Your location: Your IP: Your status:ProtectedUnprotected · To the tests »

OpenVPN over SSH (Stealth VPN)

Unpack the downloaded archive with OpenVPN configurations in /etc/openvpn/

First change into the /etc/openvpn/ directory:

cd /etc/openvpn/

and get the Perfect Privacy TCP configuration with the following line:

curl -JLO ""

Unpack the file with the following command:

sudo unzip -j

Modify the configuration

To create a configuration file for the SSH connection, copy any server configuration. In this manual we are using the file Basel.conf. We are using vim to edit the file, but any text editor like nano works as well.

sudo cp Basel.conf Basel-ssh.conf

sudo vim Basel-ssh.conf

Remove all lines starting with remote. You will then need to add the following two lines:

 remote localhost LOCAL_PORT
route SSH_SERVER_IP net_gateway

LOCAL_PORT can be any port that is not in use on your system. In this how-to we are using port 10000. To use SSH for tunneling, you will need to use the SSH IP of the VPN server. You can find the SSH IP addresses on the OpenVPN with Stealth SSH page. For Basel the SSH IP address is so we are using this for the configuration. Once you added these lines you can save the file and exit the editor.

Start the ssh connection

Get the SSH keys by downloading our known_hosts file:


Now you can start the ssh tunnel with the following command (don’t forget to replace USERNAME and PASSWORD):

ssh -N -p TUNNEL_PORT USERNAME@SERVER_IP -L LOCAL_PORT:PRIMARY_SERVER_IP:152 -oUserKnownHostsFile=perfect_privacy_known_hosts

For TUNNEL_PORT you can choose between the following ports: 22, 53, 443, 8085, 9009 and 36315. Generally, 443 (SSL) should work fine for all purposes but port 53 may help to get internet access from hotspots where you normally need to register on a public website first. USERNAME is your Perfect Privacy user name. You will be prompted for your Perfect Privacy password when issuing this command. Same as in the OpenVPN configuration file, you need to connect to the IP address of the VPN server. Again we are using LOCAL_PORT must be the same that you used in the OpenVPN configuration file, in our case this was 10000. Finally you will need to include the primary (first) IP of the VPN server and the OpenVPN TCP Port (either 152 or 1152, you can find these on the server page as well).

Start the OpenVPN connection

The configuration is finished. In a new terminal window you can now start the OpenVPN connection with the following line:

sudo openvpn --config /etc/openvpn/Basel-ssh.conf

You will need to enter your Perfect Privacy credentials. You can also store them in a text file as described in our OpenVPN manual. You can verify whether everything is working correctly by calling our Check-IP website with either of the following commands:


wget -q -O -

This website uses cookies to analyze the traffic and to control our advertising. By using this site, you agree to the use of cookies. More information can be found in our privacy policy.