Re: [Openvpn-users] --socks-proxy and --redirect-gateway def1

Sat, 01 May 2021 03:26:26 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256




Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, 1 May 2021 10:03, Gert Doering <g...@greenie.muc.de> wrote:

> Hi,
>
> On Fri, Apr 30, 2021 at 09:15:07PM +0000, tincantech via Openvpn-users wrote:
>
> > Ref: https://forums.openvpn.net/viewtopic.php?f=6&t=32193#p99021
> > (This also applies to --http-proxy)
> > The question is, how/what does openvpn do in the case that the client
> > is connecting via a proxy server when using --redirect-gateway def1 ?
> > From man openvpn (8):
> > (1) Create a static route for the --remote address which forwards to the 
> > pre-existing default gateway.
> > But if the proxy is non-local then --redirect-gateway will break 
> > connectivity.
> > Obviously, I am missing some key information here but the manual has nothing
> > either and I have dug deep enough already.
> > (I would test this myself but .. well, what are mailing lists for ? )
>
> I would expect this to do the same thing it would do for the "non proxy"
> case - install a host route to the existing default gateway so packets
> to the server (and with proxy, to the proxy) can still flow. Then,
> change the default route into the tunnel.

This is what I would expect too.  In effect the host route to --remote
would be replaced by a route to --socks-proxy but I cannot find any
documentation to that effect.  However, a closer inspection of the forum
thread does confirm this to be true.

Follow-up: Would using --tls-crypt (v1 or 2) be more secure even than a
proxy server with obfuscation ?  IE. Fully encrypted TLS instead of simple
obfuscation.

Thanks


-----BEGIN PGP SIGNATURE-----
Version: ProtonMail

wsBzBAEBCAAGBQJgjSxfACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec
9muQuJ3eyQf+OX4i2G84QjJ4jrh3m6RG+LOv7OUjVUZry3TeEceFv22URlSv
V1+fhgyznMUPheLteF+gJFNkvLgQ2WZDNXw/DUmjV0N3E9UjC34qSV9zMu/Q
AmHL5PvTRqTVyGp3HXs4WJP0Ni4vAM3eEAS7q9jBzeBG6C+6+vi0Fny2SbqA
66w1HtgdcAZg3hoqDojTVIjFMMulIjgFShWNYDQc2qNzuOtKvVEUq1DNDQS8
3AtJKpjeNee4LLW/sUrDRmKg0W5uCT3aQYFlxczPoH37f+48nHWK0N/OJlnL
56fb8HQRz7vp270cQQFWTzmegbBfKqpRKXVDLOfP6aUgdYLrVzrc8g==
=wZJr
-----END PGP SIGNATURE-----

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc
Description: application/pgp-keys

Attachment: publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig
Description: PGP signature

_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users






















					Reply via email to