How do I connect to a VPN going through a proxy server?

ugooh · 2017-07-29T05:08:31.000Z

I am using a proxy to connect to the internet when on company network. I want to be able to connect through the proxy and VPN to the internet. Is it possible to do this or is it an exercise in futility. Your assistance is urgently needed in this regard. Thanks

Regards,

Ugooh

alzhao · 2017-07-29T10:33:35.000Z

What is the proxy? http proxy or socks proxy?

For http proxy, you can try to put this in your ovpn file. I didn’t try though.

http-proxy y.y.y.y 8080 (replaced actual IP here) http-proxy-retry

ugooh · 2017-07-30T04:53:36.000Z

http proxy. Your guide will be much appreciated. Thanks

alzhao · 2017-07-30T19:14:23.000Z

pls try to add the following to your ovpn

http-proxy ip.address.ip.address port

http-proxy-retry

muhammad · 2017-11-24T11:15:36.000Z

hi,

have you managed to connect to a vpn using a http proxy?

i tried numerous attempt at adding this:

http-proxy (xxx.xxx.xxx.xxx port)

http-proxy-retry

in the ovpn file and still cant connect.

alzhao · 2017-11-24T13:35:54.000Z

I just tried and it works

I used my own vpn subscription and get a free http proxy from sshproxies.org.

I added the following to the ovpn I am using

http-proxy xxx.xxx.xxx 8080

http-proxy-retry

From the log it shows connecting to this proxy then, after connected, it connect to the vpn server.

I then check my router using netstat and it only build a connection to the http-proxy server. Checked IP address and it is my vpn server address.

So I assume this worked.

afaik4711 · 2018-05-28T14:04:17.156Z

Hey there,
i’m having the same issue. I’m behind a cooperate proxy on Port 3128 and can only communicate via TCP 80 / 443. Thats why my VPS has a OpenVPN Server on TCP 443. From my workstation the connection can be established and it works well. Now i want to put the GL.inet ar150 in the middle so i can open a wifi for my phone as well.
Sadly, the same ovpn file which works on my office pc does not work on the router.(yes, its either the router or my notebook connecting)
The logread | grep openvpn output is:

root@GL-AR150:~# logread | grep openvpn
Fri May 18 23:41:03 2018 daemon.notice openvpn[20139]: OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri May 18 23:41:03 2018 daemon.notice openvpn[20139]: library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Fri May 18 23:41:03 2018 daemon.warn openvpn[20143]: WARNING: Your certificate is not yet valid!
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Outgoing Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Incoming Control Channel Authentication: Using 256 bit message hash ‘SHA256’ for HMAC authentication
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: TCP/UDP: Preserving recently used remote address: [AF_INET]PROXY_IP
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Socket Buffers: R=[87380->87380] S=[16384->16384]
Fri May 18 23:41:03 2018 daemon.notice openvpn[20143]: Attempting to establish TCP connection with [AF_INET]PROXY_IP [nonblock]
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: TCP connection established with [AF_INET]PROXY_IP
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: Send to HTTP proxy: ‘CONNECT MYDOMAIN:443 HTTP/1.0’
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: Send to HTTP proxy: ‘Host: MYDOMAIN’
Fri May 18 23:41:04 2018 daemon.notice openvpn[20143]: HTTP proxy returned: ‘HTTP/1.0 200 Connection established’
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TCP_CLIENT link local: (not bound)
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TCP_CLIENT link remote: [AF_INET]PROXY_IP
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: TLS: Initial packet from [AF_INET]PROXY_IP, sid=aea40637 adc47a99
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY OK: depth=1, C=DE, ST=NRW, L=Stadt, O=Domain, OU=Administration, CN=Domain CA, name=Domain, emailAddress=admin@Domain
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY KU OK
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: Validating certificate extended key usage
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY EKU OK
Fri May 18 23:41:06 2018 daemon.notice openvpn[20143]: VERIFY OK: depth=0, C=DE, ST=NRW, L=Stadt, O=Domain, OU=Administration, CN=Domain, name=Domain, emailAddress=admin@Domain
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: TLS Error: TLS handshake failed
Fri May 18 23:43:04 2018 daemon.err openvpn[20143]: Fatal TLS error (check_tls_errors_co), restarting
Fri May 18 23:43:04 2018 daemon.notice openvpn[20143]: SIGUSR1[soft,tls-error] received, process restarting
Fri May 18 23:43:04 2018 daemon.notice openvpn[20143]: Restart pause, 5 second(s)

The router itself has no internet connection as I have no idea where to set the proxysettings. The OVPN file does have the
http-proxy 10.116.0.1 3128
http-proxy-retry
settings.
Any clue on how to approach?
Kind regards

alzhao · 2018-05-30T04:27:47.334Z

Why the openvpn config need http proxy? Can it work without that?

Adding a middle layer causes more problems.

afaik4711 · 2018-05-30T11:52:16.306Z

Sorry, I thought I made it clear. My constellation is like this:

PC ---- AR150 ------ Cooperate Proxy ------- Internet
If I don’t set a system proxy, i have no internet. I want to tunnel myself out with openVPN. this works on my maschine when i either enter a systemproxy or a proxy in the ovpn file.
But I don’t know how to a) enter a system proxy to the networkconfig of the AR150 or b) how to make the ovpn work with the proxy section active.
But with this error, i dont think my proxy config is missing something, since i can establish a connection half way. my guess is, the proxy entry in the ovpn config file is correct. That same file works when i use ist from my workstation.
Is iptables blocking anythingt?

Thanks a lot

[EDIT]
I’v tried to leave out the proxy and tested openvpn with tething, leaving out all proxy config. still no luck. it hangs on the same position as stated above.