Essence: there is a local network 172.26.10.0/24 , access to the Internet from it through a proxy 172.26.15.252 for a login-password pair. Proxy cuts ICMP , but does not cut TCP 80/443/21/22 . There is also a remote local network 192.168.1.0/24 , the host 192.168.1.1 has direct access to the Internet + the CloudDNS (Mikrotik) service is enabled , so external ip dynamic, raised NAT.

I plan to raise an OpenVPN server on the 192.168.1.0/24 network, and configure the client on the 172.26.10.0/24 network. The question is whether a connection will be established between the client and the server via VPN if the proxy cuts ICMP?

  • I’ll add that L2TP / IPSec from network A to network B without using a proxy, i.e. according to the client A -> router1 -> pppoe -> internet <- pppoe <- router2 <- client B scheme works fine. - Jack Black

1 answer 1

The answer is "yes." The connection will be. I am not an expert in this field, but I did a test. It turned out that ICMP is not involved. Corp. proxy cuts everything except 80/443. Initially, the problem was solved by forwarding ports on the router. Works. Did not like.

Then he made SSH tunneling, spent the day. A little slow, but both ways and encrypted.

Today I have already figured out the OpenVPN settings (thanks bozza). It turned out all trite and simple. Since the proxy only allows 80/443, the openvpn server has configured port 443. In the client's configuration, OpenVPN has registered a proxy server / login pass. After that, it all worked.

For myself, I found out a few points. From under Win / * nix there are no problems with software and settings, half a day to sit and solve. But for Android it’s hard to get SSH Tunnel to go through ProxyDroid. It is even more difficult to reconfigure something to a local proxy.

ps And the only sax left me with OpenVPN under the androyd, which is not friendly with TAP, only with TUN. And under Win it turned out to work only with TAP.