Tunneling a Proxy Server and Protecting the Proxy
OpenVPN can use the HTTP method CONNECT to establish a tunnel between the client and its VPN server. Since this is a standard method used by most banking websites or any other security-conscious websites, most proxies and firewalls are open to such connections.
A simple OpenVPN configuration entry for use with an HTTP proxy may look like this:
(...) port 443 proto tcp-client http-proxy proxy 3128 http-proxy-retry http-proxy-option AGENT Mozilla/4.0 (compatible; MSIE 4.01; Windows NT 5.0) (...)
We are using port 443 TCP, which will make our VPN tunnel almost invisible to local administrators. OpenVPN must furthermore know where to find the proxy server and on which port it is listening. In the aforementioned example, the name of the server is proxy and its port is 3128. In addition to this, OpenVPN will try indefinitely to establish a connection and stealthily pretend to be a Mozilla browser on Windows 2000. Pretty nice, isn't it?
I consider...
