Connecting To An OpenVPN Server Via An HTTP Proxy.
OpenVPN supports connections through an HTTP proxy, with the following authentication modes:
No proxy authentication
Basic proxy authentication
NTLM proxy authentication
First of all, HTTP proxy usage requires that you use TCP as the tunnel carrier protocol. So add the following to both client and server configurations:
proto tcp
Make sure that any proto udp lines in the config files are deleted.
Next, add the -proxy directive to the client configuration file (see the manual page for a full description of this directive).
For example, suppose you have an HTTP proxy server on the client LAN at 192. 168. 4. 1, which is listening for connections on port 1080. Add this to the client config:
-proxy 192. 1 1080
Suppose the HTTP proxy requires Basic authentication:
-proxy 192. 1 1080 stdin basic
Suppose the HTTP proxy requires NTLM authentication:
-proxy 192. 1 1080 stdin ntlm
The two authentication examples above will cause OpenVPN to prompt for a username/password from standard input. If you would instead like to place these credentials in a file, replace stdin with a filename, and place the username on line 1 of this file and the password on line 2.
Layering Security: VPN Proxy Combined – OpenVPN
Why combine rather than compare: VPN | proxy
Do a web search for ‘VPN proxy’ and you’ll get back a list of sites that compare VPN and proxy to each other. From a consumer perspective, this is likely what they’re looking for. They want a way to secure their browsing online. They may choose between a VPN or proxy. However, from a business perspective, it’s more likely you’re searching for using the two together. VPN and web proxies make up important pieces in the multi-layered approach businesses need for strong cybersecurity. Here are the benefits of combining them; how to get started with OpenVPN Access Server and proxy, as well as a use case showing the two working together.
The benefits of combining VPN with proxy
VPN and proxy servers individually provide a layer of security for enterprises, but each alone cannot keep hackers out completely. Together, they’re able to address different areas of threat. Here are three of those areas:
Access control:
Proxy servers protect you from malicious websites – access out.
VPN protects you from malicious intruders – access in.
Increased productivity:
Proxy servers help limit the distractions from personal web browsing.
VPN provides secure access to business services so employees can work from anywhere in the world.
Reduced attack surface:
Proxy servers protect employees from the public network.
VPN creates a secure, private network.
Businesses rely on their employees to keep things secure. Unfortunately, they’re only human. We’ve found in recent surveys that show employees don’t always make the best decisions when it comes to cybersecurity.
It’s important for businesses to include human error in their cybersecurity risk mitigation plans. VPN and proxy servers both help keep employees practicing better cyber hygiene. Let’s dive a little deeper into that.
Blocking malicious traffic with a proxy server
Imagine an employee browsing online without any network security in place. Their computer connects with the public Internet through your enterprise Internet Service Provider (ISP). Their PC sits on your private network with an assigned IP address. It sends a request through your ISP to visit a website, which sits on the public network with an assigned IP address. Traffic flows freely from the private IP address to the public sites, and back again. This is a picture of data traffic flow on an open network. Without security in place, this is not a safe environment for businesses. It won’t take long before an employee accidentally visits a malicious site with malware in the code that infects their computer and spreads across the corporate network.
When you add a proxy server in between the private network and the public Internet these are some of the changes:
The proxy provides a layer of anonymity.
The proxy can block malicious traffic from getting into your private network.
The proxy can also block outgoing traffic if a user (knowingly or unknowingly) attempts to access malicious sites.
The proxy can log activity, letting you know if a user continually tries to access a malicious site, which could help you track down something like a malware infection.
The ability of proxy servers to protect your organization from malicious sites is reason, alone, to invest in this layer of security. When you combine the two, VPN-proxy security adds additional safeguards.
Blocking malicious intrusion with a VPN server
When you need to access your private network using the public Internet, you create an encrypted, private communication session using a Virtual Private Network. A VPN session allows you to safely send data across public networks thanks to the use of encrypted tunnels. The only way in is through a device with VPN client software installed and configured to connect to your VPN server(s).
While a proxy server protects your users when they wander out into the public Internet, a VPN provides a secure way to extend your private network; it provides a secure way in. Combining the two gives you the ability to expand your network protection beyond the immediate reach of your network cables and expand the protection of blocking users’ unintended, malicious web clicks.
You can safely extend the encrypted reach of your network and the protection of your proxy when you combine the two.
Getting started with an OpenVPN Access Server and Proxy
OpenVPN Access Server supports connections through a proxy. Looking for information on how to get started? Here are some helpful pages on our site:
Connecting to an OpenVPN server via an HTTP proxy
How do I configure OpenVPN to connect via an HTTP proxy?
Can I have multiple proxies?
How do I edit or delete a proxy?
Can an OpenVPN server push proxy settings to an iOS device?
Your site-to-site network security mapped
Use Case: Expand your proxy to satellite locations with OpenVPN Access Server
You set up your web proxy at the company headquarters. The branch office needs the protection of routing traffic through the web proxy as well. By setting up a site-to-site VPN with OpenVPN Access Server, you can do just that.
Connect the branch office to HQ using Access Server.
All web traffic now goes to HQ web proxy through the VPN.
The rules and browser settings set up at HQ are also applied to traffic from the branch office.
The web proxy applies policies and acts as a web browser.
It fetches web content from the Internet.
It also acts as a web server and sends the content to the branch office employee’s browser.
What happens when an employee at the branch office tries to go to a blacklisted website? The browser blocks it and states a message such as “this site is blocked due to company policy. ”
You are able to provide employees with the security of a transparent web proxy, protecting them from malicious websites and, in turn, protecting your company. Web filtering proxies are common tools used by businesses worldwide. They enforce web policies for Internet access as well as provide visibility into use of network bandwidth. OpenVPN Access Server provides you with a simplified UI for combining the encryption of your VPN with the protection of a proxy server. It’s important for businesses to create a layered approach to cybersecurity.
Additional Resources
How browser fingerprinting keeps us from being sneaky online
Site-to-Site VPN: scale your business to new locations securely with a site-to-site VPN
How to set up a VPN for increased security and privacy – The Verge
Virtual private networks (VPNs) can offer an additional layer of security and privacy. Whether you’re working on a public Wi-Fi network and want to escape prying eyes, or you’re worried about privacy in general, a VPN can offer a lot of benefits.
In a nutshell, a VPN establishes a secure, encrypted connection between your device and a private server, hiding your traffic from being seen by others. Of course, the VPN itself can still see your traffic, which is why you should choose a VPN from a company you trust. (A good rule of thumb is to avoid free VPNs, because if they’re not charging you a fee, they may be monetizing in some less desirable way. ) In addition, law enforcement can get its hands on your information through the VPN company. However, for the most part, a VPN offers you a way to hide your online activity from others.
Note that getting a VPN is only one of the measures you can take to make your web browsing more secure. Others include enabling two-factor authentication and using a password manager.
In addition to their security benefits, VPNs can come in handy when you’re trying to access sensitive information, or if you’re traveling in Europe and want to stream Netflix or Amazon Prime titles only allowed in the US. They can also possibly allow you to jump firewalls in heavily regulated countries such as China, although that is becoming difficult.
At home, you can set up your VPN through your router, which takes slightly more steps but means that any devices connected to your router won’t need individual configuration; it can also slow down all traffic that goes through. However, for this article, we’re going to concentrate on VPN apps that you can load on your laptop or phone, so that you can use the internet safely away from your home base.
Most VPN apps these days support the OpenVPN protocol, making setup a simple matter of allowing the app access to configure the settings for you. (Stay tuned for our guide to the best services to try out. ) But whether your device uses MacOS, Chrome OS, Windows 10, iOS, or Android, if you’d like to get a quick overview of what’s involved before selecting a service, or prefer to do a manual setup, we’ve broken down the steps into straightforward instructions for you.
Setting up a VPN in Windows 10
The first step is to create a VPN profile which you’ll fill this out with details from your particular VPN service.
Click on the Windows button, then head into Settings > Network & Internet > VPN. Click on Add a VPN connection.
In the fields on the page, select Windows (built-in) for your VPN provider. Give your VPN a name under Connection name. Enter the server name or address, the VPN type, and the type of sign-in info.
Add a user name and password for extra security (this is optional, but recommended). You can choose to have the computer remember your sign-in info.
Click Save
To connect to your VPN, go back to Settings > Network & Internet > VPN. Click on your VPN name.
If you want, at this point you can select Advanced Options to edit the connection properties, clear your sign-in info, or set up a VPN proxy.
Select Connect and enter a password if you’ve set one.
Setting up a VPN in Chrome OS
To get set up with a VPN in Chrome OS, you can head into the Chrome Web Store to find a extension for your VPN of choice, go to Google Play store (if your Chromebook is set up for it) and get a VPN app from there, or download one from a VPN’s site. Either way, your VPN app should prompt you with instructions on how to fully set it up.
If you need to do it manually, you can. Chrome has native support for L2TP/IPsec and OpenVPN. To install a VPN that works with one of these formats:
Click on the time in the lower right corner of your screen, and click on Settings.
Click on Add connection and then on OpenVPN / L2TP
Add all the information necessary, which may include server hostname, service name, provider type, pre-shared key, username and password. You can save your identity and password if you want. Click on Connect.
Some VPNs, especially those issued from a workplace, demand a certificate, which you will need to import first. If that’s something that’s required:
Head into chromesettings/certificates
Go to the Authorities tab. Find the correct certificate in the list and click Import.
Then follow the above instructions for setting up the VPN.
Setting up a VPN in macOS
As with the other formats here, there are apps that help you through the setup process automatically, but you can also do it yourself manually.
Choose the drop-down menu and choose VPN so you can enter your VPN’s details.
To start, head into System Preferences and then dive into Network.
From there, the process is straightforward. Click the Plus symbol button on the bottom left, and use the Interface drop-down menu to choose VPN. You’ll need the details from your VPN of choice to fill out the VPN Type and Service Name.
Click on the Create button. Fill out the server address, remote ID and local ID in the appropriate fields. Click on Authentication Settings.
Enter the username and password for your VPN, which you can set through your VPN app.
Click OK and Connect.
Setting up a VPN in iOS
Setting up a VPN on an iOS device is fairly simple. Again, if you download an app from the App Store, it should automatically configure settings for you. Here’s how to do it manually, though:
Just head into Settings and tap on General.
Scroll down to select VPN (the iPhone will say whether you are currently connected to one or not).
Tap on Add VPN Configuration and then on Type to select a security protocol. (Follow the instructions provided by your chosen app).
Go back to the Add Configuration screen, where you will add the VPN’s description, server, remote ID and local ID.
Enter your username and password. You can also use a proxy if you want to.
Tap Done You will then be brought back to the VPN screen. Toggle the Status switch to on.
Setting up a VPN in Android
Like iOS, setting up a VPN on an Android device shouldn’t be too difficult. Here’s the manual process if you’re not letting an app automatically configure things for you. (Keep in mind that, because some vendors tweak their Android versions, your process may vary slightly. )
Head into Settings > Network & Internet > Advanced > VPN (you should see a little key icon). If you don’t see Network & Internet in the Settings menu (which may happen depending on your Android overlay), then do a search within Settings for VPN. Press the Add button.
If you happen to be setting this up on a new phone, or if you haven’t yet set a screen lock or password, Google will prompt you to first set one for your phone. Do so.
Now create your VPN profile. Add the VPN name, type, and Server address. Click on Save.
You’ll be taken back to the VPN screen, where you should now see the name of your VPN. Tap on it, and put in your name and password. You can also choose to save your account information, and you can make the VPN always on. Click on Connect.
Enter the VPN name, type, server address, username, and password.
Then, save. You’re done!
Once you’ve got your VPN up and running, you might notice web browsing isn’t as fast as it used to be, especially if you’ve configured traffic to go through another country. Stronger encryption, or more users connected to one VPN, can also slow down your internet speeds. Downloads might slow to snail speed and your League of Legends screen lag might be absurd. But that’s not a big problem compared to the security that you’ve added.
And anyway, now that you know how to set up a VPN, toggling it off is easy in comparison. You just have to remember to do it.
Vox Media has affiliate partnerships. These do not influence editorial content, though Vox Media may earn commissions for products purchased via affiliate links. For more information, see our ethics policy.
Frequently Asked Questions about add proxy openvpn
Can I use a proxy in OpenVPN?
OpenVPN supports connections through an HTTP proxy, with the following authentication modes: No proxy authentication. Basic proxy authentication.
What is a proxy OpenVPN?
Web filtering proxies are common tools used by businesses worldwide. They enforce web policies for Internet access as well as provide visibility into use of network bandwidth. OpenVPN Access Server provides you with a simplified UI for combining the encryption of your VPN with the protection of a proxy server.
How do I connect to a VPN proxy?
To connect to your VPN, go back to Settings > Network & Internet > VPN. Click on your VPN name. If you want, at this point you can select Advanced Options to edit the connection properties, clear your sign-in info, or set up a VPN proxy. Select Connect and enter a password if you’ve set one.Mar 1, 2019