Using HTTP Proxy with TunnelBlick Client to access OpenVPN Server

[Oliver Crow]

Hey,

This is just a quick question that I could not find an answer to on the internet.

Once I finally get my client working on Mac (it already works on Windows), which you can help me out with here (https://groups.google.com/forum/#!topic/tunnelblick-discuss/kpeWEmYKpdY) if you want, I will be running the client from behind a proxy. 

I have added this to my client configuration file:

http-proxy <proxy-server> <proxy-port> stdin basic

This works fine on my Windows machine, however, I don't get prompted to enter a username or password when I try and connect on my Mac. Does TunnelBlick support HTTP Proxy connections (with authentication)?

I have also tried adding this:

http-proxy <proxy-server> <proxy-port> userpass.txt basic

And having a file called "userpass.txt" with my username on the first line and password on the second. However, TunnelBlick's log says that there is a misplaced file called "userpass.txt", when trying to install the profile.

-Oliver Crow

[jkbull...gmail.com]

I don't think Tunnelblick itself has anything to do with the proxy; that should all be handled by OpenVPN.

So "stdin" as a filename apparently doesn't work. I don't know what "stdin" does on a Mac when it is started via Tunnelblick instead of a command line in Terminal.

You can try with the username/password in a file, but all files in a .tblk must have an extension that is recognized by Tunnelblick (so Tunnelblick can secure the file properly). So call it "userpass.key" instead of "userpass.txt". That will secure the file as a private key. which seems appropriate.

It is possible that OpenVPN will then complain that files containing usernames/passwords are not allowed. They are such a bad idea, generally, that OpenVPN does not enable them by default; they require that OpenVPN be built (compiled) with a special option. The versions of OpenVPN that Tunnelblick includes are not compiled with that option, so they are not enabled. However, that is for VPN passwords, not proxy passwords, and I don't know if OpenVPN will allow proxy username/passwords in files by default. In that case it looks like you are out of luck. You might want to contact the OpenVPN people to see if they have any suggestions

[Oliver Crow]

The client is sitting behind a proxy, and needs to get out to get to have the ability to connect to the server, so I don't think that the proxy has anything to do with the server configuration. The proxy has a basic username and password login. So are you saying that I could rename the "userpass.txt" to "userpass.key" and it would work?

Putting in the line below (on Windows) prompts me to enter a username and password to the proxy (which I prefer to my details being stored in a file) when I try and connect to the server.

http-proxy <proxy-server> <proxy-port> stdin basic

[jkbull...gmail.com]

If you want to include a file in a .tblk, it must have an extension that Tunnelblick recognizes. Tunnelblick recognizes the ".key" extension. So renaming the file to userpass.key will allow you to install the .tblk.

I have no idea whether that will make the .tblk "work", but renaming the file is necessary if you want to install the .tblk.

When I said:

"I don't think Tunnelblick itself has anything to do with the proxy; that should all be handled by OpenVPN."

what I meant is that all the "proxy stuff" should be handled by OpenVPN, not Tunnelblick. Whether it is OpenVPN on the server, or OpenVPN on the client, I don't know. That's an OpenVPN configuration question, and needs to be addressed to OpenVPN experts. You might want to consult"

• OpenVPN FAQ
• OpenVPN Documentation
• OpenVPN Users Forum
• OpenVPN Users Mailing List