Obfuscating OpenVPN traffic using obfs4
Clone or download
Hamy updatd to reflect new changes
new blog post
some small adjustments
Latest commit 4b7cd79 Jan 17, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples small adjustments Jan 17, 2019
img added diagram Jan 13, 2019
CHANGELOG.md small adjustments Jan 17, 2019
LICENSE Switched to MIT license, and couple of other adjustments Jan 11, 2019
README.md updatd to reflect new changes Jan 17, 2019
obfs4proxy-openvpn small adjustments Jan 17, 2019



A Bash script for obfuscating OpenVPN traffic using obfs4


obfs4proxy-openvpn diagram

obfs4proxy developed by the Tor Project, is primarily written to obfuscate Tor traffic. But with a little effort, it can be used to obfuscate any other TCP traffic as well.

While there are couple of obfs4proxy general wrappers around, this Bash script is specifically designed to make obfs4proxy work with OpenVPN. It's more of a helper than a wrapper since it bootstraps the start of obfs4proxy/OpenVPN and then gets out of the way.

Since the script uses standard Linux commands, it should work in most major distros but it's been specifically tested on:

  • Ubuntu 18.04
  • Debian 9
  • CentOS 7
  • Fedora 29

If you believe that it doesn't work on your system, let me know.

Getting started


  • Linux (obviously!)
  • Bash
  • OpenVPN
  • obfs4proxy
  • Standard Linux commands (e.g, sudo,grep,ps) which should be available on all distros.

OpenVPN and obfs4proxy can either be compiled from their source code or installed from your distros repository. Just don't forget to put them somewhere in your PATH if you decided to compile them yourself.

The script must be run as root to do its magic but it will use a dedicated account for running obfs4proxy by default. You can also make OpenVPN to drop its root privilege later on.



obfs4proxy-openvpn --help should give you some basic info on the command line arguments.

Most needed documentations are placed in the sample files in examples/ folder. That should be enough to get you started. But a more in-depth doc can be found here: obfs4proxy-openvpn: Obfuscating OpenVPN traffic using obfs4

After the initial startup, the execution is passed to openvpn and it stays in the foreground (just like the real openvpn execution). You may then use the provided systemd service sample file to run it as a service.


I would love to know you thoughts on this project. Please share them with me here.



This project is licensed under the MIT License - see the LICENSE file for details.


Helpful links