Feature Suggestion: Tunnel through SSH/SSL Tunnel?

[n9yty]

This may seem odd, but as more locations are blocking access to OpenVPN tunnels by way of deep packet inspection, I am being forced to look at options for roaming users to stay connected. Already a few airports and hotels that previously have had no problems are now blocking traffic.

This article talks about a few options:

https://www.bestvpn.com/blog/5919/how-to-hide-openvpn-traffic-an-introduction/

I know that several MySQL clients I use have the option to tunnel the MySQL connection to the server through an SSH tunnel. To that end, I was wondering if it might be possible for Tunnelblick to do the same thing, which is to offer an option to wrap the OpenVPN tunnel inside of another tunnel, SSL or SSH.

Personally, I think SSL is probably less overhead and easier to implement, and should serve to adequately "obfuscate" the fact that you are using OpenVPN. The above link includes a link to a page describing this.

While this can be done outside of tunnelblick, I just thought I would raise the question.  And maybe this could be all done in custom pre-connect/post-disconnect scripts.  Maybe, in my wildest dreams (smile) I could even update a remote configuraiton using updateable configurations to somewhat regularly changs ports/etc, maybe even to include the obfsproxy/stunnel binaries in the configuration bundle...

If anyone has thoughts on this, showing how misguided I am or telling of how you have done it {smile}, I would love to hear them.

Thanks!

  Steve

[n9yty]

As an aside, I hadn't realized the whole "xor" patch controversy and related issues. This could possibly be an option, although I would still like to entertain the use of tunnel or what else may be workable that wouldn't strictly require a custom openvpn binary on the server. But I just wanted to throw out a "Thank You" to Johnathan for already having this exact feature in place, even if it does require a custom server binary.