• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 650
  • Last Modified:

Openvpn proxy at destination network

Please advise howto set openvpn clients to use proxy of destination address. Now only certain ranges are routed through vpn.
0
janhoedt
Asked:
janhoedt
  • 2
  • 2
1 Solution
 
Kerem ERSOYPresidentCommented:
Hi,

It seems that the best way is to add some routes manually to the clients. and then change the proxy settings. You can also create some scripts that will be run on openVPN clients after the connection has been established.
0
 
janhoedtAuthor Commented:
I cannot change proxy on 3G, I could over wifi but not 3G. So I need or vpn client to set it or server to push it. I d also like to be able to choose using proxy at destination network or not.
0
 
Kerem ERSOYPresidentCommented:
so what you want is basically to change your Proxy setting in browser apter you2ve connected to the VPN.

Or do you mean that your 3G connection already changes your proxy setting?

What is that you're trying to achieve ?
0
 
janhoedtAuthor Commented:
I would like to be able to let my remote openvpn-clients to choose if they surf via the providers network or the network of destination (openvpn). The destination network has a firewall protection + compression since its over openvpn. I can do this over wifi but not over 3G. So I d need to activate the openvpn as default route, however then I d need a proxy, or don t I (didn t test yet)?
0
 
QlemoC++ DeveloperCommented:
Changing the proxy requires (AFAIK) to manually run a script, as you can only bind Web Proxy settings to a (Windows) dial-up connection or a physical connection (WLAN, LAN, etc.). OpenVPN does not count as such. And even if, you could not differ between 3G and Wifi.

Setting the proxy would allow to leave default routes alone, which is a plus, but you need to (a) provide the proxy change script and (b) supply a proxy (like squid) on the office site. And no other traffic than HTTP/HTTPS/FTP (or whatever the proxy is set up for) will be redirected; e.g. Instand Messaging will still use the local Internet connection.
http://forums.techguy.org/windows-7/955354-script-change-proxy-settings.html shown one way to script the proxy change (just to give an idea how to do that).

The alternative, changing the default route on demand or after checking which connection type is used, can be set up by providing a script containing
    route add 0.0.0.0 mask 128.0.0.0 10.10.10.10
    route add 128.0.0.0 mask 128.0.0.0 10.10.10.10
(with 10.10.10.10 being your OpenVPN server's OpenVPN IP). Since those routes have a more specific mask than the default gateway, they will take precedence, until deleted again (which will happen on next NIC change). The deletion script could be automatic on disconnect, e.g. by providing it for the --down setting of OpenVPN on the client.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now