Tunnelblick and openvpn_xorpatch
The openvpn_xorpatch Controversy
A patch to add a "scramble" option to OpenVPN was proposed in April, 2013. The option can be useful to avoid having OpenVPN traffic detected by monitoring or censoring mechanisms such as the Great Firewall of China. The option "scrambles" each buffer of traffic before it is sent between the OpenVPN client and server.
However, the patch is controversial: it was not accepted as an addition to OpenVPN by the OpenVPN developers. There is a long discussion of the patch on the OpenVPN Community Support Forum. The last post is:
"We (OpenVPN developers) do not encourage people building their own versions of OpenVPN changing the wire-protocol like this, without the patch being through a proper patch review and having evaluated possible security risks related to such a change.
In December 2016, further discussion took place on the OpenVPN users mailing list. OpenVPN developers again explained why they do not want to include the patch in OpenVPN and discussed alternatives. See (https://sourceforge.net/p/openvpn/mailman/openvpn-users/thread/DFBD5589-71CB-41CD-B7A7-F2A540380E33%40haloprivacy.com/#msg35560747.
Regardless of the OpenVPN developers decision not to include the patch in OpenVPN, the patch is attractive because it is so easy to implement: simply apply the patch to both the OpenVPN server and the OpenVPN client and add a single, identical option to the configuration files for each. Using obfsproxy is more complicated because it involves running another, separate program on both the server and the client.
Because the patch is so easy to implement, the patch is included in all versions of OpenVPN that are included in Tunnelblick as of build 4420.
The original post proposing the patch claims that using the patch is sufficient to secure communications and that no other encryption is necessary:
"With this obfuscate option, I think that it is ok to use "cipher none", because working out the method used would take a lot of cryptoanalysis. The obfuscate option is also much easier on the CPU than any cipher options This is incase you are using ddwrt or openwrt or have a low speed cpu."
Do not take this advice! The obfuscation provided by this patch appears to be extremely rudimentary. Beware of cryptographic advice from amateur cryptographers!
Large organizations have the ability and power to "unscramble" traffic and detect it as OpenVPN traffic, and the obfuscation provided by this patch is so rudimentary that relatively simple cryptanalysis will probably be able to unscramble the content, too.
Tunnelblick Modifications to the Patch
As the OpenVPN developers point out, the patch has never been through a thorough review for security, coding, etc. However, a Tunnelblick developer has reviewed the patch, found some problems, and modified it in Tunnelblick to resolve those problems. The problems that were found and fixed involved insufficient parameter validation, null pointer dereferences, division by zero errors, and a buffer overflow. Some defensive programming was also added to the modified version of the patch to increase its robustness.
I invite anyone/everyone to review the patch and report any problems, either to the Tunnelblick Discussion Group or to the developers. Details of the patch are below.
Scramble Option Syntax
Note: The "scramble" option and parameters in the server and client configuration files must match.
scramble obfuscate password
The Patch as Modified for Use in Tunnelblick
Tunnelblick's build process expands OpenVPN, applies patches, and then builds from the patched source code.
In recent versions of Tunnelblick, the patch has been broken into five separate .diff files, with each .diff modifying a single file in the OpenVPN source code. (This is done to make it easier to modify the patch when the underlying OpenVPN source code is changed.)
Files with patches for each particular version of OpenVPN are located in the Tunnelblick source code in a "patches" folder specific to that version of OpenVPN. The path to patches for OpenVPN version X.Y.Z would be