Table of Contents
Using a VPN to bypass stupid proxies
Introduction
In this document, you'll find the necessary stuff to bypass proxies that allow only ports 80 and 443, to go to the internet without any port-limitation or stupid filtering. Most of the “Client Part” is for an Android-based client, but should be easily adapted to other platforms.
Server Part
For a basic OpenVPN setup, you should have a look here.
Limitations
The proxy we need to bypass only allows web protocols; so we'll setup our openvpn to listen on TCP-443 port:
proto tcp-server port 443
Sharing the HTTPS port with a webserver
Since version 2.1, OpenVPN provides a nice feature: proxying HTTPS requests. It is able to listen on the 443 port, and to forward non-VPN traffic to another webserver. Just write the webserver IP and port to forward traffic to:
port-share remoteserver 443
Routing *all* traffic throught VPN
OpenVPN provides an option to route all trafic, instead of just the VPN one. Just happen the following line:
push "redirect-gateway def1"
Client Part
Installation on Android
Warning: for most of this operations, you need to be root.
Manually install archive's contents:
adb push libcrypto.so /system/lib/ adb push liblzo.so /system/lib/ adb push libssl.so /system/lib/ adb push openssl /system/bin/ adb push openvpn /system/bin/ adb shell chmod 4755 /system/bin/openssl adb shell chmod 4755 /system/bin/openvpn
You'll also need the tun driver for your appropriate kernel. I downloaded mine there. Copy it to /system/lib/modules/, and load it:
adb push tun.ko /system/lib/modules/ adb shell insmod /system/lib/modules/tun.ko
Going through the proxy
Here are the lines you need to happen to your client file to use a famous French ISP's proxy:
http-proxy-option AGENT "Series60/3.1" # some user-agent to fool the proxy http-proxy-retry # restart connexion if it breaks http-proxy 195.115.25.129 8080 # Proxy Name keepalive 5 600 # keep the connexion alive