After looking into the source code, there are (at least) two places where this patch has to be applied.
1) The place described earlier and mentioned in the original patch (I would guess) 2) There is duplicated code in the same function when the proxy answered with "407 Proxy Authentication Required". Maybe it is possible to move this into an extra function, maybe send_proxy_headers. However, contrary to the original patch from 2008, I would suggest to always send the Host header (even when HTTP/1.0 is selected). That should cause no problems with legacy 1.0 applications, as stated by the RFC: > Unrecognized header fields should be ignored by the recipient and > forwarded by proxies. If necessary, I could write a new patch including all proxy requests in proxy.c. But as I have no overview of the OpenVPN source code, I will probably miss some places where such a request is sent. Lars
smime.p7s
Description: S/MIME Cryptographic Signature
