Configuring VPN to Tunnel Through HTTP Proxy

In certain environments, internet access is only allowed through an HTTP proxy. In such environments you may setup the VPN tunnel to pass through the HTTP Proxy as follows.

Important Note: Using TCP for a VPN tunnel significantly impacts performance in case of link congestion. Tunneling through an HTTP proxy may introduce further response time delays and bandwidth constraints. We recommend applying QoS policies (there is an example later in this appendix) to constrain the bandwidth consumed by the tunnel.

To configure VPN to tunnel through HTTP proxy:

  1. Follow the instructions to configure TCP-based VPN. See Configuring VPN using TCP.
  2. Connect to the VyOS virtual appliance console on-premises and enter the following.
  3. Replace PROXY_IP with the IP address of the HTTP proxy allowing outbound access to the internet, and replace PROXY_PORT with the applicable proxy port. The two are separated by a single space character.
set interfaces openvpn vtun0 openvpn-option "--http-proxy PROXY_IP PROXY_PORT"

Note: This configuration supports HTTP proxies that do not require authentication. It also requires that the HTTP proxy supports the HTTP CONNECT method.