[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Question about proxy support in Windows GUI version

  • Subject: Re: [Openvpn-users] Question about proxy support in Windows GUI version
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Thu, 9 Dec 2004 15:14:11 -0700 (MST)

On Fri, 10 Dec 2004, Jason Haar wrote:

> Mathias Sundman wrote:
> >>
> >> [It's just that we've had problems in the past with apps that claim 
> >> "use IE settings" when all they actually did was read the Registry 
> >> looking for the name and port number of IE's proxy server. Using 
> >> WPAD, those keys don't exist - and yet a proxy server still has to be 
> >> used.]
> >
> >
> > OpenVPN GUI uses the InternetQueryOption() function to retrieve the IE 
> > proxy settings. However after the proxy hostname and port have been 
> > determined, OpenVPN GUI only passes this information to OpenVPN which 
> > opens a normal TCP session with the proxy server.
> >
> > Is it not possible to configure your proxy application to listen to 
> > local TCP port, which you can tell OpenVPN to use?
> No - that's not the problem. Obviously  proxy servers runs on ports - 
> the problem is that your 10,000 users shouldn't need to know that.
> The whole point about WPAD is that it was invented to handle the case of 
> mobile users. As you connect and disconnect from different carriers 
> (e.g. work, home and dialup), WPAD allows your browser to "figure out" 
> if a proxy server is required to access the Internet. IE, Konqueror, 
> Mozilla, Netscape and Firefox all support it.
> Without WPAD support, users who use different carriers are forced to 
> actually know what settings are appropriate for which network. Microsoft 
> has provided an API via the IE libraries (I'm sorry, I'm not a Windows 
> programmer, but have discussed this at length over the years with 
> Windows developers - so my wording is probably wrong) that allows 
> applications that use HTTP to simply get the library to send/receive the 
> data instead of having to do all the socket calls themselves. The 
> advantage of this method is that the application doesn't need a full 
> blown Javascript interpreter built into it to do the WPAD bit - the API 
> takes care of that for you.
> Frankly, the format isn't that tough, normally WPAD files say "if the 
> URL you are going to contains this.dom or that.dom then go direct, else 
> use proxy server a.b.dom port 3128" - in Javascript.I personally run a 
> shell script on my Linux laptop to manually look for the WPAD file on 
> the network and set HTTP_PROXY,etc based on what it finds (I just do a 
> bunch of greps looking for a proxy statement and ignore the rest ;-). So 
> maybe a Javascript interpreter isn't needed 99% of the time.

I took a look at the expired internet draft for WPAD.  My first thought is 
that a VPN is going to have extra requirements than a browser in terms of 
using WPAD as a dynamic reconfiguration tool.  OpenVPN may or may not use 
a proxy.  It may want to use UDP or TCP depending on where it is 
connecting from.  In some cases it may want to disable itself completely 
if the host machine is plugged into the corporate LAN.

Now on the other hand if you only want to add WPAD support to OpenVPN's
existing proxy capability, it shouldn't be very difficult.


Openvpn-users mailing list