The http-proxy built in OpenVPN breaks through the firewall's blocking

OpenVPN is the first choice for VPN servers. There are two solutions for how openVPN breaks through the firewall blocking. One is to use the http-proxy that comes with openVPN, second, use HttpTunnel

1. the http-proxy provided by liopenvpn breaks through the firewall blocking
OpenVPN itself can use an http proxy. That is to say, the OpenVPN client does not directly connect to the OpenVPN server, but uses an http proxy for connection. This feature is the peripheral feature of OpenVPN, not its core, but it can solve many practical problems. It is equivalent to another tunnel outside the tunnel, however, the outside tunnel is not a real tunnel because it is not encapsulated, but only disguised as port information. However, it still uses the connect Method of the http proxy server. The specific process is:

1. CONNECT the OpenVPN client to the http Proxy Server (CONNECT method );

2. the http Proxy Server is connected to the OpenVPN server;

3. The http Proxy Server transfers data between the OpenVPN client and the OpenVPN server.

OpenVPN client --> http Proxy Server --> OpenVPN Server

The http Proxy Server and OpenVPN server can be installed on the same machine.
Configure the OpenVPN server (see the previous blog post for installation ):

Cat/etc/openvpn/server. conf

1. Port 9091
2. Proto tcp # Enable tcp
3. Dev tap
4. Ca. crt
5. Cert server. crt
6. Key server. key
7. Dh dh1024.pem
8. Server 10.9.0.0 255.255.255.0
9. # Ifconfig-pool-persist ipp.txt
10. Client-config-dir/etc/openvpn/ccd
11. Push "route 10.9.0.0 255.255.255.0"
12. Push "redirect-gateway def1 bypass-dhcp"
13. Push "dhcp-option DNS 8.8.8.8"
14. Keepalive 10 120
15. Comp-lzo
16. User nobody
17. Group nobody
18. Persist-key
19. Persist-tun
20. Status. log
21. Log openvpn. log
22. Verb 3

Configure the http Proxy Server. squid is used here (for the installation process, see the previous blog post)

Cat/etc/squid. conf

1. Http_port 8080 # enable ports that are generally not blocked
2. Access_log/var/log/squid/access. log squid
3. Auth_param basic program/usr/lib/squid/ncsa_auth/etc/squid/userpw # user name and password authentication
4. Acl password proxy_auth REQUIRED
5. Http_access allow password
6. Acl all src 0.0.0.0/0.0.0.0
7. Http_access allow all
8. Coredump_dir/var/spool/squid
9. Header_access Via deny all
10. Header_access X-Forwarded-For deny all

OpenVPN client Configuration:

1. Client
2. Dev tap0
3. Dev-node vpn # tap Nic name
4. Proto tcp
5. Remote 222.101.202.303 9091
6. Nobind
7. Persist-key
8. Persist-tun
9. Ca. crt
10. Cert client001.crt
11. Key client001.key
12. Ns-cert-type server
13. Comp-lzo
14. Verb 3
15. Http-proxy 222.101.202.303 8080 pw.txt fill pw.txt is the user name and password authentication file of squid, one line of user name, one line of password
16. Http-proxy-retry

Cat pw.txt
Test # squid authentication Username
Test123 # squid authentication Password

Now, use the openVPN client to connect to the openVPN server. If the following message is displayed, the connection to the openVPN server through http-proxy is successful.

Wed Dec 05 14:24:53 2012 Send to HTTP proxy: 'connect 203.169.243.4: 18181 HTTP/123'
Wed Dec 05 14:24:53 2012 Attempting Basic Proxy-Authorization
Wed Dec 05 14:24:55 2012 HTTP proxy returned: 'http/1.0 200 Connection established'

OpenVPN details: click here
OpenVPN: click here

Related reading:

OpenVPN client configuration tutorial in Ubuntu

Build OpenVPN in Ubuntu 10.04

Ubuntu 13.04 VPN (OpenVPN) configuration and connection cannot access the Intranet and Internet at the same time

How to build a secure remote network architecture using OpenVPN in Linux