How to install obfs4proxy on Freepbx server

OpenVPN is already installed on our server, which we use for VOIP Clients in restrictive territories. However some of these territories also actively block OpenVPN.

Obfs4proxy provides a wrapper solution for OpenVPN that is straightforward to configure. Except the Centos / Fedora / Sangoma repos dont support it.

One alternaitve may be to build it from the is to build it from github, but the build scripts dont seem to work. Another route may be to install it using dnf: https://github.com/spectrecoin/spectre/wiki/Installation-of-OBFS4
…except the installed freepbx repos don’t support dnf either.

Does anyone have any other suggestions how to get obfs4proxy proxy installed ?

And using 443 (trivial) nor stunnel (easy) are not viable options ?

https://www.bestvpn.com/guides/how-to-hide-openvpn-traffic-an-introduction/

Already on 443. This doesnt solve Deep Packet Inspection. Obfs4proxy is the same concept as stunnel only more robust and (virtually) undetectable. The territories which use active VPN blocking have most of the more trivial methods covered.

It is important we go for the most secure method. The alternative would be to use a separate server for this purpose but as the tunnel is also used for remote admin it would be desirable to keep it all on one platform. If only it was debian, this wouldnt be an issue.

So use debian or go the other build option for redhat? Kinda a catch 22 here I think expecting precompiled binaries for RH . .

Hi Dicko,

Yes I thought of using dnf. But I can’t get that to install either. dnf is not supported by the freepbx repositories and I get an error when I try to add the epel repo.

yum install epel-release -y
Loaded plugins: fastestmirror, langpacks, versionlock
Loading mirror speeds from cached hostfile
Package epel-release-7-11.noarch is obsoleted by sangoma-release-7-5.1805.02.el7.sangoma.x86_64 which is already installed
Nothing to do

If you could suggest a way of installing dnf, that might provide a solution.

Many thanks for your assistance!

So use debian

How would you do that on a freepbx system already running Centos?

You wouldn’t , you would install it from scratch restore from the working one and preclude any commercial modules.

Thats a bit beyond me Im afraid. My server is based on the official freepbx distro and we do have commercial packages installed. I do have a separate Ubuntu server which should support Obfs4proxy and this might be used as an OpenVPN relay perhaps. (Just thinking out loud). But I would still rather keep everything on the one platform.

For some reason the official build instructions are failing:

go build -o obfs4proxy/obfs4proxy ./obfs4proxy
go: finding gitlab.com/yawning/utls.git v0.0.10-1
go: gitlab.com/yawning/[email protected]: git fetch -f https://gitlab.com/yawning/utls refs/heads/*:refs/heads/* refs/tags/*:refs/tags/* in /root/work/pkg/mod/cache/vcs/f923860f723f34e4b0e4888426f2ddac74b64cf389f0d13e9bf5cc235784502b: exit status 128:
        error: RPC failed; result=22, HTTP code = 404
        fatal: The remote end hung up unexpectedly
go: error loading module requirements

I cannot git clone gitlab.com/yawning/utls either (does not exist error). Yet I can reach it in a browser. Very odd. What do you think?

Sorry. I use debian and don’t see any of those problems.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.