I am using a proxy to connect to the internet when on company network. I want to be able to connect through the proxy and VPN to the internet. Is it possible to do this or is it an exercise in futility. Your assistance is urgently needed in this regard. Thanks
Hey there,
i’m having the same issue. I’m behind a cooperate proxy on Port 3128 and can only communicate via TCP 80 / 443. Thats why my VPS has a OpenVPN Server on TCP 443. From my workstation the connection can be established and it works well. Now i want to put the GL.inet ar150 in the middle so i can open a wifi for my phone as well.
Sadly, the same ovpn file which works on my office pc does not work on the router.(yes, its either the router or my notebook connecting)
The logread | grep openvpn output is:
root@GL-AR150:~# logread | grep openvpn
Fri May 18 23:41:03 2018 daemon.notice openvpn[20139]: OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri May 18 23:41:03 2018 daemon.notice openvpn[20139]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Fri May 18 23:41:03 2018 daemon.warn openvpn[20143]: WARNING: Your certificate is not yet valid!
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: TCP/UDP: Preserving recently used remote address: [AF_INET]PROXY_IP
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Attempting to establish TCP connection with [AF_INET]PROXY_IP [nonblock]
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: TCP connection established with [AF_INET]PROXY_IP
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: Send to HTTP proxy: ‘CONNECT MYDOMAIN:443 HTTP/1.0’
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: Send to HTTP proxy: ‘Host: MYDOMAIN’
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: HTTP proxy returned: ‘HTTP/1.0 200 Connection established’
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TCP_CLIENT link local: (not bound)
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TCP_CLIENT link remote: [AF_INET]PROXY_IP
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TLS: Initial packet from [AF_INET]PROXY_IP, sid=aea40637 adc47a99
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY OK: depth=1, C=DE, ST=NRW, L=Stadt, O=Domain, OU=Administration, CN=Domain CA, name=Domain, emailAddress=admin@Domain
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY KU OK
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: Validating certificate extended key usage
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY EKU OK
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY OK: depth=0, C=DE, ST=NRW, L=Stadt, O=Domain, OU=Administration, CN=Domain, name=Domain, emailAddress=admin@Domain
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: TLS Error: TLS handshake failed
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: Fatal TLS error (check_tls_errors_co), restarting
Fri May 18 23:43:04 2018 daemon.notice openvpn[20143]: SIGUSR1[soft,tls-error] received, process restarting
Fri May 18 23:43:04 2018 daemon.notice openvpn[20143]: Restart pause, 5 second(s)
The router itself has no internet connection as I have no idea where to set the proxysettings. The OVPN file does have the
http-proxy 10.116.0.1 3128
http-proxy-retry
settings.
Any clue on how to approach?
Kind regards
Sorry, I thought I made it clear. My constellation is like this:
PC ---- AR150 ------ Cooperate Proxy ------- Internet
If I don’t set a system proxy, i have no internet. I want to tunnel myself out with openVPN. this works on my maschine when i either enter a systemproxy or a proxy in the ovpn file.
But I don’t know how to a) enter a system proxy to the networkconfig of the AR150 or b) how to make the ovpn work with the proxy section active.
But with this error, i dont think my proxy config is missing something, since i can establish a connection half way. my guess is, the proxy entry in the ovpn config file is correct. That same file works when i use ist from my workstation.
Is iptables blocking anythingt?
Thanks a lot
[EDIT]
I’v tried to leave out the proxy and tested openvpn with tething, leaving out all proxy config. still no luck. it hangs on the same position as stated above.