Related

Marketplace 1-Click Deploy: OpenVPN Access Server Marketplace
how to configure exim in centos 7 Cpanel/Whm ? Question Question
How can I use a droplet with a VPN router? Linksys3200ACM Question Question

Question

[OpenVPN] Can't connect with http-proxy

Posted February 10, 2017 96.5k views
CentOSVPNOpen Source

Hello guys,
I’m having a trouble connecting openvpn through squid proxy server.
I can connect easily without squid proxy server. But when I configure my Firefox to use my proxy server, theres no problems.
Like I said, I only have problems when connecting openvpn through squid proxy server.

Error logs

Fri Feb 10 12:56:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Fri Feb 10 12:56:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 10 12:56:30 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Feb 10 12:56:30 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 Need hold release from management interface, waiting...
Fri Feb 10 12:56:30 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'state on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'log all on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold off'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold release'
Fri Feb 10 12:56:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:30 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 10 12:56:30 2017 Attempting to establish TCP connection with [AF_INET]x.x.x.x:3128 [nonblock]
Fri Feb 10 12:56:30 2017 MANAGEMENT: >STATE:1486702590,TCP_CONNECT,,,,,,
Fri Feb 10 12:56:31 2017 TCP connection established with [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'CONNECT x.x.x.x:1194 HTTP/1.0'
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'Host: x.x.x.x'
Fri Feb 10 12:56:32 2017 HTTP proxy returned: 'HTTP/1.1 403 Forbidden'
Fri Feb 10 12:56:32 2017 HTTP proxy returned bad status
Fri Feb 10 12:56:32 2017 SIGUSR1[soft,init_instance] received, process restarting
Fri Feb 10 12:56:32 2017 MANAGEMENT: >STATE:1486702592,RECONNECTING,init_instance,,,,,
Fri Feb 10 12:56:32 2017 Restart pause, 5 second(s)

Server.conf

port 1194
proto tcp-server
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
sndbuf 0
rcvbuf 0
explicit-exit-notify 0

client.ovpn

client
dev tun
proto tcp-client
remote x.x.x.x 1194
http-proxy x.x.x.x 3128
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
mssfix 1360
reneg-sec 0
<ca>
..
</ca>
<cert>
..
</cert>
<key>
..
</key>

Thanks.

Add a comment
farshoffs
By:
farshoffs
Add a comment
1 comment
  • farshoffs February 10, 2017
    Reply Report

    By the way here is my squid.conf

    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow all

http_port x.x.x.x:3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .       0   20% 4320

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
kamaln7 February 5, 2018

You will want to add OpenVPN’s port 1194 to the list of allowed ports in Squid’s config. Add the following two lines below all the acl lines:

acl SSL_ports port 1194      # OpenVPN
acl Safe_ports port 1194      # OpenVPN

Routing OpenVPN through Squid, though, might cause a huge drop in performance. Is there any reason that you’re unable to connect to OpenVPN directly (by removing http-proxy x.x.x.x 3128)?

Reply Report
ouaissamohamed27 April 10, 2020
Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help