Using a proxy AFTER connection with OpenVPN-server is made

This forum is for general conversation and user-user networking.
Post Reply
knutsel
OpenVpn Newbie
Posts: 5
Joined: Mon Jan 20, 2014 9:33 pm

Using a proxy AFTER connection with OpenVPN-server is made

Post by knutsel » Thu Mar 13, 2014 3:45 pm

Just to be clear, this is not about connecting to an OpenVPN-server through a proxy, but to be able to use a proxy after the connection is made.
Presumably i'm looking for similar functionality as intel2k is here, allthough pushing it from the server wouldn't be necessary. Having the app acknowledging the proxy-setting in it's ovpn-file would suffice.

The changelog of the OpenVPN Connect app for iOS 1.0.3. shows:
What's New in Version 1.0.3

...

* Added the capability for server to push proxy options, e.g.:

push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
push "dhcp-option PROXY_HTTPS 10.144.5.14 3128"
push "dhcp-option PROXY_BYPASS http://www.openvpn.net http://www.openvpn.org"
push "dhcp-option PROXY_AUTO_CONFIG_URL http://www.openvpn.net/proxy.pac"

Note that this is a separate and distinct feature from the one to connect through an HTTP proxy. This feature allows proxy options to be set for Safari (and possibly other apps as well) for the duration of the VPN session.

These options can be placed directly in the profile, i.e.

--> dhcp-option PROXY_HTTP 10.144.5.14 3128

or pushed by the server:

--> push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
So it looks as if it's already implemented in the iOS app from version 1.0.3 onwards.

I tested "dhcp-option PROXY_HTTP" with the OpenVPN Connect Android app (current version, 1.1.13 build 53) on KitKat 4.4.2. by adding it in it's ovpn-file, but to no success. The app completely ignores that setting, while the OpenVPN connection itself works flawlessly.
The logfile mentions:
Error setting dhcp-option for proxy:
tun_builder_dhcp_option_error:
tun_builder_set_proxy_http
Did i probably overlook something, or is that functionality not (yet) implemented in the Android app?
I can imagine implementation with pushing from the serverside to be pretty complicated, but having the app at least recognizing a proxy-setting in its own configuration-file would help a lot.


Therefore the question whether this "dhcp-option PROXY_HTTP"-functionality will be implemented in the Android app as well?

knutsel
OpenVpn Newbie
Posts: 5
Joined: Mon Jan 20, 2014 9:33 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by knutsel » Thu Apr 03, 2014 10:33 am

After 3 weeks, i think it's allowed to give a gentle bump. :)


Will the "dhcp-option PROXY_HTTP"-functionality, that is available in the iOS app, be implemented in the Android app as well?

adeaustin
OpenVpn Newbie
Posts: 1
Joined: Mon Aug 03, 2015 3:30 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by adeaustin » Mon Aug 03, 2015 3:33 pm

Have come across the very same issue. Anyone know when this functionality will come to Android? Works fine on the iPad.

Is there any other alternative to having to manually configure a proxy that anyone knows of. Was thinking of setting up auto-discovery but the user would have to select that still I'd have thought.

Ade

pfluegkuffer
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 17, 2015 7:39 am

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by pfluegkuffer » Thu Sep 17, 2015 7:43 am

Same Problem here. I need to configure the Proxy after the VPN Connection has been established.

Harm
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 25, 2015 10:04 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by Harm » Wed Nov 25, 2015 10:06 pm

I found this topic while searching for a solution to the same problem.
I solved it differently, maybe it can be of any help:

I have a raspberry pi with openvpn server which has privoxy installed, see: http://readwrite.com/2014/04/10/raspber ... b-browsing

I wanted to have my phone connect by vpn, and then use privoxy to filter out all spam and ads. Unfortunately, the android client of openvpn doesn't offer the ability to specify a proxy address for traffic in the tunnel. This is why i wanted all web traffic coming from the VPN clients to be routed to privoxy. I found the following page:
http://blog.bodhizazen.net/linux/how-to ... ent-proxy/

And used that to complete my iptables settings in the raspberry pi vpn server with privoxy. See the following:

--IPTABLES-------
#local rules: send locally generated traffic to privoxy
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
sudo iptables -t nat -A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------

--OR UFW before.rules -------
#local rules: send locally generated traffic to privoxy
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
-A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------



Do not forget to add in sysctl
net.ipv4.ip_forward=1 (as described in the linked article)

Unsure whether it is needed to set in privoxy config:
accept-intercepted-requests 1


Hopefully this can be of any help to anyone searching for the same solution

bigbagboom
OpenVpn Newbie
Posts: 1
Joined: Wed Jul 18, 2018 4:27 am

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by bigbagboom » Wed Jul 18, 2018 4:31 am

I have the same question and it seems no one cares. ios app is better.

rohitpateldgm
OpenVpn Newbie
Posts: 2
Joined: Wed Jan 29, 2020 12:49 pm

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by rohitpateldgm » Wed Jan 29, 2020 12:54 pm

any one can help me with same problem. I want to connect proxy behind the VPN. I am ready to pay fees. Please let me know if anyone can help me.
Last edited by Pippin on Sat Feb 01, 2020 7:59 pm, edited 2 times in total.
Reason: Removed email

Nemesis
OpenVpn Newbie
Posts: 9
Joined: Sun Apr 08, 2018 7:30 pm

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by Nemesis » Mon Feb 03, 2020 12:33 pm

I do also have the same issue, I want to connect to my home routers openvpn server (which is easy), but then I want to send all data via a proxy on a local IP ..
This is how I have now:
Android --> vpnserver --> local network access +internet
But I want:
Android --> vpnserver --> local access network --> proxy on 192.168.0.11 --> internet..

cark
OpenVpn Newbie
Posts: 2
Joined: Sun Aug 16, 2020 12:26 am

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by cark » Sun Aug 16, 2020 2:23 am

I know it's years after this post was made, but I found a solution that worked for me. You just configure a proxy on your phones APN, pretty much the same way you do on Windows.

Here's a little tutorial I made for it.
https://youtu.be/i7Q24BKJovo

pve
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 12, 2020 1:41 pm

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by pve » Sat Sep 12, 2020 2:14 pm

It's really long term thread :). Setting proxy on APN or on wifi configuration works and doesn't. When the connection to WIFI (mobile data) and the VPN server is established first time, the proxy connection doesn't work. Android is probably too "smart" and NetworkStacl process (uid 1073 on LineageOS 17.1) tries to connect to the proxy directly. It fails, of course, because of the proxy is behind the tunnel. I've to restart OpenVPN and after restart the proxy connection works for some time, maybe until OpenVPN re-keying event happen. Then I've to restart OpenVPN (on Android) again.

I've both - proxy setting on Wifi and in dhcp push option on the server. Strange.

I've AFWall+ installed too. NetworkStack has enabled VPN connection but when the proxy stops working, I can see packets blocked by AFWall+. It means Android tries to send the packets directly via the WIFI (mobile) network interface instead of the tunnel. I have to restart OpenVPN again to continue browsing.

pve
OpenVpn Newbie
Posts: 2
Joined: Sat Sep 12, 2020 1:41 pm

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by pve » Wed Sep 23, 2020 9:19 am

Solved for me.
From root shell or ADB shell run

Code: Select all

settings put global http_proxy proxyip:proxyport
for example

Code: Select all

settings put global http_proxy 192.168.99.100:8118
It works few days without any issue.

Post Reply