search

adrienverge / openfortivpn

Client for PPP+TLS VPN tunnel services
GNU General Public License v3.0
2.7k stars 320 forks source link

Using authenticated proxy #438

Open diegoortizmatajira opened 5 years ago

diegoortizmatajira commented 5 years ago

I'm using openfortivpn on corporate network, where I have to use authenticated proxy I use this script to initialize proxy settings

PROXY="http://user:password@proxy.company.com:8080"
export {http,https,ftp,rsync}_proxy=$PROXY
export {HTTP,HTTPS,FTP,RSYNC}_PROXY=$PROXY

Often I have to connect to VPN using forticlient VPN, but when it comes I have to use the VPN, I need to connect to a proxyless access point (my phone) and remove all proxy settings in order to use openfortivpn.

I've tried using the proxy server IP instead of hostname (proxy.company.com) without success.

When I try to use openfortivpn with proxy settings the app doesn't show any text it just prints an empty line on the terminal. Using the verbose option I've got:

DEBUG:  openfortivpn 1.8.1
DEBUG:  Loaded config file "/home/user/path/config-file.config".
DEBUG:  Config host = "186.116.XX.XX"
DEBUG:  Config realm = ""
DEBUG:  Config port = "443"
DEBUG:  Config username = "vpn_user"
DEBUG:  Config password = "********"
DEBUG:  Resolving gateway host ip
DEBUG:  Establishing ssl connection
DEBUG:  server_addr: 186.116.XX.XX
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 186.116.XX.XX
DEBUG:  gateway_port: 443
ERROR:  connect: Connection timed out
INFO:   Closed connection to gateway.
DEBUG:  server_addr: 186.116.XX.XX
DEBUG:  server_port: 443
DEBUG:  gateway_addr: 186.116.XX.XX
DEBUG:  gateway_port: 443

Information about my configuration OS: Manjaro Linux x86_64 Kernel: 4.19.28-1-MANJARO Package: openfortivpn from AUR

DimitriPapadopoulos commented 5 years ago

As far as I know authentication is not implemented yet in proxy support code: ccaa359

mrbaseman commented 5 years ago

yes, authentication is one of the items on the agenda for improving the proxy support in #226

Raoul555 commented 3 years ago

I vote +1 for this feature ;)

jmartasek commented 2 years ago

For reference I managed to overcome this by running a local squid proxy that is using the authenticated proxy as a parent. Sample squid.conf:

http_port 3128
http_access allow all
cache_peer parent.proxy.example.com  parent   8080      0  no-query no-digest default login=username:password
never_direct allow all
DimitriPapadopoulos commented 2 years ago

We probably need libproxy for proper proxy support.