How do I connect to a Client VPN endpoint using a proxy?
Last updated: 2021-01-08
I need to use an existing HTTP server as a proxy while connecting to an AWS Client VPN endpoint. How can I do this?
Set up a Squid proxy server on an Amazon EC2 instance
1. Open the Amazon Elastic Compute Cloud (Amazon EC2) console.
2. SSH into the Amazon EC2 instance.
3. Use the following command to install a Squid proxy:
sudo yum install squid -y
4. In the following file, verify that the client subnets are allowed in the list under "acl localnet src":
5. Allow the client subnet:
acl localnet src xxx.xx.xx.x/xx
Note: Be sure to replace "xxx.xx.xx.x/xx" with your client subnet address.
6. Start the Squid proxy server:
sudo systemctl start squid
7. Enable the Squid proxy server:
sudo systemctl enable squid
8. Check the status of the Squid proxy server:
sudo systemctl status squid
The output looks similar to:
[ec2-user@test ~]$ systemctl status squid ● squid.service - Squid caching proxy Loaded: loaded (/usr/lib/systemd/system/squid.service; enabled; vendor preset: disabled) Active: active (running) since Mon 2020-10-12 00:05:01 UTC; 11s ago Main PID: 6371 (squid) CGroup: /system.slice/squid.service ├─6371 /usr/sbin/squid -f /etc/squid/squid.conf ├─6373 (squid-1) -f /etc/squid/squid.conf └─6374 (logfile-daemon) /var/log/squid/access.log Oct 12 00:05:01 test.ip-10-10-2-25.ec2.internal systemd: Starting Squid caching proxy... Oct 12 00:05:01 test.ip-10-10-2-25.ec2.internal systemd: Started Squid caching proxy. Oct 12 00:05:01 test.ip-10-10-2-25.ec2.internal squid: Squid Parent: will start 1 kids
9. Note the port number that the Squid proxy is listening on, and then list the port:
Create a Client VPN endpoint, and then modify the download configuration file
1. Create a Client VPN endpoint.
Note: Be sure to choose TCP protocol when you create your Client VPN endpoint.
2. Update the ".ovpn" download configuration file to specify your proxy IP address, port number, user name, and password. Based on your use case, use the following commands to connect to Client VPN using a proxy.
If the HTTP proxy doesn't require authentication:
http-proxy <IPaddress> <port no>
If the HTTP proxy requires authentication:
http-proxy <IPaddress> <port no> stdin basic
Note: The previous command prompts for login credentials to connect to the proxy.
If the login credentials must be pulled from a specified text file:
http-proxy <IPaddress> <port no> <path for the text file for user/pass> basic
Note: In the credentials file, confirm that the first line is "username" and the second line is "password".
Important: If you're using mutual authentication, also include the client certificate and client key in the download configuration file.