farshoffs
By:
farshoffs

[OpenVPN] Can't connect with http-proxy

February 10, 2017 1.5k views
Open Source VPN CentOS

Hello guys,
I'm having a trouble connecting openvpn through squid proxy server.
I can connect easily without squid proxy server. But when I configure my Firefox to use my proxy server, theres no problems.
Like I said, I only have problems when connecting openvpn through squid proxy server.

Error logs

Fri Feb 10 12:56:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Fri Feb 10 12:56:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 10 12:56:30 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Feb 10 12:56:30 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 Need hold release from management interface, waiting...
Fri Feb 10 12:56:30 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'state on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'log all on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold off'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold release'
Fri Feb 10 12:56:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:30 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 10 12:56:30 2017 Attempting to establish TCP connection with [AF_INET]x.x.x.x:3128 [nonblock]
Fri Feb 10 12:56:30 2017 MANAGEMENT: >STATE:1486702590,TCP_CONNECT,,,,,,
Fri Feb 10 12:56:31 2017 TCP connection established with [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'CONNECT x.x.x.x:1194 HTTP/1.0'
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'Host: x.x.x.x'
Fri Feb 10 12:56:32 2017 HTTP proxy returned: 'HTTP/1.1 403 Forbidden'
Fri Feb 10 12:56:32 2017 HTTP proxy returned bad status
Fri Feb 10 12:56:32 2017 SIGUSR1[soft,init_instance] received, process restarting
Fri Feb 10 12:56:32 2017 MANAGEMENT: >STATE:1486702592,RECONNECTING,init_instance,,,,,
Fri Feb 10 12:56:32 2017 Restart pause, 5 second(s)

Server.conf

port 1194
proto tcp-server
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
sndbuf 0
rcvbuf 0
explicit-exit-notify 0

client.ovpn

client
dev tun
proto tcp-client
remote x.x.x.x 1194
http-proxy x.x.x.x 3128
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
mssfix 1360
reneg-sec 0
<ca>
..
</ca>
<cert>
..
</cert>
<key>
..
</key>

Thanks.

1 comment
  • By the way here is my squid.conf

    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    acl localnet src fc00::/7       # RFC 4193 local private network range
    acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    acl SSL_ports port 443
    acl Safe_ports port 80      # http
    acl Safe_ports port 21      # ftp
    acl Safe_ports port 443     # https
    acl Safe_ports port 70      # gopher
    acl Safe_ports port 210     # wais
    acl Safe_ports port 1025-65535  # unregistered ports
    acl Safe_ports port 280     # http-mgmt
    acl Safe_ports port 488     # gss-http
    acl Safe_ports port 591     # filemaker
    acl Safe_ports port 777     # multiling http
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access allow all
    
    http_port x.x.x.x:3128
    cache_dir ufs /var/spool/squid 100 16 256
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp:       1440    20% 10080
    refresh_pattern ^gopher:    1440    0%  1440
    refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
    refresh_pattern .       0   20% 4320
    
    
    
Be the first one to answer this question.