Using a VPN to bypass stupid proxies

Introduction

In this document, you'll find the necessary stuff to bypass proxies that allow only ports 80 and 443, to go to the internet without any port-limitation or stupid filtering. Most of the “Client Part” is for an Android-based client, but should be easily adapted to other platforms.

Server Part

For a basic OpenVPN setup, you should have a look here.

Limitations

The proxy we need to bypass only allows web protocols; so we'll setup our openvpn to listen on TCP-443 port:

proto tcp-server
port 443

Sharing the HTTPS port with a webserver

Since version 2.1, OpenVPN provides a nice feature: proxying HTTPS requests. It is able to listen on the 443 port, and to forward non-VPN traffic to another webserver. Just write the webserver IP and port to forward traffic to:

port-share remoteserver 443

Routing *all* traffic throught VPN

OpenVPN provides an option to route all trafic, instead of just the VPN one. Just happen the following line:

push "redirect-gateway def1"

Client Part

Installation on Android

Warning: for most of this operations, you need to be root.

  • Install busybox from here.
  • Get the OpenVPN binary here.

Manually install archive's contents:

adb push libcrypto.so /system/lib/
adb push liblzo.so /system/lib/
adb push libssl.so /system/lib/
adb push openssl /system/bin/
adb push openvpn /system/bin/
adb shell chmod 4755 /system/bin/openssl
adb shell chmod 4755 /system/bin/openvpn

You'll also need the tun driver for your appropriate kernel. I downloaded mine there. Copy it to /system/lib/modules/, and load it:

adb push tun.ko /system/lib/modules/
adb shell insmod /system/lib/modules/tun.ko

Going through the proxy

Here are the lines you need to happen to your client file to use a famous French ISP's proxy:

http-proxy-option AGENT "Series60/3.1" # some user-agent to fool the proxy
http-proxy-retry # restart connexion if it breaks
http-proxy 195.115.25.129 8080 # Proxy Name
keepalive 5 600 # keep the connexion alive