OpenVPN is the first choice for VPN servers. There are two solutions for how openVPN breaks through the firewall blocking. One is to use the http-proxy that comes with openVPN, second, use HttpTunnel
1. the http-proxy provided by liopenvpn breaks through the firewall blocking
OpenVPN itself can use an http proxy. That is to say, the OpenVPN client does not directly connect to the OpenVPN server, but uses an http proxy for connection. This feature is the peripheral feature of OpenVPN, not its core, but it can solve many practical problems. It is equivalent to another tunnel outside the tunnel, however, the outside tunnel is not a real tunnel because it is not encapsulated, but only disguised as port information. However, it still uses the connect Method of the http proxy server. The specific process is:
1. CONNECT the OpenVPN client to the http Proxy Server (CONNECT method );
2. the http Proxy Server is connected to the OpenVPN server;
3. The http Proxy Server transfers data between the OpenVPN client and the OpenVPN server.
OpenVPN client --> http Proxy Server --> OpenVPN Server
The http Proxy Server and OpenVPN server can be installed on the same machine.
Configure the OpenVPN server (see the previous blog post for installation ):
Cat/etc/openvpn/server. conf
- Port 9091
- Proto tcp # Enable tcp
- Dev tap
- Ca. crt
- Cert server. crt
- Key server. key
- Dh dh1024.pem
- Server 10.9.0.0 255.255.255.0
- # Ifconfig-pool-persist ipp.txt
- Client-config-dir/etc/openvpn/ccd
- Push "route 10.9.0.0 255.255.255.0"
- Push "redirect-gateway def1 bypass-dhcp"
- Push "dhcp-option DNS 8.8.8.8"
- Keepalive 10 120
- Comp-lzo
- User nobody
- Group nobody
- Persist-key
- Persist-tun
- Status. log
- Log openvpn. log
- Verb 3
Configure the http Proxy Server. squid is used here (for the installation process, see the previous blog post)
Cat/etc/squid. conf
- Http_port 8080 # enable ports that are generally not blocked
- Access_log/var/log/squid/access. log squid
- Auth_param basic program/usr/lib/squid/ncsa_auth/etc/squid/userpw # user name and password authentication
- Acl password proxy_auth REQUIRED
- Http_access allow password
- Acl all src 0.0.0.0/0.0.0.0
- Http_access allow all
- Coredump_dir/var/spool/squid
- Header_access Via deny all
- Header_access X-Forwarded-For deny all
OpenVPN client Configuration:
- Client
- Dev tap0
- Dev-node vpn # tap Nic name
- Proto tcp
- Remote 222.101.202.303 9091
- Nobind
- Persist-key
- Persist-tun
- Ca. crt
- Cert client001.crt
- Key client001.key
- Ns-cert-type server
- Comp-lzo
- Verb 3
- Http-proxy 222.101.202.303 8080 pw.txt fill pw.txt is the user name and password authentication file of squid, one line of user name, one line of password
- Http-proxy-retry
Cat pw.txt
Test # squid authentication Username
Test123 # squid authentication Password
Now, use the openVPN client to connect to the openVPN server. If the following message is displayed, the connection to the openVPN server through http-proxy is successful.
Wed Dec 05 14:24:53 2012 Send to HTTP proxy: 'connect 203.169.243.4: 18181 HTTP/123'
Wed Dec 05 14:24:53 2012 Attempting Basic Proxy-Authorization
Wed Dec 05 14:24:55 2012 HTTP proxy returned: 'http/1.0 200 Connection established'
OpenVPN details: click here
OpenVPN: click here
Related reading:
OpenVPN client configuration tutorial in Ubuntu
Build OpenVPN in Ubuntu 10.04
Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot access the Intranet and Internet at the same time
How to build a secure remote network architecture using OpenVPN in Linux