SSLVPN '--http-proxy MUST be used in TCP Client mode' error

  • 3073612
  • 22-Feb-2008
  • 26-Apr-2012


Novell Access Management 3 SSLVPN Server
Novell Access Management 3 Access Administration


SSLVPN server setup with Enterprise mode enabled and all worked fine. A HTTP proxy was required for internal communications so the SSLVPN was enabled for proxy support (available with the Access Manager 3 Support Pack 2 patch). The proxy.conf file was created with the correct syntax (proxyhost=:) and placed in the users home directory but the user could not connect to the SSLVPN server via the proxy.

Looking at the local openvpn.log file on the SSLVPN client, one could see the following error reported:

> Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
> Use --help for more information.


When using the proxy option with the SSLVPN client, make sure that the Enterprise mode is running the TCP and not default UDP client. The following code is active that will trigger the error

if (options->http_proxy_options && options->proto != PROTO_TCPv4_CLIENT)
msg (M_USAGE, "--http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)");

In our case the proto was not TCP but UDP, which caused the failure. Changing the Enterprise mode protocol to TCP fixed the issue.