Environment
Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration
Situation
SSLVPN server setup with Enterprise mode enabled and all worked
fine. A HTTP proxy was required for internal communications so the
SSLVPN was enabled for proxy support (available with the Access
Manager 3 Support Pack 2 patch). The proxy.conf file was created
with the correct syntax
(proxyhost=:) and placed in the
users home directory but the user could not connect to the SSLVPN
server via the proxy.
Looking at the local openvpn.log file on the SSLVPN client, one could see the following error reported:
> Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
> Use --help for more information.
Looking at the local openvpn.log file on the SSLVPN client, one could see the following error reported:
> Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
> Use --help for more information.
Resolution
When using the proxy option with the SSLVPN client, make sure that
the Enterprise mode is running the TCP and not default UDP client.
The following code is active that will trigger the error
#ifdef ENABLE_HTTP_PROXY
if (options->http_proxy_options && options->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");
#endif
In our case the proto was not TCP but UDP, which caused the failure. Changing the Enterprise mode protocol to TCP fixed the issue.
#ifdef ENABLE_HTTP_PROXY
if (options->http_proxy_options && options->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");
#endif
In our case the proto was not TCP but UDP, which caused the failure. Changing the Enterprise mode protocol to TCP fixed the issue.