Password Caching on multiple http-proxies

[appunnicer13]

I use openVPN GUI in my windows 10 computer. There is a problem with it, I am trying to use multiple HTTP proxies using connection tags , our connections are limited by TCP 80 , 443 ports so I used same remote host for all my connections , then i had 5 -6 http proxies through which i wanted the OPENVPN to iterate, but the problem is that it is not iterating the credentials as well while iterating the connection . HTTP proxy Credentials are somehow cached and not iterated through. . I believe that this is not an intended behaviour and caused while trying to Cache Credentials .

​https://drive.google.com/file/d/0BwlvQ0O2HFzzVUVZYjZSQ05FY3pnb0U0VUNrUUpLTnN5bG1J/view?usp=sharing here is the typical config.

[tct]

OP client config .. save on aggravation

# Automatically generated OpenVPN client config file
# Generated on Sat Oct  8 19:23:13 2016 by openvpn-new
# Note: this config file contains inline private keys
#       and therefore should be kept confidential!
# Note: this configuration is user-locked to the username below
# OVPN_ACCESS_SERVER_USERNAME=xxxxxxxx
# Define the profile name of this particular configuration file
# OVPN_ACCESS_SERVER_PROFILE=openvpn@x.x.x.x
# OVPN_ACCESS_SERVER_CLI_PREF_ALLOW_WEB_IMPORT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_CONNECT=True
# OVPN_ACCESS_SERVER_CLI_PREF_ENABLE_XD_PROXY=True
# OVPN_ACCESS_SERVER_WSHOST=x.x.x.x:443
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_START
# -----BEGIN CERTIFICATE-----
# -----END CERTIFICATE-----
# OVPN_ACCESS_SERVER_WEB_CA_BUNDLE_STOP
# OVPN_ACCESS_SERVER_IS_OPENVPN_WEB_CA=1
# OVPN_ACCESS_SERVER_ORGANIZATION=OpenVPN Technologies, Inc.
setenv FORWARD_COMPATIBLE 1
setenv ALLOW_PASSWORD_SAVE 0
client
server-poll-timeout 8
nobind
dev tun
dev-type tun
ns-cert-type server
reneg-sec 604800
sndbuf 100000
rcvbuf 100000
auth-user-pass login_aws.conf
auth-nocache
ping-exit 60
resolve-retry 1
connect-retry 1

#
<connection>
http-proxy 10.1.1.18 80 proxy18(1).conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.18 80 proxy18.conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.18 80 proxy18(3).conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.45 80 proxy45(1).conf basic
http-proxy-retry 
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.45 80 proxy45.conf basic
http-proxy-retry 
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.19 80 proxy19.conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.18 80 proxy18(1).conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

#
<connection>
http-proxy 10.1.1.16 80 proxy16.conf basic
http-proxy-retry
remote x.x.x.x 443 tcp
</connection>

# NOTE: LZO commands are pushed by the Access Server at connect time.
# NOTE: The below line doesn't disable LZO.
comp-lzo no
verb 3
setenv PUSH_PEER_INFO
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>

<cert>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</cert>

<key>
-----BEGIN PRIVATE KEY-----

-----END PRIVATE KEY-----
</key>

key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key (Server Agent)
#
-----BEGIN OpenVPN Static key V1-----

-----END OpenVPN Static key V1-----
</tls-auth>

## -----BEGIN RSA SIGNATURE-----
## -----END RSA SIGNATURE-----
## -----BEGIN CERTIFICATE-----
## -----END CERTIFICATE-----

[Antonio Quartulli]

Apparently "http-proxy-user-pass" does not exist in the connection context. OpenVPN expects to have only one set of proxy credentials.
Consequently, in this configuration, the first credentials (specified inline with http-proxy) are stored and the others are ignored.

Not sure why it is like that ... I would also agree that new credentials should be allowed to be specified with a new http-proxy server.

[Antonio Quartulli]

I have a patch which would fix this issue, however it is for the current master branch.
Would you have a chance to clone it and apply my patch for a quick test?

[Antonio Quartulli]

FYI, the patch is on the ml. The subject is "[PATCH] reload HTTP proxy credentials when moving to the next connection profile"

[Antonio Quartulli]

The patch fixing this issue has been merged into master (commit 86b58ceb) and the 2.4 (commit fbc50963) branches. It'll be available in 2.5 and in the next 2.4.x release.