On 08.02.24 19:04, Peter Davis wrote:
On Thursday, February 8th, 2024 at 3:45 PM, Jochen Bern <jochen.b...@binect.de> wrote:On 08.02.24 11:36, Peter Davis via Openvpn-users wrote:Can an intermediate server do this? Instead of connecting directly to the final server, people connect to an intermediate server and this intermediate server sends requests to the final server!... you mean, like what a VPN (to a central peer at the same site as the final server, and ideally many more servers) does ... ?Something like that. Suppose, in an environment, the number of connections to the OpenVPN server outside the country is limited, but the internal OpenVPN server does not have this limit. Many clients connect to the internal OpenVPN server, but this OpenVPN server only has one connection to the OpenVPN which is outside the country. Therefore, clients can easily connect to the external OpenVPN server.
Well, if the domestic OpenVPN server is "internal" in the sense that your adversary can *not* detect and count the connections from the clients to it, even if someone clues him in on the setup, sure.
Note that, while OpenVPN does indeed use "connections" in the sense of fixed IPs+ports quadruplets (in either UDP or TCP), the equivalent in IPsec VPNs would be the security associations (SAs). They're far from *impossible* to detect by external observation of the traffic, but depending on your definition of "connection" and the capabilities of the adversary, they might provide better obscuration.
Kind regards, -- Jochen Bern Systemingenieur Binect GmbH
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
