Portal Home > Knowledgebase > Extra services > ECC + XOR (Scramble) > Connect to Proxy.sh VPN network using ECC encryption and XOR option

Connect to Proxy.sh VPN network using ECC encryption and XOR option

Proxy.sh is among the first VPN providers to provide a transparent access to an ECC-powered OpenVPN network that also comes with the new OpenVPN's XOR scrambling/obfuscating option. ECC allows you to make sure your traffic will be next to impossible to decipher, while XOR allows you to make sure third party cannot detect you are using OpenVPN (the latter is particularly useful if you are in highly restricted network such as Chinese or Iranian domestic Internet).

Indeed, we provide Diffie-Hellman initialized with 4096 bit key along with ECDH curve secp384r1. Our full control channel is made of TLSv1.2, cipher TLSv1/SSLv3 ECDHE-ECDSA-AES256-GCM-SHA384 while the associated cipher is AES-256-CBC and the auth SHA512. Furthermore, this environment is supplemented with OpenVPN's XOR scrambling option, making the whole combination probably the strongest known to cryptographic research field. We provide this "ECC + XOR" environment on port 995 (both UDP and TCP).

In order to connect to this ECC + XOR network, you first need to go to our Network Status in order to locate the VPN nodes which have ECC + XOR enabled. Indeed, not our entire network is configured with ECC + XOR.

Once you have chosen one or several VPN nodes with ECC + XOR enabled, you need to make sure to use an OpenVPN client which is compatible with ECC encryption and has the XOR scramble option. To this date, only the OpenVPN master branch has compatibility with ECC and XOR scramble option. Here is how to build OpenVPN from the master branch on Unix:

yum install gcc make rpm-build autoconf.noarch zlib-devel pam-devel openssl-devel wget git-core libtool gcc-c++ libgcrypt-devel snappy-devel lzo-devel libtool libgcrypt-devel -y
wget http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
wget http://openvpn.net/release/lzo-1.08-4.rf.src.rpm
rpmbuild --rebuild lzo-1.08-4.rf.src.rpm
rpm -Uvh lzo-*.rpm
tar zxf openvpn-xor.tar.gz
cd openvpn-xor
autoreconf -vi
./configure
make

The same essentially applies to Windows and Mac if you have the right skills to compile the libraries. For neophytes users, we unfortunately have no easy setups. We are working hard on implementing such option into Safejumper.

Now, you should have an OpenVPN client that is compatible with ECC + XOR, and you should have chosen some of our VPN servers where ECC + XOR is supported.

In order to connect, you simply need to use the certificate found at https://proxy.sh/proxysh-ecc.crt or to replace in your .ovpn config the <ca> entry below:

<ca>
-----BEGIN CERTIFICATE-----
MIIB3DCCAWKgAwIBAgIJAMyliDCXM4kcMAoGCCqGSM49BAMCMBMxETAPBgNVBAMT
CHByb3h5LnNoMB4XDTE0MTExMzExNTk1NVoXDTI0MTExMDExNTk1NVowEzERMA8G
A1UEAxMIcHJveHkuc2gwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATwczmfgxUfobt/
7S+A2P1tYNOYATTpxcIEAtUVCgywp1Fd6tKAttCqvpHz8PDOb4NYS6JONivO5yaT
jfDiTrWRGZeYf2JsNs6byv/A9qxvDCcJ49EotonMJYX4+TQq75ejgYEwfzAdBgNV
HQ4EFgQU6miAiqVUQAYeUP4LnZfKNdfQjUkwQwYDVR0jBDwwOoAU6miAiqVUQAYe
UP4LnZfKNdfQjUmhF6QVMBMxETAPBgNVBAMTCHByb3h5LnNoggkAzKWIMJcziRww
DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDaAAwZQIwd5vR
8fTrEdXLKZjiXeCjH/vxnnbelGcgpFz/r0cdr8YISa20w2zfGVB1+8XRhaYHAjEA
yZeceiNW01Uj7DnjgWdLJWxcuduP1eTojzcQTGcFRPGd45w6pM1oGvLBhCD+QDzw
-----END CERTIFICATE-----
</ca>

Please also make sure to modify your .ovpn config to connect to port 995 (TCP/UDP). And kindly also set the XOR shared secret pass as "0054D65beN6r2kd" using 'scramble obfuscate' parameter. Your .ovpn config file should therefore essentially look like this:

client
dev tun
proto udp
remote 91.213.8.226 995
auth-user-pass
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
verb 3
route-method exe
route-delay 2
comp-lzo
persist-key
persist-tun
scramble obfuscate 0054D65beN6r2kd
<ca>
-----BEGIN CERTIFICATE-----
MIIB3DCCAWKgAwIBAgIJAMyliDCXM4kcMAoGCCqGSM49BAMCMBMxETAPBgNVBAMT
CHByb3h5LnNoMB4XDTE0MTExMzExNTk1NVoXDTI0MTExMDExNTk1NVowEzERMA8G
A1UEAxMIcHJveHkuc2gwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAATwczmfgxUfobt/
7S+A2P1tYNOYATTpxcIEAtUVCgywp1Fd6tKAttCqvpHz8PDOb4NYS6JONivO5yaT
jfDiTrWRGZeYf2JsNs6byv/A9qxvDCcJ49EotonMJYX4+TQq75ejgYEwfzAdBgNV
HQ4EFgQU6miAiqVUQAYeUP4LnZfKNdfQjUkwQwYDVR0jBDwwOoAU6miAiqVUQAYe
UP4LnZfKNdfQjUmhF6QVMBMxETAPBgNVBAMTCHByb3h5LnNoggkAzKWIMJcziRww
DAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDaAAwZQIwd5vR
8fTrEdXLKZjiXeCjH/vxnnbelGcgpFz/r0cdr8YISa20w2zfGVB1+8XRhaYHAjEA
yZeceiNW01Uj7DnjgWdLJWxcuduP1eTojzcQTGcFRPGd45w6pM1oGvLBhCD+QDzw
-----END CERTIFICATE-----
</ca>

VoilĂ , you're now fully aware of how to connect to our OpenVPN network with ECC + XOR encryption. Please note that if you have various curves to suggest, we will happily deploy them on various ports, just do not hesitate to get in touch with us.

Related Knowledgebase Articles