Hello,
Apologies in advance if this is in the wrong subtopic forum.
is there a way to enable obfuscation openwrt 23.05.3 with wireguard for nordvpn. Currently i have a WRT3200ACM that is handling nord traffic. My employer decided to block this traffic with a netskope agent. Nordvpn only works with an android app with obfuscated servers. Nord doesn't allow or provide obfuscation to be enabled on routers, they only support android or windows app based obfuscation. So trying to understand
if i can achieve obfuscation on my router outside of nordvpn.
If this is possible, please let me know what version supports this and any steps would be helpful.
Router details below,
Traffic would be just to employer provided devices, just two devices
Then the answer is no, you can’t do the obfuscation because the method by which they do it is not public knowledge and thus is not available to be implemented on openwrt.
is this a possibility? i dont know the technicals, i am going purely based on google results. Would be great if someone with knowledge could provide some expert input.
You could try it. But it will only work if nord is using the same method. If they use a different (and unpublished/non-public) method, it will obviously not work.
For what it’s worth, if there are any keys or other authentication methods required for the obfuscation method, you would need that, too. And only nord would have those parameters.
It was not the steps, but rather the fact that those steps were AI generated.
Humans providing information and outlining the process is very much encouraged. Even better if they can provide all the necessary detail for a novice to implement.
AI, on the other hand, is often wrong about these topics (hallucinations) and will lead people in the wrong direction, possibly causing problems along the way. Even worse, that can create a negative feedback cycle when AI scrubs forum pages like this and assumes that it is accurate information -- it will continue to make the hallucinations worse! As such, we have a rule in our community guidelines that states that technical AI content will be removed. (AI is fine for augmenting writing such as for language translation or ensuring that the writing is clear and understandable; it is allowed in that context).
Obfuscation in general -- yes, there are packages that can be installed on OpenWrt (on essentially any target platform that is supported), although some of the packages may not be part of the official repo.
Obfuscation specifically for NordVPN -- no, not unless Nord shares their method and/or code. The problem is that if they don't share the specifications/code, there is no way to know how it works such that someone could build a compatible obfuscation package to install (on OpenWrt or really any other platform).
Yes it does, from what i can tell nord uses xor + scramble password option, would that be of any help? i can share an ovpn config if you like, as a private message
That probably isn’t enough information to implement the obfuscation.
You could try building the code that you found. You’d download the openwrt sdk for your target and then compile a package from source, install it, and then test.
Another third party firmware (DDWRT) has the WireGuard obfuscation method standard incorporated. However without knowing the key it does not help and Nord will not give it to you and we do not even know if this is the method used by NordVPN.
About the XOR scramble method for OpenVPN, I have it incorporated in my OpenWRT build.
But again for this to work you need to know the method and password.
This scramble method is in use by a couple of Commercial Providers who also support running VPN on your router.
See my instructions to compile it into OpenWRT: OpenVPN: scramble options to obfuscate openvpn traffic
Hello Egc, I did go over that blog post before, would you be able to give some additional instructions. I downloaded .patch file then i dont know what to do next. Like where and how am i doing the below steps. Would you be against PM'ng,
To compile:
Copy all patch files to feeds/packages/net/openvpn/patches
On compiling the patches are executed automatically
Also i tried DDWRT, and openwrt is way more friendlier in terms of config and UI. I was not able to make obfuscation work with DDWRT on a spare WRT3200ACM router. I have two of these one as backup if the other one dies.....