Hi All Thanks for the suggestions..
1) OK, I'm feeling dumb. I guess its a case of RTFS. Based on the source here: https://github.com/OpenVPN/openvpn/blob/master/src/openvpn/socks.c, OpenVPN only supports SOCKS5.. this doesn't appear to be mentioned anywhere in the documentation. My proxy is a SOCKS4 proxy, and hence expects a longer header than is being sent, resulting in timeouts. I'd suggest updating the man page to explicitly say that only SOCKS5 is supported - can someone point me in the direction of the file, and i'll submit a git push? 2) I've now rewritten the proxy that I'm using to support SOCKS5, and tested that it runs fine with curl --socks5. However when I try to tunnel OpenVPN through it, I get the following error: Oct 24 16:06:53 master rsyslogd-2177: imuxsock begins to drop messages from pid 2331 due to rate-limiting Oct 24 16:06:53 master ovpn-client[2332]: Attempting to establish TCP connection with [AF_INET]192.168.147.82:110 [nonblock] Oct 24 16:06:54 master ovpn-client[2332]: TCP connection established with [AF_INET]192.168.147.82:110 Oct 24 16:06:54 master ovpn-client[2332]: TCPv4_CLIENT link local: [undef] Oct 24 16:06:54 master ovpn-client[2332]: TCPv4_CLIENT link remote: [AF_INET]192.168.147.82:110 Oct 24 16:06:54 master ovpn-client[2332]: WARNING: Bad encapsulated packet length from peer (43520), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...] Oct 24 16:06:54 master ovpn-client[2332]: Connection reset, restarting [0] Is there something special I need to implement in the SOCKS5 proxy to fix this link issue? FWIW the proxy itself is running under Windows (although both client & server are running under Ubuntu Linux), but 43520 bytes (42k) seems a strange number. I've already tried setting link-mtu (and then tun-mtu) to this number on both client & server, but after that it doesn't seem to connect at all. thanks Steve On Thu, Oct 24, 2013 at 6:43 AM, Thomas Murach <mur...@physik.hu-berlin.de>wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > in my case, I had to add the following options: > > pull > tls-client > persist-tun > comp-lzo > > I'm quite sure that tls-client is the one you need. The others are > specific to your setup. I hope that this helps. > > Cheers, > Thomas > > > Hi, On Wed, Oct 23, 2013 at 10:50:11PM +0800, Steve Cook wrote: > > I can't get openvpn to connect through my socks proxy server, and > searching > > around seem to find other users with the same problem, but no > > known solution. > > It "should" work. Does the Android client work? > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2.0.19 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJSaFECAAoJEKQl1saKseE5nTkP/R50DTsaw2U/iYYY0h6IK6KP > zSrGX+XF5cw2dnXVHY/NjYL19kCflB97MxzjzGww6EpuMtesNFX5w7Qq01X+zksd > YOv6emgt9BhC5syyqYqFelr3MpV4kjCMBgP9vuZJZvIYfGssUgTdwAkeSxBYzjYt > jUSklqoRZaN48sw8mA4YPGHUqZgZEy+rIUpAE2pMT+DBF0GQdDgkCdJ1qNzYT26C > 9uVpA8ie3Aw3VRhwssKffmdonJzHfVcbR5mh1w0sNQd2Dgcc9tSj7Elw3EjEdzi9 > ML+03NZf++2OnEHO65V52g2HZ8Fq6pf1HnMOgCvv+kMMp5a5jDjR2MeMLComiR9Y > FkD+IdhHtd+8kGZS1sEtwdrs1rIewS+FWCS7qWGVUsDSt517jgpz9rSs2nOo5ELm > buCllZUVaZWko+Z3EQ0UPxv99Zdib63ZJZns5waDU0aSK5RlXhg4lqLmsMs4xjq7 > 2XpeLljtKUQ8LJrt+/PHcvFeLgBgDEG0+XhQZTkj112HvCSlDFQAkJEowgjMpFzH > e8T/REWZUlTjlf7oQNx0jpGUW134VOMKMWN8NM01zxJasjipGdzCUrNjdwIvVI4C > NyURsXTsue35lEJDiH2EEPchyK7A1983vZXRmETX/6uNoYWKsEH3nU90NhbucUe6 > ZfYzCGmVQeCcZ03+F6xJ > =kHni > -----END PGP SIGNATURE----- >
