3.747
Bearbeitungen
Änderungen
OpenVPN SSL obfuscation (Quelltext anzeigen)
Version vom 12. Dezember 2015, 18:01 Uhr
, 18:01, 12. Dez. 2015initial
Ziel: eine ordentliche Patchdatei bauen, die man fuer OpenWrt verwenden kann.
Wir ueber mal mit folgendem commit den ich gefunden habe:
<pre>
https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8
</pre>
erstmal OpenWrt holen und schauen wo 'openvpn' liegt:
<pre>
bastian@X301:~/software$ git clone git://git.openwrt.org/openwrt.git
bastian@X301:~/software$ cd openwrt
bastian@X301:~/software/openwrt$ find . -type d -name openvpn
./package/network/services/openvpn
</pre>
OK, wir schauen uns das Makefile an und den Downloadlink/Version:
<pre>
bastian@X301:~/software/openwrt$ grep -m6 ^[A-Z] ./package/network/services/openvpn/Makefile
PKG_NAME:=openvpn
PKG_VERSION:=2.3.7
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_MD5SUM:=070bca95e478f88dff9ec6a221e2c3f7
</pre>
OK, wir machen uns ein lokales git und holen den tarball:
<pre>
bastian@X301:~/software/openwrt$ cd ..
bastian@X301:~/software$ mkdir openvpn
bastian@X301:~/software$ cd openvpn/
bastian@X301:~/software/openvpn$ git init
Initialized empty Git repository in /home/bastian/software/openvpn/.git/
bastian@X301:~/software/openvpn$ wget http://swupdate.openvpn.net/community/releases/openvpn-2.3.7.tar.gz
bastian@X301:~/software/openvpn$ tar xzf openvpn-2.3.7.tar.gz
bastian@X301:~/software/openvpn$ cd openvpn-2.3.7/
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git init
Initialized empty Git repository in /home/bastian/software/openvpn/openvpn-2.3.7/.git/
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git add .
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git commit -m "extracted openvpn-2.3.7.tar.gz"
[master (root-commit) e97a8c6] extracted openvpn-2.3.7.tar.gz
306 files changed, 112266 insertions(+)
</pre>
Nun laden wir uns von dem github-commit das patchfile herunter:
<pre>
# https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8
# .patch anhängen:
bastian@X301:~/software/openvpn/openvpn-2.3.7$ wget -O /tmp/mypatch https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8.patch
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git apply --check </tmp/mypatch
error: patch failed: src/openvpn/options.c:6593
error: src/openvpn/options.c: patch does not apply
error: patch failed: src/openvpn/options.h:522
error: src/openvpn/options.h: patch does not apply
</pre>
ok, das geht nicht so einfach, wir holen uns also option.c und option.h vom commit davor ("parent")
<pre>
parent='3ec9eb8ee402ea977805eaac6a8caa38f5800bbd'
wget -O src/openvpn/options.c "https://raw.githubusercontent.com/hizukiayaka/openvpn/$parent/src/openvpn/options.c"
wget -O src/openvpn/options.h "https://raw.githubusercontent.com/hizukiayaka/openvpn/$parent/src/openvpn/options.h"
git add .
git commit -m "sync options.* of parent"
</pre>
nun nochmal testen ob es geht:
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git apply --check /tmp/mypatch
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git am --ignore-whitespace --signoff </tmp/mypatch
</pre>
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git log
commit dc3103e7fef1afb1c7c76bc83d1d6d78079284da
Author: ayaka <ayaka@soulik.info>
Date: Fri Aug 28 18:00:58 2015 +0800
obfuscation: apply xor in SSL layer
NOTE: It only work with OpenSSL library not PolarSSL library.
The xor patch before only worked with IP tunnel package.
Signed-off-by: ayaka <ayaka@soulik.info>
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
commit 6d764b72d92594b478c73f2a843abafd8ce02f52
Author: Bastian Bittorf <bittorf@bluebottle.com>
Date: Sat Dec 12 16:21:33 2015 +0100
options.* from parent
wunderbar! nun machen wir daraus 2 normale patchdateien:
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git format-patch -s -2
0001-options.-from-parent.patch
0002-obfuscation-apply-xor-in-SSL-layer.patch
</pre>
...und kopieren die uns OpenWrt-buildsystem:
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ find ../../openwrt -type d -name openvpn
../../openwrt/package/network/services/openvpn
bastian@X301:~/software/openvpn/openvpn-2.3.7$ mv 000* ../../openwrt/package/network/services/openvpn/patches/
</pre>
die patches habe ich mal hochgeladen:
https://github.com/bittorf/kalua/tree/master/openwrt-patches/interesting/openvpn-ssl-obfuscation
via 'make menuconfig' muss unter network->VPN->openvpn-openssl gewaehlt werden:
<pre>
make package/openvpn/clean
make package/openvpn/compile
make package/openvpn/install
</pre>
fertig!
Wir ueber mal mit folgendem commit den ich gefunden habe:
<pre>
https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8
</pre>
erstmal OpenWrt holen und schauen wo 'openvpn' liegt:
<pre>
bastian@X301:~/software$ git clone git://git.openwrt.org/openwrt.git
bastian@X301:~/software$ cd openwrt
bastian@X301:~/software/openwrt$ find . -type d -name openvpn
./package/network/services/openvpn
</pre>
OK, wir schauen uns das Makefile an und den Downloadlink/Version:
<pre>
bastian@X301:~/software/openwrt$ grep -m6 ^[A-Z] ./package/network/services/openvpn/Makefile
PKG_NAME:=openvpn
PKG_VERSION:=2.3.7
PKG_RELEASE:=1
PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_MD5SUM:=070bca95e478f88dff9ec6a221e2c3f7
</pre>
OK, wir machen uns ein lokales git und holen den tarball:
<pre>
bastian@X301:~/software/openwrt$ cd ..
bastian@X301:~/software$ mkdir openvpn
bastian@X301:~/software$ cd openvpn/
bastian@X301:~/software/openvpn$ git init
Initialized empty Git repository in /home/bastian/software/openvpn/.git/
bastian@X301:~/software/openvpn$ wget http://swupdate.openvpn.net/community/releases/openvpn-2.3.7.tar.gz
bastian@X301:~/software/openvpn$ tar xzf openvpn-2.3.7.tar.gz
bastian@X301:~/software/openvpn$ cd openvpn-2.3.7/
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git init
Initialized empty Git repository in /home/bastian/software/openvpn/openvpn-2.3.7/.git/
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git add .
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git commit -m "extracted openvpn-2.3.7.tar.gz"
[master (root-commit) e97a8c6] extracted openvpn-2.3.7.tar.gz
306 files changed, 112266 insertions(+)
</pre>
Nun laden wir uns von dem github-commit das patchfile herunter:
<pre>
# https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8
# .patch anhängen:
bastian@X301:~/software/openvpn/openvpn-2.3.7$ wget -O /tmp/mypatch https://github.com/hizukiayaka/openvpn/commit/2eb2234f28d176a74d949f8563eb11ac2ad70bb8.patch
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git apply --check </tmp/mypatch
error: patch failed: src/openvpn/options.c:6593
error: src/openvpn/options.c: patch does not apply
error: patch failed: src/openvpn/options.h:522
error: src/openvpn/options.h: patch does not apply
</pre>
ok, das geht nicht so einfach, wir holen uns also option.c und option.h vom commit davor ("parent")
<pre>
parent='3ec9eb8ee402ea977805eaac6a8caa38f5800bbd'
wget -O src/openvpn/options.c "https://raw.githubusercontent.com/hizukiayaka/openvpn/$parent/src/openvpn/options.c"
wget -O src/openvpn/options.h "https://raw.githubusercontent.com/hizukiayaka/openvpn/$parent/src/openvpn/options.h"
git add .
git commit -m "sync options.* of parent"
</pre>
nun nochmal testen ob es geht:
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git apply --check /tmp/mypatch
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git am --ignore-whitespace --signoff </tmp/mypatch
</pre>
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git log
commit dc3103e7fef1afb1c7c76bc83d1d6d78079284da
Author: ayaka <ayaka@soulik.info>
Date: Fri Aug 28 18:00:58 2015 +0800
obfuscation: apply xor in SSL layer
NOTE: It only work with OpenSSL library not PolarSSL library.
The xor patch before only worked with IP tunnel package.
Signed-off-by: ayaka <ayaka@soulik.info>
Signed-off-by: Bastian Bittorf <bittorf@bluebottle.com>
commit 6d764b72d92594b478c73f2a843abafd8ce02f52
Author: Bastian Bittorf <bittorf@bluebottle.com>
Date: Sat Dec 12 16:21:33 2015 +0100
options.* from parent
wunderbar! nun machen wir daraus 2 normale patchdateien:
bastian@X301:~/software/openvpn/openvpn-2.3.7$ git format-patch -s -2
0001-options.-from-parent.patch
0002-obfuscation-apply-xor-in-SSL-layer.patch
</pre>
...und kopieren die uns OpenWrt-buildsystem:
<pre>
bastian@X301:~/software/openvpn/openvpn-2.3.7$ find ../../openwrt -type d -name openvpn
../../openwrt/package/network/services/openvpn
bastian@X301:~/software/openvpn/openvpn-2.3.7$ mv 000* ../../openwrt/package/network/services/openvpn/patches/
</pre>
die patches habe ich mal hochgeladen:
https://github.com/bittorf/kalua/tree/master/openwrt-patches/interesting/openvpn-ssl-obfuscation
via 'make menuconfig' muss unter network->VPN->openvpn-openssl gewaehlt werden:
<pre>
make package/openvpn/clean
make package/openvpn/compile
make package/openvpn/install
</pre>
fertig!