Question

[OpenVPN] Can't connect with http-proxy

Hello guys, I’m having a trouble connecting openvpn through squid proxy server. I can connect easily without squid proxy server. But when I configure my Firefox to use my proxy server, theres no problems. Like I said, I only have problems when connecting openvpn through squid proxy server.

Error logs

Fri Feb 10 12:56:30 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jan 31 2017
Fri Feb 10 12:56:30 2017 Windows version 6.2 (Windows 8 or greater) 64bit
Fri Feb 10 12:56:30 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Fri Feb 10 12:56:30 2017 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 Need hold release from management interface, waiting...
Fri Feb 10 12:56:30 2017 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25344
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'state on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'log all on'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold off'
Fri Feb 10 12:56:30 2017 MANAGEMENT: CMD 'hold release'
Fri Feb 10 12:56:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:30 2017 Socket Buffers: R=[65536->65536] S=[65536->65536]
Fri Feb 10 12:56:30 2017 Attempting to establish TCP connection with [AF_INET]x.x.x.x:3128 [nonblock]
Fri Feb 10 12:56:30 2017 MANAGEMENT: >STATE:1486702590,TCP_CONNECT,,,,,,
Fri Feb 10 12:56:31 2017 TCP connection established with [AF_INET]x.x.x.x:3128
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'CONNECT x.x.x.x:1194 HTTP/1.0'
Fri Feb 10 12:56:31 2017 Send to HTTP proxy: 'Host: x.x.x.x'
Fri Feb 10 12:56:32 2017 HTTP proxy returned: 'HTTP/1.1 403 Forbidden'
Fri Feb 10 12:56:32 2017 HTTP proxy returned bad status
Fri Feb 10 12:56:32 2017 SIGUSR1[soft,init_instance] received, process restarting
Fri Feb 10 12:56:32 2017 MANAGEMENT: >STATE:1486702592,RECONNECTING,init_instance,,,,,
Fri Feb 10 12:56:32 2017 Restart pause, 5 second(s)

Server.conf

port 1194
proto tcp-server
dev tun
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
reneg-sec 0
ca ca.crt
cert server.crt
key server.key  # This file should be kept secret
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
sndbuf 0
rcvbuf 0
explicit-exit-notify 0

client.ovpn

client
dev tun
proto tcp-client
remote x.x.x.x 1194
http-proxy x.x.x.x 3128
nobind
persist-key
persist-tun
remote-cert-tls server
cipher AES-256-CBC
comp-lzo
verb 3
tun-mtu 1500
mssfix 1360
reneg-sec 0
<ca>
..
</ca>
<cert>
..
</cert>
<key>
..
</key>

Thanks.

Subscribe
Share

By the way here is my squid.conf

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow all

http_port x.x.x.x:3128
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320



Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

You will want to add OpenVPN’s port 1194 to the list of allowed ports in Squid’s config. Add the following two lines below all the acl lines:

acl SSL_ports port 1194      # OpenVPN
acl Safe_ports port 1194      # OpenVPN

Routing OpenVPN through Squid, though, might cause a huge drop in performance. Is there any reason that you’re unable to connect to OpenVPN directly (by removing http-proxy x.x.x.x 3128)?