Share

Question

Hello guys,
I’m having a trouble connecting openvpn through squid proxy server.
I can connect easily without squid proxy server. But when I configure my Firefox to use my proxy server, theres no problems.
Like I said, I only have problems when connecting openvpn through squid proxy server.

Error logs

Fri Feb 10 12:56:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Fri Feb 10 12:56:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 10 12:56:30 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Feb 10 12:56:30 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 Need hold release from management interface, waiting...
Fri Feb 10 12:56:30 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'state on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'log all on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold off'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold release'
Fri Feb 10 12:56:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:30 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 10 12:56:30 2017 Attempting to establish TCP connection with [AF_INET]x.x.x.x:3128 [nonblock]
Fri Feb 10 12:56:30 2017 MANAGEMENT: >STATE:1486702590,TCP_CONNECT,,,,,,
Fri Feb 10 12:56:31 2017 TCP connection established with [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'CONNECT x.x.x.x:1194 HTTP/1.0'
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'Host: x.x.x.x'
Fri Feb 10 12:56:32 2017 HTTP proxy returned: 'HTTP/1.1 403 Forbidden'
Fri Feb 10 12:56:32 2017 HTTP proxy returned bad status
Fri Feb 10 12:56:32 2017 SIGUSR1[soft,init_instance] received, process restarting
Fri Feb 10 12:56:32 2017 MANAGEMENT: >STATE:1486702592,RECONNECTING,init_instance,,,,,
Fri Feb 10 12:56:32 2017 Restart pause, 5 second(s)

Server.conf

port 1194
proto tcp-server
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
sndbuf 0
rcvbuf 0
explicit-exit-notify 0

client.ovpn

client
dev tun
proto tcp-client
remote x.x.x.x 1194
http-proxy x.x.x.x 3128
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
mssfix 1360
reneg-sec 0
<ca>
..
</ca>
<cert>
..
</cert>
<key>
..
</key>

Thanks.

Answer 1

kamaln7 MOD February 5, 2018

You will want to add OpenVPN’s port 1194 to the list of allowed ports in Squid’s config. Add the following two lines below all the acl lines:

acl SSL_ports port 1194      # OpenVPN
acl Safe_ports port 1194      # OpenVPN

Routing OpenVPN through Squid, though, might cause a huge drop in performance. Is there any reason that you’re unable to connect to OpenVPN directly (by removing http-proxy x.x.x.x 3128)?

Report

[OpenVPN] Can't connect with http-proxy

Leave a Comment

Share

Share your Question

[OpenVPN] Can't connect with http-proxy

Leave a Comment

Related

question

Reverse DNS is not a valid Hostname

question

Set up public name servers with multiple ip's

question

Long time waiting support answer, no response - is normal at DigitalOcean?

question

Is 5$ is fixed?

Almost there!