The http-proxy built in OpenVPN breaks through the firewall's blocking

Source: Internet
Author: User

OpenVPN is the first choice for VPN servers. There are two solutions for how openVPN breaks through the firewall blocking. One is to use the http-proxy that comes with openVPN, second, use HttpTunnel

1. the http-proxy provided by liopenvpn breaks through the firewall blocking
OpenVPN itself can use an http proxy. That is to say, the OpenVPN client does not directly connect to the OpenVPN server, but uses an http proxy for connection. This feature is the peripheral feature of OpenVPN, not its core, but it can solve many practical problems. It is equivalent to another tunnel outside the tunnel, however, the outside tunnel is not a real tunnel because it is not encapsulated, but only disguised as port information. However, it still uses the connect Method of the http proxy server. The specific process is:

1. CONNECT the OpenVPN client to the http Proxy Server (CONNECT method );

2. the http Proxy Server is connected to the OpenVPN server;

3. The http Proxy Server transfers data between the OpenVPN client and the OpenVPN server.

OpenVPN client --> http Proxy Server --> OpenVPN Server

The http Proxy Server and OpenVPN server can be installed on the same machine.
Configure the OpenVPN server (see the previous blog post for installation ):

Cat/etc/openvpn/server. conf

  1. Port 9091
  2. Proto tcp # Enable tcp
  3. Dev tap
  4. Ca. crt
  5. Cert server. crt
  6. Key server. key
  7. Dh dh1024.pem
  8. Server 10.9.0.0 255.255.255.0
  9. # Ifconfig-pool-persist ipp.txt
  10. Client-config-dir/etc/openvpn/ccd
  11. Push "route 10.9.0.0 255.255.255.0"
  12. Push "redirect-gateway def1 bypass-dhcp"
  13. Push "dhcp-option DNS 8.8.8.8"
  14. Keepalive 10 120
  15. Comp-lzo
  16. User nobody
  17. Group nobody
  18. Persist-key
  19. Persist-tun
  20. Status. log
  21. Log openvpn. log
  22. Verb 3

Configure the http Proxy Server. squid is used here (for the installation process, see the previous blog post)

Cat/etc/squid. conf

  1. Http_port 8080 # enable ports that are generally not blocked
  2. Access_log/var/log/squid/access. log squid
  3. Auth_param basic program/usr/lib/squid/ncsa_auth/etc/squid/userpw # user name and password authentication
  4. Acl password proxy_auth REQUIRED
  5. Http_access allow password
  6. Acl all src 0.0.0.0/0.0.0.0
  7. Http_access allow all
  8. Coredump_dir/var/spool/squid
  9. Header_access Via deny all
  10. Header_access X-Forwarded-For deny all

OpenVPN client Configuration:

  1. Client
  2. Dev tap0
  3. Dev-node vpn # tap Nic name
  4. Proto tcp
  5. Remote 222.101.202.303 9091
  6. Nobind
  7. Persist-key
  8. Persist-tun
  9. Ca. crt
  10. Cert client001.crt
  11. Key client001.key
  12. Ns-cert-type server
  13. Comp-lzo
  14. Verb 3
  15. Http-proxy 222.101.202.303 8080 pw.txt fill pw.txt is the user name and password authentication file of squid, one line of user name, one line of password
  16. Http-proxy-retry

Cat pw.txt
Test # squid authentication Username
Test123 # squid authentication Password

Now, use the openVPN client to connect to the openVPN server. If the following message is displayed, the connection to the openVPN server through http-proxy is successful.

Wed Dec 05 14:24:53 2012 Send to HTTP proxy: 'connect 203.169.243.4: 18181 HTTP/123'
Wed Dec 05 14:24:53 2012 Attempting Basic Proxy-Authorization
Wed Dec 05 14:24:55 2012 HTTP proxy returned: 'http/1.0 200 Connection established'

OpenVPN details: click here
OpenVPN: click here

Related reading:

OpenVPN client configuration tutorial in Ubuntu

Build OpenVPN in Ubuntu 10.04

Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot access the Intranet and Internet at the same time

How to build a secure remote network architecture using OpenVPN in Linux

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.