Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Hi guys!!
I have server1.conf and server2.conf that are running correctly also tre traffic is routed corretly;
Server2 is linked with client2 (just same configuration of client 1 but under http proxy).
I follow this instruction:
Configure OpenVPN on server side by adding port 443 and proto tcp-server to the configuration file.
Configure OpenVPN on the client side by adding port 443, proto tcp-client and http-proxy 172.27.X.X 8080 to the configuration file.
But I cannot surf: it is connected on VPN correctly but no surfing.. no traffic after connection estabilish..
Should I set a particular rule to iptable?
Like:
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X?
(172.27.X.X proxy http server)
It could work?
Can the VPS server has both rules?
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)" and "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps) ???
Any suggestions?
Thanks guys for helping me
I have server1.conf and server2.conf that are running correctly also tre traffic is routed corretly;
Server2 is linked with client2 (just same configuration of client 1 but under http proxy).
I follow this instruction:
Configure OpenVPN on server side by adding port 443 and proto tcp-server to the configuration file.
Configure OpenVPN on the client side by adding port 443, proto tcp-client and http-proxy 172.27.X.X 8080 to the configuration file.
But I cannot surf: it is connected on VPN correctly but no surfing.. no traffic after connection estabilish..
Should I set a particular rule to iptable?
Like:
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X?
(172.27.X.X proxy http server)
It could work?
Can the VPS server has both rules?
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)" and "iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps) ???
Any suggestions?
Thanks guys for helping me
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Sorry guys, I would like to edit my previous post but I cannot.. maybe so late.. and in the sametime i would like to respect forum rule so i updload my data for help us each other
SERVER2
CLIENT2
LOG
My IP Table:
Obvously in the proxy win pc i have a script that starts every 15 minutes (15 minutes otherwise it drop down) just to avoid to install free proxy software:
If you can give me suggestions also regarding this script I will be really happy!
But the main goal of this thread is how can I surf behind my http proxy!
Thanks again guyssss
SERVER2
Code: Select all
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0
Code: Select all
2016-04-27 22:30:53 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-04-27 22:30:53 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [mute-replay-warnings]
12 [verb] [3]
13 [set] [CLIENT_CERT] [0]
2016-04-27 22:30:53 LZO-ASYM init swap=0 asym=0
2016-04-27 22:30:53 EVENT: RESOLVE
2016-04-27 22:30:53 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-04-27 22:30:53 EVENT: WAIT_PROXY
2016-04-27 22:30:53 SetTunnelSocket returned 1
2016-04-27 22:30:53 EVENT: WAIT
2016-04-27 22:30:53 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227
2016-04-27 22:30:57 FROM PROXY: HTTP/1.1 200 Connection established
2016-04-27 22:30:57 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-04-27 22:30:58 EVENT: CONNECTING
2016-04-27 22:30:58 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-04-27 22:30:58 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2016-04-27 22:31:12 VERIFY OK: depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2016-04-27 22:31:12 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-04-27 22:31:21 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-04-27 22:31:21 Session is ACTIVE
2016-04-27 22:31:21 EVENT: GET_CONFIG
2016-04-27 22:31:21 Sending PUSH_REQUEST to server...
2016-04-27 22:31:22 Sending PUSH_REQUEST to server...
2016-04-27 22:31:23 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [route] [10.8.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.8.0.6] [10.8.0.5]
2016-04-27 22:31:23 LZO-ASYM init swap=0 asym=0
2016-04-27 22:31:23 EVENT: ASSIGN_IP
2016-04-27 22:31:23 Connected via tun
2016-04-27 22:31:23 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.8.0.6/
2016-04-27 22:31:23 SetStatus Connected
2016-04-27 22:31:39 TUN reset routes
2016-04-27 22:31:39 EVENT: DISCONNECTED
2016-04-27 22:31:39 Raw stats on disconnect:
BYTES_IN : 6041
BYTES_OUT : 5902
PACKETS_IN : 29
PACKETS_OUT : 78
TUN_BYTES_IN : 1248
TUN_PACKETS_IN : 19
2016-04-27 22:31:39 Performance stats on disconnect:
CPU usage (microseconds): 357870
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 33372
Tunnel bytes per CPU second: 3487
2016-04-27 22:31:39 ----- OpenVPN Stop -----
Code: Select all
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.9.8.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Code: Select all
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080
netsh interface portproxy delete v4tov4 listenport=4040
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080
But the main goal of this thread is how can I surf behind my http proxy!
Thanks again guyssss
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
--redirect-gateway etc ..willy87 wrote:how can I surf behind my http proxy!
These rule will not work ..willy87 wrote:Can the VPS server has both rules?
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)"
and
"iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227 (vps) ???
However:
vs Server 2willy87 wrote:SERVERCode: Select all
port 1194 proto tcp <..> server 10.8.0.0 255.255.255.0
willy87 wrote:Code: Select all
port 443 proto tcp-server <..> server 10.8.0.0 255.255.255.0
- any RFC1918 address can be use for --server .. f.e and adjust iptables rules ..server 2server 10.11.0.0 255.255.255.0
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Hi Traffic!
Thanks for your reply!
I didn't understand well..
So I am a newbbb
1) What can I modify and adjust in Iptables?
2)And I should insert this in server2.conf instead of old one?
I explain better:
I need to use VPN with 2 different wifi network:
Server1 and client1 = normal 3G data o free wifi networks
Server2 and client2 = work network under http proxy
With privatetunnel.ovpn i simply switch between networks through openVPN settings - proxy button enable/disable
If I do the same with server1.conf and client1.ovpn i receive HTTP proxy
error..
3) It could be hard to built same configuration of privatetunnel with my home made VPN?
Really Thanks for help me!
Server
Thanks for your reply!
I didn't understand well..
So I am a newbbb
1) What can I modify and adjust in Iptables?
2)And I should insert this in server2.conf instead of old one?
Code: Select all
server 10.11.00 255.255.255.0
I need to use VPN with 2 different wifi network:
Server1 and client1 = normal 3G data o free wifi networks
Server2 and client2 = work network under http proxy
With privatetunnel.ovpn i simply switch between networks through openVPN settings - proxy button enable/disable
If I do the same with server1.conf and client1.ovpn i receive HTTP proxy
error..
3) It could be hard to built same configuration of privatetunnel with my home made VPN?
Really Thanks for help me!
Server
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
EDIT:
What about this iptables rules for my VPS? Check specially last 3 parts please..
It would be marvellous if we do it!
What about this iptables rules for my VPS? Check specially last 3 parts please..
It would be marvellous if we do it!
Code: Select all
*filter
# Allow all loopback (lo) traffic and reject traffic
# to localhost that does not originate from lo.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT
-A OUTPUT -o lo -j ACCEPT
# Allow ping and ICMP error returns.
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
# Allow SSH.
-A INPUT -i eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 22 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state ESTABLISHED --sport 22 -j ACCEPT
# Allow UDP traffic on port 1194.
-A INPUT -i eth0 -p udp -m state --state NEW,ESTABLISHED --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state ESTABLISHED --sport 1194 -j ACCEPT
# Allow DNS resolution and limited HTTP/S on eth0.
# Necessary for updating the server and keeping time.
-A INPUT -i eth0 -p udp -m state --state ESTABLISHED --sport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m state --state NEW,ESTABLISHED --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state ESTABLISHED --sport 443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m state --state NEW,ESTABLISHED --dport 443 -j ACCEPT
# Allow traffic on the TUN interface.
-A INPUT -i tun0 -j ACCEPT
-A FORWARD -i tun0 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
# Allow forwarding traffic only from the VPN.
-A FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# Log any packets which don't fit the rules above...
# (optional but useful)
-A INPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 4
-A FORWARD -m limit --limit 3/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 4
-A OUTPUT -m limit --limit 3/min -j LOG --log-prefix "iptables_OUTPUT_denied: " --log-level 4
# then reject them.
-A INPUT -j REJECT
-A FORWARD -j REJECT
-A OUTPUT -j REJECT
# Forwarding traffic VPS (thks to Traffic usr)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227
#Forwarding traffic to HTTP Proxy
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.27.153.206:4040
iptables -t nat -A POSTROUTING -p tcp -d 172.27.153.206 --dport 4040 -j MASQUERADE
-A FORWARD -p tcp -d 172.27.153.206 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
or
#Forwarding traffic to HTTP Proxy
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206:4040
COMMIT
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
EDIT2: What about that rules? It could be good? Please help me
Code: Select all
# Forwarding traffic VPS (thks to Traffic usr)
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227
#Forwarding traffic to HTTP Proxy
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 172.27.153.206:4040
iptables -t nat -A POSTROUTING -p tcp -d 172.27.153.206 --dport 4040 -j MASQUERADE
-A FORWARD -p tcp -d 172.27.153.206 --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
or
#Forwarding traffic to HTTP Proxy
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206:4040
or
#Forwarding traffic to HTTP Proxy
# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j DNAT --to 172.27.153.206:4040
# iptables -A FORWARD -p tcp -d 172.27.153.206 --dport 4040 -j ACCEPT
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
up any news guys? I'm waiting your feed. I don't want to destroy my vps connection thankss
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
I do not know how your network is configured so this is just for example .. you must configure this yourself:
Server 1:
Server 2:
Server 1:
Code: Select all
SERVER-1:
server 10.11.0.0 255.255.255.0
IPTABLES-RULE1:
iptables -t nat -A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.X.X (proxy http)
Code: Select all
SERVER-2:
server 10.12.0.0 255.255.255.0
IPTABLES-RULE1:
iptables -t nat -A POSTROUTING -s 10.12.0.0/24 -j SNAT --to-source 185.115.243.227 (vps)
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
it doens't work.. also after "service openvpn restart".. no traffic after connection VPN
server2
client2
IPTABLES-RULE2:
( 172.27.153.206=proxy http)
I tried also because port is 4040 but it showing error( 172.27.153.206=proxy http)
server2
Code: Select all
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3
Code: Select all
client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 3
set CLIENT_CERT 0
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206
I tried also because port is 4040 but it showing error
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206:4040
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
up any news guys? I'm waiting your feed. I don't want to destroy my vps connection thankss
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Can this server2 browse the internet via the proxy ?willy87 wrote:server2Code: Select all
server 10.8.0.0 255.255.255.0
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
I don't know because it is on VPS debian...server2Can this server2 browse the internet via the proxy ?Code: Select all
server 10.8.0.0 255.255.255.0
on the same VPS running server1.conf (for no proxy connection) and server2.conf (for proxy http connection).
I know that using client1 (for server1) is working fine and surf the web (through VPS). Using client2 (when I am behind server http proxy) no internet browsing..
Thanks for helping me.. I'm niubbb.
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
I guess you need to know ..willy87 wrote:I don't know because
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
how can server2.conf browse the internet? I know only that VPS -where server2 is running- browse the internet..
If you would like to help meI will be very happy!
If you would like to help meI will be very happy!
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
How about you post your complete logs for server2 and client2 at --verb 4
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
ok.. (anyway just to inform you. obvoiusly I can surf from http proxy pc that is 172.27.153.206 - in this pc i have a script for opening port 4040:
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080).
I post everything after setting verb4 (server2 is called serverproxy.conf and client2 is called clientproxy.ovpn)
The problem is that i cannot surf after VPN estabilished.. Connected but no surfing on the Web..
I posted everything here down.. please help me guys!! thanksssss
serverproxy.conf
clientproxy.ovpn
IPTABLES-RULE2:
( 172.27.153.206=proxy http)
I tried also because port is 4040 but it showing error
( 172.27.153.206=proxy http)
log
netsh interface portproxy add v4tov4 listenport=4040 connectaddress=proxy connectport=8080).
I post everything after setting verb4 (server2 is called serverproxy.conf and client2 is called clientproxy.ovpn)
The problem is that i cannot surf after VPN estabilished.. Connected but no surfing on the Web..
I posted everything here down.. please help me guys!! thanksssss
serverproxy.conf
Code: Select all
port 443
proto tcp-server
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
keepalive 10 120
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 4
clientproxy.ovpn
Code: Select all
client
dev tun
proto tcp-client
remote 185.115.243.227 443
http-proxy 172.27.153.206 4040
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
comp-lzo
verb 4
set CLIENT_CERT 0
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206
I tried also because port is 4040 but it showing error
Code: Select all
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 172.27.153.206:4040
log
Code: Select all
2016-05-07 19:10:02 ----- OpenVPN Start -----
OpenVPN core 3.0 ios armv7s thumb2 32-bit
2016-05-07 19:10:02 UNUSED OPTIONS
4 [resolv-retry] [infinite]
5 [nobind]
6 [persist-key]
7 [persist-tun]
9 [mute-replay-warnings]
12 [verb] [4]
13 [set] [CLIENT_CERT] [0]
2016-05-07 19:10:02 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:02 EVENT: RESOLVE
2016-05-07 19:10:02 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-05-07 19:10:02 EVENT: WAIT_PROXY
2016-05-07 19:10:02 SetTunnelSocket returned 1
2016-05-07 19:10:02 EVENT: WAIT
2016-05-07 19:10:02 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227
2016-05-07 19:10:03 FROM PROXY: HTTP/1.1 200 Connection established
2016-05-07 19:10:03 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-05-07 19:10:04 TCP recv EOF
2016-05-07 19:10:04 Transport Error: Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR
2016-05-07 19:10:04 EVENT: TRANSPORT_ERROR Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR [ERR]
2016-05-07 19:10:04 Client terminated, restarting in 5...
2016-05-07 19:10:07 RECONNECT TEST: Internet:ReachableViaWiFi/-R ------- WiFi:ReachableViaWiFi/-R ------d
2016-05-07 19:10:09 EVENT: RECONNECTING
2016-05-07 19:10:09 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:09 Contacting 172.27.153.206:4040 via HTTP Proxy
2016-05-07 19:10:09 EVENT: WAIT_PROXY
2016-05-07 19:10:09 SetTunnelSocket returned 1
2016-05-07 19:10:09 EVENT: WAIT
2016-05-07 19:10:09 TO PROXY: CONNECT 185.115.243.227:443 HTTP/1.0
Host: 185.115.243.227
2016-05-07 19:10:11 FROM PROXY: HTTP/1.1 200 Connection established
2016-05-07 19:10:11 Connecting to 185.115.243.227:443 (172.27.153.206) via TCPv4-via-HTTP
2016-05-07 19:10:12 EVENT: CONNECTING
2016-05-07 19:10:12 Tunnel Options:V4,dev-type tun,link-mtu 1544,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA1,keysize 128,key-method 2,tls-client
2016-05-07 19:10:12 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 1.0.5-177
IV_VER=3.0
IV_PLAT=ios
IV_NCP=1
IV_LZO=1
2016-05-07 19:10:26 VERIFY OK: depth=1
cert. version : 3
serial number : 93:8D:1A:CD:64:84:97:C9
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:43:50
expires on : 2026-04-24 17:43:50
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=true
2016-05-07 19:10:26 VERIFY OK: depth=0
cert. version : 3
serial number : 01
issuer name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=ServerBabbo CA, ??=server, emailAddress=me@myhost.mydomain
subject name : C=NL, ST=AM, L=Amsterdam, O=ServerBabbo, OU=MyOrganizationalUnit, CN=server, ??=server, emailAddress=me@myhost.mydomain
issued on : 2016-04-26 17:44:12
expires on : 2026-04-24 17:44:12
signed using : RSA with SHA-256
RSA key size : 2048 bits
basic constraints : CA=false
subject alt name : server
cert. type : SSL Server
key usage : Digital Signature, Key Encipherment
ext key usage : TLS Web Server Authentication
2016-05-07 19:10:35 SSL Handshake: TLSv1.0/TLS-DHE-RSA-WITH-AES-256-CBC-SHA
2016-05-07 19:10:35 Session is ACTIVE
2016-05-07 19:10:35 EVENT: GET_CONFIG
2016-05-07 19:10:35 Sending PUSH_REQUEST to server...
2016-05-07 19:10:36 Sending PUSH_REQUEST to server...
2016-05-07 19:10:37 OPTIONS:
0 [redirect-gateway] [def1] [bypass-dhcp]
1 [dhcp-option] [DNS] [8.8.8.8]
2 [route] [10.11.0.1]
3 [topology] [net30]
4 [ping] [10]
5 [ping-restart] [120]
6 [ifconfig] [10.11.0.6] [10.11.0.5]
2016-05-07 19:10:37 LZO-ASYM init swap=0 asym=0
2016-05-07 19:10:37 EVENT: ASSIGN_IP
2016-05-07 19:10:37 Connected via tun
2016-05-07 19:10:37 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.11.0.6/
2016-05-07 19:10:37 SetStatus Connected
2016-05-07 19:12:03 TUN reset routes
2016-05-07 19:12:03 EVENT: DISCONNECTED
2016-05-07 19:12:03 Raw stats on disconnect:
BYTES_IN : 6245
BYTES_OUT : 26320
PACKETS_IN : 36
PACKETS_OUT : 300
TUN_BYTES_IN : 13040
TUN_PACKETS_IN : 240
NETWORK_EOF_ERROR : 1
TRANSPORT_ERROR : 1
N_RECONNECT : 1
2016-05-07 19:12:03 Performance stats on disconnect:
CPU usage (microseconds): 443128
Tunnel compression ratio (downlink): inf
Network bytes per CPU second: 73488
Tunnel bytes per CPU second: 29427
2016-05-07 19:12:03 ----- OpenVPN Stop -----
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
OK .. I give up ..
willy87 wrote:Server2 and client2 = work network under http proxy
- Go ask the server admin for help ..
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
No traffic... why??? Did you check the log? Why these errors? What could i ask to VPS provider?
2016-05-07 19:10:04 EVENT: TRANSPORT_ERROR Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR [ERR]
2016-05-07 19:10:37 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.11.0.6/
2016-05-07 19:10:37 SetStatus Connected
2016-05-07 19:12:03 TUN reset routes
2016-05-07 19:12:03 EVENT: DISCONNECTED
..
NETWORK_EOF_ERROR : 1
TRANSPORT_ERROR : 1
2016-05-07 19:10:04 EVENT: TRANSPORT_ERROR Transport error on '185.115.243.227' via HTTP proxy 172.27.153.206:4040 : NETWORK_EOF_ERROR [ERR]
2016-05-07 19:10:37 EVENT: CONNECTED @185.115.243.227:443 (172.27.153.206) via /TCPv4-via-HTTP on tun/10.11.0.6/
2016-05-07 19:10:37 SetStatus Connected
2016-05-07 19:12:03 TUN reset routes
2016-05-07 19:12:03 EVENT: DISCONNECTED
..
NETWORK_EOF_ERROR : 1
TRANSPORT_ERROR : 1
-
- OpenVPN User
- Posts: 32
- Joined: Tue Apr 26, 2016 8:09 pm
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
Traffic, please, could you check also my "/etc/iptables/rules.v4"? I delete all and reinsert just those 2 rules and restart openvpn service.
Why I cannot surf under http proxy? It's unbelievable.. :|
Why I cannot surf under http proxy? It's unbelievable.. :|
*filter
:INPUT ACCEPT [110:10300]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [119:16158]
COMMIT
*mangle
:PREROUTING ACCEPT [196:16956]
:INPUT ACCEPT [196:16956]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [261:27190]
:POSTROUTING ACCEPT [205:23614]
COMMIT
*nat
:PREROUTING ACCEPT [1:60]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 10.11.0.0/24 -j SNAT --to-source 172.27.153.206
-A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 185.115.243.227
COMMIT
*raw
:PREROUTING ACCEPT [196:16956]
:OUTPUT ACCEPT [261:27190]
COMMIT
- Traffic
- OpenVPN Protagonist
- Posts: 4066
- Joined: Sat Aug 09, 2014 11:24 am
Re: Debian VPS <->Iphone client - HTTP proxy VPN traffic problem
willy87 wrote:It's unbelievable..
- You're telling me ..
Perhaps something here will help: