ref: 9d22c514a9f893498f2c8bf8688d2e8a6c9adb4d vpn-documentation/HTTP_PROXY.md -rw-r--r-- 2.0 KiB
9d22c514François Kooman hopefully fix IPv6 when deploying on VM using RA 4 months ago

#title: HTTP Proxy description: Redirect VPN traffic over a HTTP proxy category: advanced

Today we will setup a HTTP proxy to tunnel OpenVPN client traffic over. We only care about CentOS 7 at this stage.


Make sure you install Apache:

$ sudo yum -y install httpd

Put the following configuration snippet in /etc/httpd/conf.d/proxy.conf:

ProxyRequests On
AllowConnect 1194

<Proxy "*">
    Require valid-user
    AuthType Basic
    AuthBasicProvider file
    AuthUserFile "/etc/httpd/proxy-users"
    AuthName "Proxy"

Add user foo with password bar to the proxy-users file:

$ htpasswd -B -b -c /etc/httpd/proxy-users foo bar

Make sure you allow Apache to connect to the network:

$ setsebool -P httpd_can_network_connect=on

Enable and start Apache:

$ sudo systemctl enable --now httpd

That's all!


NOTE this will all be over HTTP, so the password will be sent in plain text!

In your OpenVPN client configuration you can enable the http-proxy option. Make sure you only list "remotes" with the TCP protocol.

For example:

remote vpn.tuxed.net 1194 tcp

# ...

http-proxy proxy.tuxed.net 80 basic


You can also use IP addresses. Currently the hostname do not work as IPv6 is again broken on the VM platform hosting proxy.tuxed.net.

Client log output when connecting using a proxy:

Thu Jul  2 23:37:28 2020 Attempting to establish TCP connection with [AF_INET] [nonblock]
Thu Jul  2 23:37:29 2020 TCP connection established with [AF_INET]
Thu Jul  2 23:37:29 2020 Send to HTTP proxy: 'CONNECT HTTP/1.0'
Thu Jul  2 23:37:29 2020 Send to HTTP proxy: 'Host:'
Thu Jul  2 23:37:29 2020 Attempting Basic Proxy-Authorization
Thu Jul  2 23:37:30 2020 HTTP proxy returned: 'HTTP/1.0 200 Connection Established'