From eb6e9a9fcf0ddd28e174c6db36d1c01f2c199110 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Wed, 5 Mar 2025 20:58:19 +0100
Subject: [PATCH] VPN: OpenVPN: Instances - add basic http client option,
 closes https://github.com/opnsense/core/issues/8342

---
 .../OPNsense/OpenVPN/forms/dialogInstance.xml          | 10 ++++++++++
 .../mvc/app/models/OPNsense/OpenVPN/OpenVPN.php        |  5 +++++
 .../mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml        |  3 +++
 3 files changed, 18 insertions(+)

diff --git a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
index 71dea4c39..1ec1e4498 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/OpenVPN/forms/dialogInstance.xml
@@ -670,4 +670,14 @@ Set to 0 to disable, remember to change your client as well.
             <formatter>boolean</formatter>
         </grid_view>
     </field>
+    <field>
+        <id>instance.http-proxy</id>
+        <label>HTTP Proxy</label>
+        <type>text</type>
+        <style>role role_client</style>
+        <help>Use a http proxy to connect to the selected server, define as host:port.</help>
+        <grid_view>
+            <visible>false</visible>
+        </grid_view>
+    </field>
 </fields>
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
index cece2a4e0..61c53fdbf 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.php
@@ -548,6 +548,11 @@ class OpenVPN extends BaseModel
                     if (!empty((string)$node->remote_cert_tls)) {
                         $options['remote-cert-tls'] = 'server';
                     }
+                    if (strrpos($node->{'http-proxy'}, ':') > 0) {
+                        $tmp = substr_replace($node->{'http-proxy'}, ' ', strrpos($node->{'http-proxy'}, ':'), 1);
+                        $options['http-proxy'] = $tmp;
+                    }
+
                     // XXX: In some cases it might be practical to drop privileges, for server mode this will be
                     //      more difficult due to the associated script actions (and their requirements).
                     //$options['user'] = 'openvpn';
diff --git a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
index 33a1ab125..9ce600a84 100644
--- a/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+++ b/src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
@@ -382,6 +382,9 @@
                 <description type="DescriptionField"/>
                 <compress_migrate type="BooleanField"/>
                 <ifconfig-pool-persist type="BooleanField"/>
+                <http-proxy type="IPPortField">
+                    <HostnameAllowed>Y</HostnameAllowed>
+                </http-proxy>
             </Instance>
         </Instances>
         <StaticKeys>