Feature Request: Support proxy configuration

[sherwo...@gmail.com]

I wish Tunnelblick could support proxy configuration options described in https://docs.openvpn.net/docs/openvpn-connect/openvpn-connect-ios-faq.html. They are PROXY_HTTP, PROXY_HTTPS, PROXY_BYPASS, PROXY_AUTO_CONFIG_URL. The OpenVPN official iOS client "OpenVPN Connect" supports these options. These options can be pushed from and managed by the server. When using VPN to provide a series of services, this feature is really useful. Users could leverage it to provide all settings with only one configuration file, which is a common use case of VPN.

[jkbull...gmail.com]

Thanks for the suggestion.

There are two completely separate "proxy" features:

One is the ability to connect to an OpenVPN server through an HTTP proxy. That can be done by setting the --http-proxy and --http-proxy-option directives in the OpenVPN configuration file; nothing to do with Tunnelblick.

The other is what you are describing, which is to have Tunnelblick accept the PROXY_HTTP, PROXY_HTTPS, ROXY_BYPASS, and PROXY_AUTO_CONFIG_URL arguments to the OpenVPN "--dhcp-option" directive.

Those arguments don't seem to be documented (at least not on the OpenVPN 2.3 man page), so it isn't clear to me exactly what they do. Besides iOS, what other platforms are they supported on? (Windows, Linux, ?) Can you point to other documentation?

[zyco...@gmail.com]

seems I can use  http-proxy-option android version

在 2015年8月4日星期二 UTC+8上午1:48:19，Tunnelblick developer写道：

[foui...@gmail.com]

Hello,

I need this dhcp push "PROXY_HTTP, PROXY_HTTPS" options too.

Can you please add this feature?

Happy new year !

[cesar....@gmail.com]

Hello everyone, bumpling the thread as it seems it isn't supported yet, at least on version 3.7.4b (build 4921).

Even if they're not documented, they should override the Proxy settings on MacOS, it's a drag to be manually updating the proxy settings everytime I connect to my VPN.

Thanks in advance.

[Tunnelblick developer]

Cesar, how are you manually update the proxy settings? If you do it in Terminal, make it into a script and add the scripts to your configuration. See Using Scripts.

[cesar....@gmail.com]

Well, it looks quite simple using the networksetup command on MacOS. This should be fast.

It should be supported on all clients natively tho ;)

Thanks for your time, I'll go this route and hope that in the future it works automatically.

[Tunnelblick developer]

@cesar - Tunnelblick is open source. It won't "work automatically" unless someone contributes the code to do that.

It would be great if you donate your code after you get it working. You can do that by posting here, by emailing it to  devel...@tunnelblick.net, or with a PR on the Tunnelblick GitHub site -- we're flexible.

[cesar....@gmail.com]

Well, in the end I went the quick route:

I created two files inside /Users/<user>/Library/Application Support/Tunnelblick/Configurations/MyConfFile.tblk/Contents/Resources called connected.sh and post-disconnect.sh (remember to do chmod u,g+x to both files to make them executable).

The connected.sh script runs after the connection has been fully established, and its contents are:

#!/bin/bash

/usr/sbin/networksetup -setwebproxy Wi-Fi 192.168.15.201 3128 off           # These two are optional if you

/usr/sbin/networksetup -setsecurewebproxy Wi-Fi 192.168.15.201 3128 off     # already have a proxy IP set

/usr/sbin/networksetup -setwebproxystate Wi-Fi on                           # Turn on the proxy

/usr/sbin/networksetup -setsecurewebproxystate Wi-Fi on                     # Turn on the HTTPS proxy

The post-disconnect.sh script runs after the connection has been fully closed, and its contents are:

#!/bin/bash

/usr/sbin/networksetup -setwebproxystate Wi-Fi off

/usr/sbin/networksetup -setsecurewebproxystate Wi-Fi off

I used the post-disconnect.sh script to avoid disabling the proxy on reconnects.

CAVEATS:

1. It only works for Wi-Fi, and if your Wi-Fi is called exactly like that when using the command networksetup -listallnetworkservices

2. It doesn't save the previous Proxy settings if they exist, and it doesn't delete the Proxy IP address/port on disconnect

As I said, it's very crude but works for me. Perhaps someone else can do better scripts (for example, set the correct Interface and save previous Proxy settings).

Thanks for your time and for the excellent piece of software :)

[Tunnelblick developer]

Thanks, Cesar.