Page 1 of 1

Using a proxy AFTER connection with OpenVPN-server is made

Posted: Thu Mar 13, 2014 3:45 pm
by knutsel
Just to be clear, this is not about connecting to an OpenVPN-server through a proxy, but to be able to use a proxy after the connection is made.
Presumably i'm looking for similar functionality as intel2k is here, allthough pushing it from the server wouldn't be necessary. Having the app acknowledging the proxy-setting in it's ovpn-file would suffice.

The changelog of the OpenVPN Connect app for iOS 1.0.3. shows:
What's New in Version 1.0.3

...

* Added the capability for server to push proxy options, e.g.:

push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
push "dhcp-option PROXY_HTTPS 10.144.5.14 3128"
push "dhcp-option PROXY_BYPASS http://www.openvpn.net http://www.openvpn.org"
push "dhcp-option PROXY_AUTO_CONFIG_URL http://www.openvpn.net/proxy.pac"

Note that this is a separate and distinct feature from the one to connect through an HTTP proxy. This feature allows proxy options to be set for Safari (and possibly other apps as well) for the duration of the VPN session.

These options can be placed directly in the profile, i.e.

--> dhcp-option PROXY_HTTP 10.144.5.14 3128

or pushed by the server:

--> push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
So it looks as if it's already implemented in the iOS app from version 1.0.3 onwards.

I tested "dhcp-option PROXY_HTTP" with the OpenVPN Connect Android app (current version, 1.1.13 build 53) on KitKat 4.4.2. by adding it in it's ovpn-file, but to no success. The app completely ignores that setting, while the OpenVPN connection itself works flawlessly.
The logfile mentions:
Error setting dhcp-option for proxy:
tun_builder_dhcp_option_error:
tun_builder_set_proxy_http
Did i probably overlook something, or is that functionality not (yet) implemented in the Android app?
I can imagine implementation with pushing from the serverside to be pretty complicated, but having the app at least recognizing a proxy-setting in its own configuration-file would help a lot.


Therefore the question whether this "dhcp-option PROXY_HTTP"-functionality will be implemented in the Android app as well?

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Posted: Thu Apr 03, 2014 10:33 am
by knutsel
After 3 weeks, i think it's allowed to give a gentle bump. :)


Will the "dhcp-option PROXY_HTTP"-functionality, that is available in the iOS app, be implemented in the Android app as well?

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Posted: Mon Aug 03, 2015 3:33 pm
by adeaustin
Have come across the very same issue. Anyone know when this functionality will come to Android? Works fine on the iPad.

Is there any other alternative to having to manually configure a proxy that anyone knows of. Was thinking of setting up auto-discovery but the user would have to select that still I'd have thought.

Ade

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Posted: Thu Sep 17, 2015 7:43 am
by pfluegkuffer
Same Problem here. I need to configure the Proxy after the VPN Connection has been established.

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Posted: Wed Nov 25, 2015 10:06 pm
by Harm
I found this topic while searching for a solution to the same problem.
I solved it differently, maybe it can be of any help:

I have a raspberry pi with openvpn server which has privoxy installed, see: http://readwrite.com/2014/04/10/raspber ... b-browsing

I wanted to have my phone connect by vpn, and then use privoxy to filter out all spam and ads. Unfortunately, the android client of openvpn doesn't offer the ability to specify a proxy address for traffic in the tunnel. This is why i wanted all web traffic coming from the VPN clients to be routed to privoxy. I found the following page:
http://blog.bodhizazen.net/linux/how-to ... ent-proxy/

And used that to complete my iptables settings in the raspberry pi vpn server with privoxy. See the following:

--IPTABLES-------
#local rules: send locally generated traffic to privoxy
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
sudo iptables -t nat -A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------

--OR UFW before.rules -------
#local rules: send locally generated traffic to privoxy
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
-A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------



Do not forget to add in sysctl
net.ipv4.ip_forward=1 (as described in the linked article)

Unsure whether it is needed to set in privoxy config:
accept-intercepted-requests 1


Hopefully this can be of any help to anyone searching for the same solution

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Wed Jul 18, 2018 4:31 am
by bigbagboom
I have the same question and it seems no one cares. ios app is better.

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Wed Jan 29, 2020 12:54 pm
by rohitpateldgm
any one can help me with same problem. I want to connect proxy behind the VPN. I am ready to pay fees. Please let me know if anyone can help me.

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Mon Feb 03, 2020 12:33 pm
by Nemesis
I do also have the same issue, I want to connect to my home routers openvpn server (which is easy), but then I want to send all data via a proxy on a local IP ..
This is how I have now:
Android --> vpnserver --> local network access +internet
But I want:
Android --> vpnserver --> local access network --> proxy on 192.168.0.11 --> internet..

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Sun Aug 16, 2020 2:23 am
by cark
I know it's years after this post was made, but I found a solution that worked for me. You just configure a proxy on your phones APN, pretty much the same way you do on Windows.

Here's a little tutorial I made for it.
https://youtu.be/i7Q24BKJovo

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Sat Sep 12, 2020 2:14 pm
by pve
It's really long term thread :). Setting proxy on APN or on wifi configuration works and doesn't. When the connection to WIFI (mobile data) and the VPN server is established first time, the proxy connection doesn't work. Android is probably too "smart" and NetworkStacl process (uid 1073 on LineageOS 17.1) tries to connect to the proxy directly. It fails, of course, because of the proxy is behind the tunnel. I've to restart OpenVPN and after restart the proxy connection works for some time, maybe until OpenVPN re-keying event happen. Then I've to restart OpenVPN (on Android) again.

I've both - proxy setting on Wifi and in dhcp push option on the server. Strange.

I've AFWall+ installed too. NetworkStack has enabled VPN connection but when the proxy stops working, I can see packets blocked by AFWall+. It means Android tries to send the packets directly via the WIFI (mobile) network interface instead of the tunnel. I have to restart OpenVPN again to continue browsing.

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Wed Sep 23, 2020 9:19 am
by pve
Solved for me.
From root shell or ADB shell run

Code: Select all

settings put global http_proxy proxyip:proxyport
for example

Code: Select all

settings put global http_proxy 192.168.99.100:8118
It works few days without any issue.

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Thu Sep 24, 2020 3:08 pm
by cydia
pve wrote:
Wed Sep 23, 2020 9:19 am
Solved for me.
From root shell or ADB shell run

Code: Select all

settings put global http_proxy proxyip:proxyport
for example

Code: Select all

settings put global http_proxy 192.168.99.100:8118
It works few days without any issue.
When I execute it on the sh command line, I get an error:

Code: Select all

 -sh: settings: not found

Re: Using a proxy AFTER connection with OpenVPN-server is made

Posted: Sun Oct 04, 2020 9:15 pm
by pve
I've Lineage OS 17.1 (Android 10) on Oneplus 7t Pro (hotdog). I've no idea how to do it on older/different Android version; maybe there is some equivalent command.

I checked what settings command actually is:

Code: Select all

#!/system/bin/sh
cmd settings "$@"
Let's try to run:

Code: Select all

cmd settings put global http_proxy proxyip:proxyport
and/or check this post: https://stackoverflow.com/questions/216 ... gs-missing