Openvpn itself can use an HTTP proxy. That is to say, the openvpn client does not directly connect to the openvpn server, but uses an HTTP proxy for connection. This feature is the peripheral feature of openvpn, not its core, but it can solve many practical problems. It is equivalent to another tunnel outside the tunnel, however, the outside tunnel is not a real tunnel because it is not encapsulated, but only disguised as port information. However, it still uses the Connect Method of the HTTP proxy server. The specific process is:
1. Connect the openvpn client to the HTTP Proxy Server (connect method );
2. the HTTP Proxy Server is connected to the openvpn server;
3. The HTTP Proxy Server transfers data between the openvpn client and the openvpn server.
So why use an HTTP proxy to connect to the openvpn server? This is generally used to block the firewall. In addition, it is easy to find the HTTP Proxy server on the public network, and the HTTP Proxy supports the connect method. In this way, all the openvpn data is disguised as the proxy server port, and the firewall is successfully bypassed. This is feasible because http port 80 or HTTPS port 443 is not blocked.
The only side effect of using the HTTP Proxy Server is that the openvpn server will not get the real IP address of the openvpn client, and only the IP address of the HTTP Proxy Server is displayed, which is inconvenient for the management interface, it is not easy to set policies based on the user's IP.
The HTTP proxy method is simple, that is, add a line to the openvpn client configuration file:
HTTP-proxy xxx yyy zzz
You can.