====== Using a VPN to bypass stupid proxies ======

===== Introduction =====

In this document, you'll find the necessary stuff to bypass proxies that allow only ports 80 and 443, to go to the internet without any port-limitation or stupid filtering. Most of the "Client Part" is for an Android-based client, but should be easily adapted to other platforms.

===== Server Part =====

For a basic OpenVPN setup, you should have a look [[public:openvpn|here]].

==== Limitations ====

The proxy we need to bypass only allows web protocols; so we'll setup our openvpn to listen on TCP-443 port:

<code>
proto tcp-server
port 443
</code>

==== Sharing the HTTPS port with a webserver ====

Since [[http://openvpn.net/index.php/open-source/documentation/manuals/69-openvpn-21.html|version 2.1]], OpenVPN provides a nice feature: proxying HTTPS requests. It is able to listen on the 443 port, and to forward non-VPN traffic to another webserver. Just write the webserver IP and port to forward traffic to:

<code>
port-share remoteserver 443
</code>

==== Routing *all* traffic throught VPN ====

OpenVPN provides an option to route all trafic, instead of just the VPN one. Just happen the following line:

<code>
push "redirect-gateway def1"
</code>

===== Client Part =====

==== Installation on Android ====

Warning: for most of this operations, you need to be [[http://www.ryebrye.com/blog/2009/08/16/android-rooting-in-1-click-in-progress/|root]].

  * Install busybox from [[http://benno.id.au/blog/2007/11/14/android-busybox|here]].

  * Get the OpenVPN binary [[http://github.com/fries/android-external-openvpn/downloads|here]]. 

Manually install archive's contents:

<code>
adb push libcrypto.so /system/lib/
adb push liblzo.so /system/lib/
adb push libssl.so /system/lib/
adb push openssl /system/bin/
adb push openvpn /system/bin/
adb shell chmod 4755 /system/bin/openssl
adb shell chmod 4755 /system/bin/openvpn
</code>

You'll also need the tun driver for your appropriate kernel. I downloaded mine [[http://code.google.com/p/get-a-robot-vpnc/issues/detail?id=55|there]]. Copy it to /system/lib/modules/, and load it:

<code>
adb push tun.ko /system/lib/modules/
adb shell insmod /system/lib/modules/tun.ko
</code>

==== Going through the proxy ====

Here are the lines you need to happen to your client file to use a famous French ISP's proxy:

<code>
http-proxy-option AGENT "Series60/3.1" # some user-agent to fool the proxy
http-proxy-retry # restart connexion if it breaks
http-proxy 195.115.25.129 8080 # Proxy Name
keepalive 5 600 # keep the connexion alive
</code>