Debian VPS <->Iphone client - HTTP proxy VPN traffic problem

[willy87]

Hi guys!!
I have server1.conf and server2.conf that are running correctly also tre traffic is routed corretly;
Server2 is linked with client2 (just same configuration of client 1 but under http proxy).
I follow this instruction:

Configure OpenVPN on server side by adding port 443 and proto tcp-server to the configuration file.
Configure OpenVPN on the client side by adding port 443, proto tcp-client and http-proxy 172.27.X.X 8080 to the configuration file.

But I cannot surf: it is connected on VPN correctly but no surfing.. no traffic after connection estabilish..

Should I set a particular rule to iptable?
Like:
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X?
(172.27.X.X proxy http server)
It could work?

Can the VPS server has both rules?
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)" and "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps) ???

Any suggestions?

Thanks guys for helping me

[willy87]

Sorry guys, I would like to edit my previous post but I cannot.. maybe so late.. and in the sametime i would like to respect forum rule so i updload my data for help us each other

SERVER2

Code: Select all

port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

CLIENT2

Code: Select all

client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0

LOG

Code: Select all

2016-04-27 22:30:53 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-04-27 22:30:53 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [mute-replay-warnings]
12 [verb] [3]
13 [set] [CLIENT_CERT] [0]

2016-04-27 22:30:53 LZO-ASYM init swap=0 asym=0
2016-04-27 22:30:53 EVENT: RESOLVE
2016-04-27 22:30:53 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-04-27 22:30:53 EVENT: WAIT_PROXY
2016-04-27 22:30:53 SetTunnelSocket returned 1
2016-04-27 22:30:53 EVENT: WAIT
2016-04-27 22:30:53 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227

2016-04-27 22:30:57 FROM PROXY: HTTP/1.1 200 Connection established

2016-04-27 22:30:57 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-04-27 22:30:58 EVENT: CONNECTING
2016-04-27 22:30:58 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-04-27 22:30:58 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2016-04-27 22:31:12 VERIFY OK: depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

2016-04-27 22:31:12 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2016-04-27 22:31:21 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-04-27 22:31:21 Session is ACTIVE
2016-04-27 22:31:21 EVENT: GET_CONFIG
2016-04-27 22:31:21 Sending PUSH_REQUEST to server...
2016-04-27 22:31:22 Sending PUSH_REQUEST to server...
2016-04-27 22:31:23 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.8.0.6] [10.8.0.5]

2016-04-27 22:31:23 LZO-ASYM init swap=0 asym=0
2016-04-27 22:31:23 EVENT: ASSIGN_IP
2016-04-27 22:31:23 Connected via tun
2016-04-27 22:31:23 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.8.0.6/
2016-04-27 22:31:23 SetStatus Connected
2016-04-27 22:31:39 TUN reset routes
2016-04-27 22:31:39 EVENT: DISCONNECTED
2016-04-27 22:31:39 Raw stats on disconnect:
BYTES_IN : 6041
BYTES_OUT : 5902
PACKETS_IN : 29
PACKETS_OUT : 78
TUN_BYTES_IN : 1248
TUN_PACKETS_IN : 19
2016-04-27 22:31:39 Performance stats on disconnect:
CPU usage (microseconds): 357870
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 33372
Tunnel bytes per CPU second: 3487
2016-04-27 22:31:39 ----- OpenVPN Stop -----

My IP Table:

Code: Select all

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Obvously in the proxy win pc i have a script that starts every 15 minutes (15 minutes otherwise it drop down) just to avoid to install free proxy software:

Code: Select all

netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080
netsh interface portproxy delete v4tov4 listenport=4040
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080

If you can give me suggestions also regarding this script I will be really happy!
But the main goal of this thread is how can I surf behind my http proxy!

Thanks again guyssss

[Traffic]

how can I surf behind my http proxy!

--redirect-gateway etc ..

Can the VPS server has both rules?

"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)"

and

"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps) ???

These rule will not work ..

However:

SERVER

Code: Select all

port 1194
proto tcp
<..>
server 10.8.0.0 255.255.255.0

vs Server 2

Code: Select all

port 443
proto tcp-server
<..>
server 10.8.0.0 255.255.255.0

• any RFC1918 address can be use for --server .. f.e
  View Originalserver 2

  server 10.11.0.0 255.255.255.0
  and adjust iptables rules ..

[willy87]

Hi Traffic!
Thanks for your reply!
I didn't understand well..
So I am a newbbb

1) What can I modify and adjust in Iptables?

2)And I should insert this in server2.conf instead of old one?

Code: Select all

server 10.11.00 255.255.255.0

I explain better:
I need to use VPN with 2 different wifi network:

Server1 and client1 = normal 3G data o free wifi networks

Server2 and client2 = work network under http proxy


With privatetunnel.ovpn i simply switch between networks through openVPN settings - proxy button enable/disable

If I do the same with server1.conf and client1.ovpn i receive HTTP proxy
error..

3) It could be hard to built same configuration of privatetunnel with my home made VPN?

Really Thanks for help me!




Server

[willy87]

EDIT:
What about this iptables rules for my VPS? Check specially last 3 parts please..
It would be marvellous if we do it!

Code: Select all

*filter

# Allow all loopback (lo) traffic and reject traffic
# to localhost that does not originate from lo.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
-A OUTPUT -o lo -j ACCEPT

# Allow ping and ICMP error returns.
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT

# Allow SSH.
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT

# Allow UDP traffic on port 1194.
-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED --sport 1194 -j ACCEPT

# Allow DNS resolution and limited HTTP/S on eth0.
# Necessary for updating the server and keeping time.
-A INPUT -i eth0 -p udp -m state --state ESTABLISHED --sport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state NEW,ESTABLISHED --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 53 -j ACCEPT

-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 443 -j ACCEPT

# Allow traffic on the TUN interface.
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

# Allow forwarding traffic only from the VPN.
-A FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# Log any packets which don't fit the rules above...
# (optional but useful)
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 4
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 4
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_OUTPUT_denied: " --log-level 4

# then reject them.
-A INPUT -j REJECT
-A FORWARD -j REJECT
-A OUTPUT -j REJECT
# Forwarding traffic VPS (thks to Traffic usr)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227

#Forwarding traffic to HTTP Proxy
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.27.153.206:4040
iptables -t nat -A POSTROUTING -p tcp -d 172.27.153.206 --dport 4040 -j MASQUERADE
-A FORWARD -p tcp -d 172.27.153.206 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

or

#Forwarding traffic to HTTP Proxy
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206:4040

COMMIT

[willy87]

EDIT2: What about that rules? It could be good? Please help me

Code: Select all

# Forwarding traffic VPS (thks to Traffic usr)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227

#Forwarding traffic to HTTP Proxy
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.27.153.206:4040
iptables -t nat -A POSTROUTING -p tcp -d 172.27.153.206 --dport 4040 -j MASQUERADE
-A FORWARD -p tcp -d 172.27.153.206 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

or

#Forwarding traffic to HTTP Proxy
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206:4040

or

#Forwarding traffic to HTTP Proxy
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.27.153.206:4040
# iptables -A FORWARD -p tcp -d 172.27.153.206 --dport 4040 -j ACCEPT

[willy87]

up any news guys? I'm waiting your feed. I don't want to destroy my vps connection thankss

[Traffic]

I do not know how your network is configured so this is just for example .. you must configure this yourself:

Server 1:

Code: Select all

SERVER-1:
server 10.11.0.0 255.255.255.0

IPTABLES-RULE1:
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)

Server 2:

Code: Select all

SERVER-2:
server 10.12.0.0 255.255.255.0

IPTABLES-RULE1:
iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)

[willy87]

it doens't work.. also after "service openvpn restart".. no traffic after connection VPN


server2

Code: Select all

port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

client2

Code: Select all

client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0

IPTABLES-RULE2:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206

( 172.27.153.206=proxy http)

I tried also because port is 4040 but it showing error

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206:4040

( 172.27.153.206=proxy http)

[willy87]

up any news guys? I'm waiting your feed. I don't want to destroy my vps connection thankss

[Traffic]

server2

Code: Select all

server 10.8.0.0 255.255.255.0

Can this server2 browse the internet via the proxy ?

[willy87]

server2

Code: Select all

server 10.8.0.0 255.255.255.0

Can this server2 browse the internet via the proxy ?

I don't know because it is on VPS debian...
on the same VPS running server1.conf (for no proxy connection) and server2.conf (for proxy http connection).

I know that using client1 (for server1) is working fine and surf the web (through VPS). Using client2 (when I am behind server http proxy) no internet browsing..

Thanks for helping me.. I'm niubbb.

[Traffic]

I don't know because

I guess you need to know ..

[willy87]

how can server2.conf browse the internet? I know only that VPS -where server2 is running- browse the internet..
If you would like to help meI will be very happy!

[Traffic]

How about you post your complete logs for server2 and client2 at --verb 4

[willy87]

ok.. (anyway just to inform you. obvoiusly I can surf from http proxy pc that is 172.27.153.206 - in this pc i have a script for opening port 4040:
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080).
I post everything after setting verb4 (server2 is called serverproxy.conf and client2 is called clientproxy.ovpn)
The problem is that i cannot surf after VPN estabilished.. Connected but no surfing on the Web..
I posted everything here down.. please help me guys!! thanksssss

serverproxy.conf

Code: Select all

port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4

clientproxy.ovpn

Code: Select all

client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 4
set CLIENT_CERT 0

IPTABLES-RULE2:

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206

( 172.27.153.206=proxy http)

I tried also because port is 4040 but it showing error

Code: Select all

iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206:4040

( 172.27.153.206=proxy http)

log

Code: Select all

2016-05-07 19:10:02 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-05-07 19:10:02 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [mute-replay-warnings]
12 [verb] [4]
13 [set] [CLIENT_CERT] [0]

2016-05-07 19:10:02 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:02 EVENT: RESOLVE
2016-05-07 19:10:02 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-05-07 19:10:02 EVENT: WAIT_PROXY
2016-05-07 19:10:02 SetTunnelSocket returned 1
2016-05-07 19:10:02 EVENT: WAIT
2016-05-07 19:10:02 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227

2016-05-07 19:10:03 FROM PROXY: HTTP/1.1 200 Connection established

2016-05-07 19:10:03 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-05-07 19:10:04 TCP recv EOF
2016-05-07 19:10:04 Transport Error: Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR
2016-05-07 19:10:04 EVENT: TRANSPORT_ERROR Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR [ERR]
2016-05-07 19:10:04 Client terminated, restarting in 5...
2016-05-07 19:10:07 RECONNECT TEST: Internet:ReachableViaWiFi/-R ------- WiFi:ReachableViaWiFi/-R ------d
2016-05-07 19:10:09 EVENT: RECONNECTING
2016-05-07 19:10:09 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:09 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-05-07 19:10:09 EVENT: WAIT_PROXY
2016-05-07 19:10:09 SetTunnelSocket returned 1
2016-05-07 19:10:09 EVENT: WAIT
2016-05-07 19:10:09 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227

2016-05-07 19:10:11 FROM PROXY: HTTP/1.1 200 Connection established

2016-05-07 19:10:11 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-05-07 19:10:12 EVENT: CONNECTING
2016-05-07 19:10:12 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-05-07 19:10:12 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1

2016-05-07 19:10:26 VERIFY OK: depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true

2016-05-07 19:10:26 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication

2016-05-07 19:10:35 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-07 19:10:35 Session is ACTIVE
2016-05-07 19:10:35 EVENT: GET_CONFIG
2016-05-07 19:10:35 Sending PUSH_REQUEST to server...
2016-05-07 19:10:36 Sending PUSH_REQUEST to server...
2016-05-07 19:10:37 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [route] [10.11.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.11.0.6] [10.11.0.5]

2016-05-07 19:10:37 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:37 EVENT: ASSIGN_IP
2016-05-07 19:10:37 Connected via tun
2016-05-07 19:10:37 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.11.0.6/
2016-05-07 19:10:37 SetStatus Connected
2016-05-07 19:12:03 TUN reset routes
2016-05-07 19:12:03 EVENT: DISCONNECTED
2016-05-07 19:12:03 Raw stats on disconnect:
BYTES_IN : 6245
BYTES_OUT : 26320
PACKETS_IN : 36
PACKETS_OUT : 300
TUN_BYTES_IN : 13040
TUN_PACKETS_IN : 240
NETWORK_EOF_ERROR : 1
TRANSPORT_ERROR : 1
N_RECONNECT : 1
2016-05-07 19:12:03 Performance stats on disconnect:
CPU usage (microseconds): 443128
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 73488
Tunnel bytes per CPU second: 29427
2016-05-07 19:12:03 ----- OpenVPN Stop -----

[Traffic]

OK .. I give up ..

Server2 and client2 = work network under http proxy

• Go ask the server admin for help ..

[willy87]

No traffic... why??? Did you check the log? Why these errors? What could i ask to VPS provider?

2016-05-07 19:10:04 EVENT: TRANSPORT_ERROR Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR [ERR]

2016-05-07 19:10:37 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.11.0.6/
2016-05-07 19:10:37 SetStatus Connected
2016-05-07 19:12:03 TUN reset routes
2016-05-07 19:12:03 EVENT: DISCONNECTED
..
NETWORK_EOF_ERROR : 1
TRANSPORT_ERROR : 1

[willy87]

Traffic, please, could you check also my "/etc/iptables/rules.v4"? I delete all and reinsert just those 2 rules and restart openvpn service.
Why I cannot surf under http proxy? It's unbelievable.. :|

*filter
:INPUT ACCEPT [110:10300]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [119:16158]
COMMIT
*mangle
:PREROUTING ACCEPT [196:16956]
:INPUT ACCEPT [196:16956]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [261:27190]
:POSTROUTING ACCEPT [205:23614]
COMMIT
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227
COMMIT
*raw
:PREROUTING ACCEPT [196:16956]
:OUTPUT ACCEPT [261:27190]
COMMIT

[Traffic]

It's unbelievable..

• You're telling me ..
  
  Perhaps something here will help:
  
  • https://openvpn.net/index.php/open-source/books.html