Re: [Openvpn-users] (reversed) proxy

[Hans via Openvpn-users]

Hallo Jan,

From: Jan Just Keijser <jan.just.keij...@gmail.com>
Sent: Wednesday, May 22, 2024 2:19 PM
To: Witvliet, J, Ing., COMMIT/JIVC/GII/TEAM ITT <j.witvl...@mindef.nl>; 
openvpn-users@lists.sourceforge.net
Subject: Re: [Openvpn-users] (reversed) proxy

Hoi Hans,

On 22/05/2024 12:41, Hans via Openvpn-users wrote:
Hi all,

At the openvpn client side it is possible to use http-encapsulation,
For instance, we use in our client-config:

(snip)
<connection>
http-proxy url-site-A 443
remote  url_vpn-XXX  5555 tcp
</connection>

<connection>
http-proxy url-site-A 443
remote  url_vpn-XXX 6666 tcp
</connection>

<connection>
http-proxy url-site-A 443
remote  url_vpn-YYY  7777 tcp
</connection>

<connection>
http-proxy url-site-A 443
remote  url_vpn-YYY  8888 tcp
</connection>
(snip)

For production this all works fine,
But at development I don’t have  the equipment for doing the reversed proxy 
functionality…
So I’ve searching around, and found little to no examples.
I’ve tried tinyproxy and nginx (internet’s suggestions  refer to much older 
releases of those products)

So if you do reversed proxy between internet and your vpn-server, what do you 
use?

1.       Commercial bricks?

2.       Tinyproxy?

3.       Nginx?

4.       Squid?

5.       Apache2?

6.       Anything else, like Stunnel?

what exactly do you  mean by "reversed proy functionality" ?
For development purposes (and e.g. for my old OpenVPN cookbook) , I used apache 
httpd+mod_proxy ; nowadays I simply using `tinyproxy` for these things.

HTH,

JJK

Yes, I know about your cookbook. One of my colleages borrowd it….. ☺
What I’m trying to do? At the client side I’m doing http-encapsulating the 
vpn-connectrion and go outside via port 443.
At the other end, I need to do the reverse:
- listening on 443
- feed  the result to one of the 18 vpn-instances listening on tcp port 555, 
666, 777, 8888, etc etc etc
I did try “tinyproxy” (release 1.11.1) but all I got was “Could not create 
listening sockets”.
I included my current confiog file for
(AND to avoid complaints: it is the config file of a box AT home, NOT at work. 
FFS, so I don’t leak sensitive info)




Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet 
de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u 
verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat 
aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband 
houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are 
not the addressee or if this message was sent to you by mistake, you are 
requested to inform the sender and delete the message. The State accepts no 
liability for damage of any kind resulting from the risks inherent in the 
electronic transmission of messages.

User nobody
Group nobody
Port 443
Listen 192.168.0.21
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
LogFile "/var/log/tinyproxy/tinyproxy.log"
LogLevel Info
MaxClients 100
Allow 192.168.0.21
Allow 2001:41f0:6e33:1::21
ViaProxyName "tinyproxy"

ReversePath "192.168.0.21:5128" "192.168.0.21:5128"
ReversePath "192.168.0.21:5129" "192.168.0.21:5129"
ReversePath "192.168.0.21:5130" "192.168.0.21:5130"
ReversePath "192.168.0.21:5131" "192.168.0.21:5131"
ReversePath "192.168.0.21:5132" "192.168.0.21:5132"
ReversePath "192.168.0.21:5133" "192.168.0.21:5133"
ReversePath "192.168.0.21:5134" "192.168.0.21:5134"
ReversePath "192.168.0.21:5135" "192.168.0.21:5135"
ReversePath "192.168.0.21:5136" "192.168.0.21:5136"
ReversePath "192.168.0.21:5137" "192.168.0.21:5137"
ReversePath "192.168.0.21:5138" "192.168.0.21:5138"
ReversePath "192.168.0.21:5139" "192.168.0.21:5139"

ReversePath "192.168.0.21:5151" "192.168.0.21:5151"
ReversePath "192.168.0.21:5152" "192.168.0.21:5152"
ReversePath "192.168.0.21:5153" "192.168.0.21:5153"
ReversePath "192.168.0.21:5154" "192.168.0.21:5154"
ReversePath "192.168.0.21:5155" "192.168.0.21:5155"
ReversePath "192.168.0.21:5156" "192.168.0.21:5156"
ReversePath "192.168.0.21:5157" "192.168.0.21:5157"
ReversePath "192.168.0.21:5158" "192.168.0.21:5158"
ReversePath "192.168.0.21:5159" "192.168.0.21:5159"
ReversePath "192.168.0.21:5160" "192.168.0.21:5160"
ReversePath "192.168.0.21:5161" "192.168.0.21:5161"
ReversePath "192.168.0.21:5162" "192.168.0.21:5162"
ReversePath "192.168.0.21:5163" "192.168.0.21:5163"

ReverseOnly Yes
ReverseMagic Yes


_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users