Jump to content
TorGuard
  • 0
Skyler7

Bypass local corporate HTTP proxy with basic authentication

Rate this question

Question

Skyler7

Hi all...

When configuring TorGuard client (v3.97.4 for Windows) I was hoping that the proxy configuration tab would allow me to specify our company's proxy firewall so the VPN connection would go through from our local network to the outside world. Maybe I'm mistaken, as now it seems to me that the whole purpose of that tab is to specify outside proxies as additional layer of privacy.

Currently I'm able to connect using the OpenVPN GUI software, with proxy configuration set like this: Manual Configuration, HTTP Proxy, IP of my internal network proxy 10.xx.xx.xx port 8080. This is the same settings we have to configure in the windows internet connection settings for Google chrome to work or in Firefox's Network connection options. The company's proxy allows connections to certain websites to go through without authentication, but for most it prompts users for username and password (browser popup). Still they block sites like youtube and facebook for instance. Using VPN allows me to bypass these restrictions and the only port I seem to be able to connect through is 443... meaning, in OpenVPN GUI I specify http proxy IP and port 8080, and use a configuration file .ovpn with the remote vpn server that tells it to connect the remote address on port 443 like this: "remote 169.57.165.67 443" (This is the IP of br.torguardvpnaccess.com). Strangely if I connect like this, the company's firewall and proxy will gladly connect without even asking for credentials, as if their rules allow this connection, but if I specify the actual domain name like this "remote br.torguardvpnaccess.com 443" it will ask for credentials. If a valid company credential is entered it still connects the VPN.

Now... back to TorGuard client... I would very much like to use it, since it's interface is nicer and makes it easier to select different countries to connect and even select port 443 as an option, but like I said, apparently the connection is not made through our corporate firewall/proxy even if it's configured in the proxy tab. Also I'd like to know if it's possible to modify it so it connects using the IP address of the destination server instead of it's name, so I would not net to supply local proxy credentials.

Bellow are the logs of OpenVPN GUI that work. Is there a way I can set up TorGuard client to be able to connect in my environment? Currently it won't connect in any way I attemped to confire it.

Log of OpenVPN GUI (Some lines removed and local IP masked (xx.xx)):

Sun Feb 02 18:57:00 2020 OpenVPN 2.4.8 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Oct 31 2019
Sun Feb 02 18:57:00 2020 Windows version 6.2 (Windows 8 or greater) 64bit
Sun Feb 02 18:57:00 2020 library versions: OpenSSL 1.1.0l  10 Sep 2019, LZO 2.10
Sun Feb 02 18:57:00 2020 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25343

...

Sun Feb 02 18:57:02 2020 MANAGEMENT: CMD 'proxy HTTP 10.xx.xx.93 8080'
Sun Feb 02 18:57:04 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]10.xx.xx.93:8080
Sun Feb 02 18:57:04 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Feb 02 18:57:04 2020 Attempting to establish TCP connection with [AF_INET]10.xx.xx.93:8080 [nonblock]
Sun Feb 02 18:57:04 2020 MANAGEMENT: >STATE:1580680624,TCP_CONNECT,,,,,,
Sun Feb 02 18:57:05 2020 TCP connection established with [AF_INET]10.xx.xx.93:8080
Sun Feb 02 18:57:05 2020 Send to HTTP proxy: 'CONNECT 169.57.165.67:443 HTTP/1.0'        <------- This is TorGuard's vpn server (using IP)
Sun Feb 02 18:57:05 2020 Send to HTTP proxy: 'Host: 169.57.165.67'
Sun Feb 02 18:57:05 2020 HTTP proxy returned: 'HTTP/1.0 200 Connection established'          <------ This is what I need!

 

Log of OpenVPN GUI when using host name instead of IP (Some lines removed and local IP masked (xx.xx)):

Sun Feb 02 19:04:33 2020 MANAGEMENT: CMD 'proxy HTTP 10.xx.xx.93 8080'
Sun Feb 02 19:04:34 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]10.xx.xx.93:8080
Sun Feb 02 19:04:34 2020 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sun Feb 02 19:04:34 2020 Attempting to establish TCP connection with [AF_INET]10.xx.xx.93:8080 [nonblock]
Sun Feb 02 19:04:34 2020 MANAGEMENT: >STATE:1580681074,TCP_CONNECT,,,,,,
Sun Feb 02 19:04:35 2020 TCP connection established with [AF_INET]10.xx.xx.93:8080
Sun Feb 02 19:04:35 2020 Send to HTTP proxy: 'CONNECT br.torguardvpnaccess.com:443 HTTP/1.0'          <------- This is TorGuard's vpn server (using hostname)
Sun Feb 02 19:04:35 2020 Send to HTTP proxy: 'Host: br.torguardvpnaccess.com'
Sun Feb 02 19:04:35 2020 HTTP proxy returned: 'HTTP/1.0 407 Proxy Authentication Required'                     <------- Now our company's proxy complains
Sun Feb 02 19:04:35 2020 Proxy requires authentication
Sun Feb 02 19:04:35 2020 PROXY AUTH BASIC: 'Proxy-Authenticate: Basic realm="Squid proxy-caching web server"'
Sun Feb 02 19:04:35 2020 HTTP proxy authenticate 'realm="Squid proxy-caching web server"'
Sun Feb 02 19:04:35 2020 Attempting to establish TCP connection with [AF_INET]10.xx.xx.93:8080 [nonblock]
Sun Feb 02 19:04:35 2020 MANAGEMENT: >STATE:1580681075,TCP_CONNECT,,,,,,
Sun Feb 02 19:04:36 2020 TCP connection established with [AF_INET]10.xx.xx.93:8080                     <------- Here OpenVPN GUI prompts for username and password
Sun Feb 02 19:04:51 2020 MANAGEMENT: CMD 'username "HTTP Proxy" "mymodifiedusername"'
Sun Feb 02 19:04:51 2020 MANAGEMENT: CMD 'password [...]'
Sun Feb 02 19:04:51 2020 Send to HTTP proxy: 'CONNECT br.torguardvpnaccess.com:443 HTTP/1.0'
Sun Feb 02 19:04:51 2020 Send to HTTP proxy: 'Host: br.torguardvpnaccess.com'
Sun Feb 02 19:04:51 2020 Attempting Basic Proxy-Authorization
Sun Feb 02 19:04:51 2020 HTTP proxy returned: 'HTTP/1.0 200 Connection established'   <------- Here it connects after authorizing

 

 

 

Share this post


Link to post
Share on other sites

0 answers to this question

Recommended Posts

There have been no answers to this question yet

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...