu1404_amd64.deb
##########################################################################
# Quick install patched openvpn deb package for Ubuntu 14.04 32-bit Minimal

apt-get update
apt-get install --only-upgrade openssl libssl1.0.0 -y
apt-get install liblzo2-dev libpkcs11-helper1-dev openvpn-blacklist openssl-blacklist -y
wget --no-check-cert https://www.dropbox.com/s/enk9dssswvsrizo/openvpn_2.3.10-scramble-ubuntu1404_i386.deb
dpkg -i openvpn_2.3.10-scramble-ubuntu1404_i386.deb
##########################################################################
# Ubuntu 12.04 64bit amd64 (ok)
# Debian 7 Wheezy 64bit amd64 (not ok libc6 dependency)

apt-get update && apt-get install liblzo2-dev libpkcs11-helper1-dev openvpn-blacklist openssl-blacklist -y
wget --no-check-cert https://www.dropbox.com/s/hcgp0rag043ogxu/openvpn_2.3.10-scramble-ubuntu1204_amd64.deb
dpkg -i openvpn_2.3.10-scramble-ubuntu1204_amd64.deb
##########################################################################
# Ubuntu 12.04 32bit i386 ok
# Debian 7 Wheezy 32bit i386 (not ok libc6 dependency)

apt-get update && apt-get install liblzo2-dev libpkcs11-helper1-dev openvpn-blacklist openssl-blacklist -y
wget --no-check-cert https://www.dropbox.com/s/iif9k10g97xm22h/openvpn_2.3.10-scramble-ubuntu1204_i386.deb
dpkg -i openvpn_2.3.10-scramble-ubuntu1204_i386.deb
##########################################################################

# This is how we build from start

apt-get update && apt-get install gcc rng-tools make automake autoconf dh-autoreconf file patch perl dh-make debhelper devscripts gnupg lintian quilt libtool pkg-config libssl-dev liblzo2-dev libpam0g-dev libpkcs11-helper1-dev openssl-blacklist openvpn-blacklist openssl sbuild git -y

# Open a second separate shell just for the following rngd command
apt-get install rng-tools
rngd -f -r /dev/urandom

# Install
git clone https://github.com/mattock/sbuild_wrapper.git
cd sbuild_wrapper
scripts/setup.sh
sbuild-update --keygen
scripts/setup_chroots.sh
sbuild-adduser $LOGNAME
cp /usr/share/doc/sbuild/examples/example.sbuildrc $HOME/.sbuildrc
schroot -l|grep sbuild|grep source
scripts/update-all.sh

# Fetch the scramble Openvpn Patch
cd $HOME
wget https://raw.githubusercontent.com/Tunnelblick/Tunnelblick/master/third_party/sources/openvpn/openvpn-2.3.10/patches/02-tunnelblick-openvpn_xorpatch.diff

# Import scramble Openvpn Patch
cd $HOME/sbuild_wrapper/packaging/trusty/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch.diff
cd $HOME/sbuild_wrapper/packaging/lucid/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch.diff
cd $HOME/sbuild_wrapper/packaging/precise/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch.diff
cd $HOME/sbuild_wrapper/packaging/jessie/
QUILT_PATCHES=debian/patches quilt import $HOME/02-tunnelblick-openvpn_xorpatch.diff

# Prepare
cd $HOME/sbuild_wrapper/
scripts/prepare-all.sh
ls build/*/

# Now lets build it
cd $HOME/sbuild_wrapper
scripts/build-all.sh

# Check output
ls ./output/*/*

# rename the output to indicate OS and scramble patch

ls ./output/*/*

mv output/ubuntu/trusty/openvpn_2.3.10-debian0_amd64.deb output/ubuntu/trusty/openvpn_2.3.10-scramble-ubuntu1404_amd64.deb
mv output/ubuntu/trusty/openvpn_2.3.10-debian0_i386.deb output/ubuntu/trusty/openvpn_2.3.10-scramble-ubuntu1404_i386.deb

mv output/ubuntu/precise/openvpn_2.3.10-debian0_amd64.deb output/ubuntu/precise/openvpn_2.3.10-scramble-ubuntu1204_amd64.deb
mv output/ubuntu/precise/openvpn_2.3.10-debian0_i386.deb output/ubuntu/precise/openvpn_2.3.10-scramble-ubuntu1204_i386.deb

mv output/ubuntu/lucid/openvpn_2.3.10-debian0_amd64.deb output/ubuntu/lucid/openvpn_2.3.10-scramble-ubuntu1004_amd64.deb
mv output/ubuntu/lucid/openvpn_2.3.10-debian0_i386.deb output/ubuntu/lucid/openvpn_2.3.10-scramble-ubuntu1004_i386.deb

cp output/ubuntu/precise/openvpn_2.3.10-scramble-ubuntu1204_amd64.deb output/debian/wheezy/openvpn_2.3.10-scramble-debian7_amd64.deb
cp output/ubuntu/precise/openvpn_2.3.10-scramble-ubuntu1204_i386.deb output/debian/wheezy/openvpn_2.3.10-scramble-debian7_i386.deb

cp output/ubuntu/lucid/openvpn_2.3.10-scramble-ubuntu1004_amd64.deb output/debian/squeeze/openvpn_2.3.10-scramble-debian6_amd64.deb
cp output/ubuntu/lucid/openvpn_2.3.10-scramble-ubuntu1004_i386.deb output/debian/squeeze/openvpn_2.3.10-scramble-debian6_i386.deb

ls ./output/*/*

# Dropbox links
https://www.dropbox.com/s/qevwyjgvhr9u964/openvpn_2.3.10-scramble-ubuntu1004_amd64.deb?dl=0
https://www.dropbox.com/s/pw8y2zy31s0hu4l/openvpn_2.3.10-scramble-ubuntu1004_i386.deb?dl=0
https://www.dropbox.com/s/hcgp0rag043ogxu/openvpn_2.3.10-scramble-ubuntu1204_amd64.deb?dl=0
https://www.dropbox.com/s/iif9k10g97xm22h/openvpn_2.3.10-scramble-ubuntu1204_i386.deb?dl=0
https://www.dropbox.com/s/v8xqvml0xyao7yq/openvpn_2.3.10-scramble-ubuntu1404_amd64.deb?dl=0
https://www.dropbox.com/s/enk9dssswvsrizo/openvpn_2.3.10-scramble-ubuntu1404_i386.deb?dl=0
https://www.dropbox.com/s/3xte0fbvvtoh136/openvpn_2.3.10-scramble-debian6_amd64.deb?dl=0
https://www.dropbox.com/s/wsz4kf71nx01d9b/openvpn_2.3.10-scramble-debian6_i386.deb?dl=0
https://www.dropbox.com/s/dmim6yu83jz4bws/openvpn_2.3.10-scramble-debian7_amd64.deb?dl=0
https://www.dropbox.com/s/qa7apcump9vy1nn/openvpn_2.3.10-scramble-debian7_i386.deb?dl=0


# Before the prepare bit, scripts/prepare-all.sh
# we were suppose to update changelog and version.conf
#
# $HOME/sbuild_wrapper/packaging/trusty/debian/changelog
# $HOME/sbuild_wrapper/config/version.conf
#
# But I had trouble to build afterwards, with format errors
# So I just build without edit, and rename the output as you see above


# You can check if your target platforms are already supported by your
# operating system's debootstrap scripts:
# Ubuntu 14.04 already has these bootstrap for trusty, so I didn't need to do anything.
# ls /usr/share/debootstrap/scripts
# if you don't have them, then you need to fetch
# wget http://ftp.us.debian.org/debian/pool/main/d/debootstrap/debootstrap_1.0.75_all.deb
# dpkg -i debootstrap_1.0.75_all.deb


# If you get the following error
# Not enough random bytes available. Please do some other work to give
# the OS a chance to collect more entropy!
#
# Then from another shell install random number generator
#
# apt-get install rng-tools
# rngd -f -r /dev/urandom