Domain fronting for SoftEther server

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Domain fronting for SoftEther server

Post by shakibamoshiri » Thu Jan 05, 2023 11:28 pm

I would like to know what methods are available for domain fronting for/with SE server.
below methods have been tested using SSTP and SE server 4.41
Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than is discernable to third parties monitoring the requests and connections.
from https://en.wikipedia.org/wiki/Domain_fronting

disclaimer
it is about a few days I got to know about "domain fronting". So by using the term "domain fronting" I mean avoid SE server end-point IP be exposed and accessing it via a helper domain (mainly using SSTP since domain verification is needed)

Method 1 - double VPN
This one is simple to setup but it may case somes issues.
pros
- hop-2 IP will be hidden
cons
- hop-1 itself IP address is exposed
- throughput on hop-1 server with cascade connection
- if hop-2 default page be disabled (by creating directory hamcore/wwwroot/index.html) hop-1 cascade connection fails

Method 2 - traffic redirection from hop-1 to hop-2
https://serverfault.com/questions/58648 ... me-network
We can forward hop-1 traffic to hop-2. The speed will decreases around 10% to 30% or more.
pros
- hop-2 IP will be hidden
- hop-2 default page can be disabled
cons
- hop-1 itself IP address is exposed

Method 3 - using a CDN (e.g. CloudFlare)
This method is not straight forward + it seems in free plans CF does not support non-HTTP traffic forwarding
List of ports CF supports
https://developers.cloudflare.com/funda ... ork-ports/

and forwarding availability
https://developers.cloudflare.com/spectrum/

Also I have tested this method (3) with CF origin server certificate but did not work.

pros
- hide hop-X IP address
cons
- seems not working because of lack of protocol support

So what other ways do you know or are possible?
Regards

shakibamoshiri
Posts: 285
Joined: Wed Dec 28, 2022 9:10 pm

Re: Domain fronting for SoftEther server

Post by shakibamoshiri » Fri Jan 06, 2023 10:35 am

I forgot mentioning VPN-Azure as a method

Method 4 - VPN-Azure
pros
- just enabling it, starts to work
cons
- hosted somewhere else and we may face speed latency

NOTE
I found this wiki
Creating your own VPNAzure DynamicDNS Like Service
https://github.com/SoftEtherVPN/SoftEth ... s-Testers)
And seems this method (4) looks like Method 2 - traffic redirection from hop-1 to hop-2

Post Reply