Using a proxy AFTER connection with OpenVPN-server is made

Post Reply
knutsel
OpenVpn Newbie
Posts: 5
Joined: Mon Jan 20, 2014 9:33 pm

Using a proxy AFTER connection with OpenVPN-server is made

Post by knutsel » Thu Mar 13, 2014 3:45 pm

Just to be clear, this is not about connecting to an OpenVPN-server through a proxy, but to be able to use a proxy after the connection is made.
Presumably i'm looking for similar functionality as intel2k is here, allthough pushing it from the server wouldn't be necessary. Having the app acknowledging the proxy-setting in it's ovpn-file would suffice.

The changelog of the OpenVPN Connect app for iOS 1.0.3. shows:
What's New in Version 1.0.3

...

* Added the capability for server to push proxy options, e.g.:

push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
push "dhcp-option PROXY_HTTPS 10.144.5.14 3128"
push "dhcp-option PROXY_BYPASS http://www.openvpn.net http://www.openvpn.org"
push "dhcp-option PROXY_AUTO_CONFIG_URL http://www.openvpn.net/proxy.pac"

Note that this is a separate and distinct feature from the one to connect through an HTTP proxy. This feature allows proxy options to be set for Safari (and possibly other apps as well) for the duration of the VPN session.

These options can be placed directly in the profile, i.e.

--> dhcp-option PROXY_HTTP 10.144.5.14 3128

or pushed by the server:

--> push "dhcp-option PROXY_HTTP 10.144.5.14 3128"
So it looks as if it's already implemented in the iOS app from version 1.0.3 onwards.

I tested "dhcp-option PROXY_HTTP" with the OpenVPN Connect Android app (current version, 1.1.13 build 53) on KitKat 4.4.2. by adding it in it's ovpn-file, but to no success. The app completely ignores that setting, while the OpenVPN connection itself works flawlessly.
The logfile mentions:
Error setting dhcp-option for proxy:
tun_builder_dhcp_option_error:
tun_builder_set_proxy_http
Did i probably overlook something, or is that functionality not (yet) implemented in the Android app?
I can imagine implementation with pushing from the serverside to be pretty complicated, but having the app at least recognizing a proxy-setting in its own configuration-file would help a lot.


Therefore the question whether this "dhcp-option PROXY_HTTP"-functionality will be implemented in the Android app as well?

knutsel
OpenVpn Newbie
Posts: 5
Joined: Mon Jan 20, 2014 9:33 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by knutsel » Thu Apr 03, 2014 10:33 am

After 3 weeks, i think it's allowed to give a gentle bump. :)


Will the "dhcp-option PROXY_HTTP"-functionality, that is available in the iOS app, be implemented in the Android app as well?

adeaustin
OpenVpn Newbie
Posts: 1
Joined: Mon Aug 03, 2015 3:30 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by adeaustin » Mon Aug 03, 2015 3:33 pm

Have come across the very same issue. Anyone know when this functionality will come to Android? Works fine on the iPad.

Is there any other alternative to having to manually configure a proxy that anyone knows of. Was thinking of setting up auto-discovery but the user would have to select that still I'd have thought.

Ade

pfluegkuffer
OpenVpn Newbie
Posts: 1
Joined: Thu Sep 17, 2015 7:39 am

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by pfluegkuffer » Thu Sep 17, 2015 7:43 am

Same Problem here. I need to configure the Proxy after the VPN Connection has been established.

Harm
OpenVpn Newbie
Posts: 1
Joined: Wed Nov 25, 2015 10:04 pm

Re: Using a proxy AFTER connection with OpenVPN-server is ma

Post by Harm » Wed Nov 25, 2015 10:06 pm

I found this topic while searching for a solution to the same problem.
I solved it differently, maybe it can be of any help:

I have a raspberry pi with openvpn server which has privoxy installed, see: http://readwrite.com/2014/04/10/raspber ... b-browsing

I wanted to have my phone connect by vpn, and then use privoxy to filter out all spam and ads. Unfortunately, the android client of openvpn doesn't offer the ability to specify a proxy address for traffic in the tunnel. This is why i wanted all web traffic coming from the VPN clients to be routed to privoxy. I found the following page:
http://blog.bodhizazen.net/linux/how-to ... ent-proxy/

And used that to complete my iptables settings in the raspberry pi vpn server with privoxy. See the following:

--IPTABLES-------
#local rules: send locally generated traffic to privoxy
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
sudo iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
sudo iptables -t nat -A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
sudo iptables -t nat -A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------

--OR UFW before.rules -------
#local rules: send locally generated traffic to privoxy
-A OUTPUT -p tcp --dport 80 -m owner --uid-owner root -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner privoxy -j REDIRECT --to-port 8118

#vpn rules: send traffic from vpn clients to privoxy
-A PREROUTING -s 10.8.0.0/24 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.42:8118 #change to privoxy address
-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADE
---------



Do not forget to add in sysctl
net.ipv4.ip_forward=1 (as described in the linked article)

Unsure whether it is needed to set in privoxy config:
accept-intercepted-requests 1


Hopefully this can be of any help to anyone searching for the same solution

bigbagboom
OpenVpn Newbie
Posts: 1
Joined: Wed Jul 18, 2018 4:27 am

Re: Using a proxy AFTER connection with OpenVPN-server is made

Post by bigbagboom » Wed Jul 18, 2018 4:31 am

I have the same question and it seems no one cares. ios app is better.

Post Reply