[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Question about proxy support in Windows GUI version

  • Subject: Re: [Openvpn-users] Question about proxy support in Windows GUI version
  • From: Jason Haar <Jason.Haar@xxxxxxxxxxxxx>
  • Date: Fri, 10 Dec 2004 09:55:07 +1300

Mathias Sundman wrote:

[It's just that we've had problems in the past with apps that claim "use IE settings" when all they actually did was read the Registry looking for the name and port number of IE's proxy server. Using WPAD, those keys don't exist - and yet a proxy server still has to be used.]

OpenVPN GUI uses the InternetQueryOption() function to retrieve the IE proxy settings. However after the proxy hostname and port have been determined, OpenVPN GUI only passes this information to OpenVPN which opens a normal TCP session with the proxy server.

Is it not possible to configure your proxy application to listen to local TCP port, which you can tell OpenVPN to use?

No - that's not the problem. Obviously proxy servers runs on ports - the problem is that your 10,000 users shouldn't need to know that.

The whole point about WPAD is that it was invented to handle the case of mobile users. As you connect and disconnect from different carriers (e.g. work, home and dialup), WPAD allows your browser to "figure out" if a proxy server is required to access the Internet. IE, Konqueror, Mozilla, Netscape and Firefox all support it.

Without WPAD support, users who use different carriers are forced to actually know what settings are appropriate for which network. Microsoft has provided an API via the IE libraries (I'm sorry, I'm not a Windows programmer, but have discussed this at length over the years with Windows developers - so my wording is probably wrong) that allows applications that use HTTP to simply get the library to send/receive the data instead of having to do all the socket calls themselves. The advantage of this method is that the application doesn't need a full blown Javascript interpreter built into it to do the WPAD bit - the API takes care of that for you.

Frankly, the format isn't that tough, normally WPAD files say "if the URL you are going to contains this.dom or that.dom then go direct, else use proxy server a.b.dom port 3128" - in Javascript.I personally run a shell script on my Linux laptop to manually look for the WPAD file on the network and set HTTP_PROXY,etc based on what it finds (I just do a bunch of greps looking for a proxy statement and ignore the rest ;-). So maybe a Javascript interpreter isn't needed 99% of the time.


Openvpn-users mailing list