[Bug] fingerprint leaks as OpenVPN TCP bs128 SHA1 lzo - Githubissues

xjasonlyu / tun2socks

tun2socks - powered by gVisor TCP/IP stack

https://github.com/xjasonlyu/tun2socks/wiki

GNU General Public License v3.0

3.13k stars 433 forks source link

[Bug] fingerprint leaks as OpenVPN TCP bs128 SHA1 lzo #221

Closed mihaiav closed 1 year ago

mihaiav commented 1 year ago

Verify steps

[X] Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
[X] I have searched on the issue tracker for a related issue.

Version

v2.4.1

What OS are you seeing the problem on?

macOS

Description

For some reasons it looks like the connection is detected/fingerprint-ed as openvpn server. How to test:

start tun2socks using a socks5 proxy
go to https://browserleaks.com/ip with your browser

Result:

TCP/IP Fingerprint
Link | OpenVPN TCP bs128 SHA1 lzo

Obviously if you run a proxy/vpn you don't want to be detected as such. Is there any way we can avoid that fingerprint?

Digging a bit around it looks like Maximum Segment Size (MSS) could play a role there.

https://medium.com/@ValdikSS/detecting-vpn-and-its-configuration-and-proxy-users-on-the-server-side-1bcc59742413

CLI or Config

No response

Logs

No response

How to Reproduce

No response

xjasonlyu commented 1 year ago

Hi, thanks for your feedback! But I don't think such a fingerprint leak exists.

First, the detection tech from this site https://browserleaks.com/ip seems to be purely based on your IPs, it's far from even accurate. I tested it with and without tun2socks or other proxy tools, it shows all the same results.

TCP/IP Fingerprint
--
OS | Linux (2.2.x-3.x)
Link | Ethernet or modem

Second, tun2socks is not a VPN. It has a completely different underlying arch, and on the server side it's just a proxy.