M HYPE SPLASH
// news

How to connect to OpenVPN server via cURL?

By Emily Wilson

Is it possible to use an OpenVPN server as a proxy in a cURL command?

I don't want to connect my entire computer to the OpenVPN. Instead, I want to use it in a single cURL command.

something like

curl -x url

but it doesn't work and returns

curl: (56) Recv failure: Connection reset by peer

My OS is Ubuntu 18.04

1 Answer

No, it isn't.

First, the command doesn't work because you're telling cURL to speak a completely different protocol than the server speaks. OpenVPN and http:// are nothing alike – the server doesn't recognize any requests sent by cURL, and cURL doesn't understand any responses.

Second, it cannot work because cURL does not support any VPN protocols. There is no way to correctly specify that cURL should speak the OpenVPN protocol, or any other VPN protocol, because that's not in the program.

(In theory it's not impossible to add this to cURL, but it would massively increase complexity compared to "proxy" protocols, because cURL would need to learn TCP and IP in addition to learning about the VPNs themselves – i.e. it would need to duplicate much of of the network stack that resides in the OS.)

If you have root access to the system, you can use various mechanisms to limit what the OpenVPN connection is used for:

  • the regular IP routing table, to choose VPN usage based on destination IP address;
  • policy routing, to select the connection depending on source IP address (e.g. make it so that curl --interface tun0 would use the VPN but regular curl would not);
  • firewall rules, to select the connection depending on the protocol and ports used, and even based on user ID;
  • network namespaces, to create two different "worlds" where some processes see only the VPN while all other processes only see the original connection.

For example, if you want to limit VPN usage to just 10.0.0.0/8 (or vice versa, to exclude that network from the VPN) that's trivial to do using just OpenVPN's route options. For example, to limit the VPN to a specific network only:

route 10.0.0.0 255.0.0.0 vpn_gateway
route-nopull

And to exclude a specific network while using the VPN for everything else:

route 10.0.0.0 255.0.0.0 net_gateway
3

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

More in news

How to Test Website from Different Countries?

Reeling Backward: The Rainmaker (1956)