Question

[OpenVPN] Can't connect with http-proxy

Hello guys, I’m having a trouble connecting openvpn through squid proxy server. I can connect easily without squid proxy server. But when I configure my Firefox to use my proxy server, theres no problems. Like I said, I only have problems when connecting openvpn through squid proxy server.

Error logs

Fri Feb 10 12:56:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Fri Feb 10 12:56:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 10 12:56:30 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Feb 10 12:56:30 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 Need hold release from management interface, waiting...
Fri Feb 10 12:56:30 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'state on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'log all on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold off'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold release'
Fri Feb 10 12:56:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:30 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 10 12:56:30 2017 Attempting to establish TCP connection with [AF_INET]x.x.x.x:3128 [nonblock]
Fri Feb 10 12:56:30 2017 MANAGEMENT: >STATE:1486702590,TCP_CONNECT,,,,,,
Fri Feb 10 12:56:31 2017 TCP connection established with [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'CONNECT x.x.x.x:1194 HTTP/1.0'
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'Host: x.x.x.x'
Fri Feb 10 12:56:32 2017 HTTP proxy returned: 'HTTP/1.1 403 Forbidden'
Fri Feb 10 12:56:32 2017 HTTP proxy returned bad status
Fri Feb 10 12:56:32 2017 SIGUSR1[soft,init_instance] received, process restarting
Fri Feb 10 12:56:32 2017 MANAGEMENT: >STATE:1486702592,RECONNECTING,init_instance,,,,,
Fri Feb 10 12:56:32 2017 Restart pause, 5 second(s)

Server.conf

port 1194
proto tcp-server
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
sndbuf 0
rcvbuf 0
explicit-exit-notify 0

client.ovpn

client
dev tun
proto tcp-client
remote x.x.x.x 1194
http-proxy x.x.x.x 3128
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
mssfix 1360
reneg-sec 0
<ca>
..
</ca>
<cert>
..
</cert>
<key>
..
</key>

Thanks.

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

You will want to add OpenVPN’s port 1194 to the list of allowed ports in Squid’s config. Add the following two lines below all the acl lines:

acl SSL_ports port 1194      # OpenVPN
acl Safe_ports port 1194      # OpenVPN

Routing OpenVPN through Squid, though, might cause a huge drop in performance. Is there any reason that you’re unable to connect to OpenVPN directly (by removing http-proxy x.x.x.x 3128)?