ahududu
Posts: 15
Joined: Fri Nov 16, 2018 8:19 pm

Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Wed Dec 05, 2018 9:11 pm

removed
Last edited by ahududu on Wed Mar 13, 2019 6:37 pm, edited 2 times in total.

bzt
Posts: 374
Joined: Sat Oct 14, 2017 9:57 pm

Re: Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Thu Dec 06, 2018 3:56 pm

Hi,

I'm not sure (I haven't used GUI, like, ever). I'd suggest to check "use config-file" and take a look at this documentation and this manual.
The best you can do - as I wrote earlier - try that out and see if it works :-) The manual is quite brief
Connect to remote host through an HTTP proxy at address server and port port. If HTTP Proxy-Authenticate is required, authfileis a file containing a username and password on 2 lines, or “stdin” to prompt from console.auth-method should be one of “none”, “basic”, or “ntlm”.
but it's very likely that's exactly what you're looking for. ;-)

Cheers,
bzt

ahududu
Posts: 15
Joined: Fri Nov 16, 2018 8:19 pm

Re: Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Thu Dec 06, 2018 8:59 pm

removed
Last edited by ahududu on Wed Mar 13, 2019 6:37 pm, edited 1 time in total.

bzt
Posts: 374
Joined: Sat Oct 14, 2017 9:57 pm

Re: Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Fri Dec 07, 2018 9:42 pm

ahududu wrote:
Thu Dec 06, 2018 8:59 pm
*What is the advantages and disadvantages of use OpenVPN with proxy? I mean security, privacy, etc.
Advantages: your ISP will think you're just websurfing (unless they have a layer 7 deep packet inspection solution, like this one for example). Also it works even if there's a firewall which blocks OpenVPN port 1194 but not http proxy (usually port 8080).
Disadvantages: serious performance degradation. (But in case of a blocking firewall, slow is much better than nothing :-) )

I'd also like to point out that http proxy could use a user/password authentication and one would think that adds extra security. Actually it's quite the opposite, as basic http auth is breakable to cleartext literally in no time, and knowing credentials can help an attacker to guess your other user/pass combos (you would be surpised how many people are using the same user/pass on different servers and sites).
**What does exactly makes Proxy setting on OpenVPN connection? I mean what is the role of Proxy in this scenario?
Normally OpenVPN connects directly to the server. That means UDP/TCP packets sent to port 1194 (by default). With proxy, that communication is wrapped in a HTTP protocol, meaning OpenVPN will send http packets to the proxy, and the proxy will connect to the vpn server.
***How can i test the connection in this scenario? I mean i am connecting with Italy OVPN TCP file and writing Sweden Proxy servers to the Proxy section.
Use netstat on your local machine. Without proxy, you should see connections to the vpn server port 1194 (or whatever port your vpn server is using). With proxy, you'll only see connections to the proxy server on port 8080 (or whatever port the proxy is using).

Alternatively you could use "lsof | grep openvpn" to list open connections.
When i check my IP, it is Italy IP. But what is doing Sweden Proxy in this scenario?
If you have set up everything correctly, you won't see any Swedish IP, because proxy is used to carry the packets which implements the tunnel itself, and your normal traffic will be routed INSIDE the tunnel.

Cheers,
bzt

ahududu
Posts: 15
Joined: Fri Nov 16, 2018 8:19 pm

Re: Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Sun Dec 09, 2018 2:34 am

removed
Last edited by ahududu on Wed Mar 13, 2019 6:37 pm, edited 1 time in total.

bzt
Posts: 374
Joined: Sat Oct 14, 2017 9:57 pm

Re: Connecting OpenVPN wih Proxy Setting [Need Your Experiences]

Wed Dec 12, 2018 2:28 pm

ahududu wrote:
Sun Dec 09, 2018 2:34 am
How can i prevent the leak of http username/password in a connection from attackers?
Wrap http in some encrypted channel. Normally that would be SSL. If you use a https, then all the http headers (including the user/pass) will be encrypted with a cryptographically sound algorithm. Alternatively you can do an assymetric key based SSL authentication in the SSL/TLS layer using certs which is much much safer than http auth. But you may not be able to change the vpn provider's auth configuration if you don't own that server, so this may be not an option for you.

Also using a special proxy which is already encrypted (like tor) provides more than enough security. You see, tor is not a standard proxy; it's an ecrpytion layer on it's own, which happens to implement the socks interface to be compatible with existing software. Another advantage, since socks is an universal tcp proxy, you can use it for other protocols too, not just http.
And what do you advise me for this scenario? Imagine you can't connect OpenVPN without proxy but you want to connect. What did you do? You can connect with proxy at the same time but as you said there is some security flaws available.
I think your original idea should work: use tor as proxy, and use OpenVPN on top of that configured for socks proxy (which would be localhost:9050). But since you can already use tor, I'm not sure you need a vpn at all. Unless you want to use some special software which does not support socks proxy and torification in the first place (*). If all you need is web, then tor alone with an obfs bridge will suffice, no need for vpn.

(*) - note that many protocols (smtp, irc, xmpp, etc.) have a remote, web-based interface in a form of a third-party service which you can use without installing anything locally on your machine. Also torsocks and torify works like a charm with most software (but unfortunately there are exceptions. For those few, a vpn tunnel could be a remedy).
Thanks in advance.

Have a happy life with your loved ones.

Kind Regards.
Thanks, wish the same to you too!

bzt

Return to “Networking and servers”