OpenVPN via proxy not sure what's happening, Clarification about theory?

Question

I'm currently running OpenVPN and a squid proxy on a small VPS. In the config file of the VPN I'm using OpenVPN proxy options to connect to the proxy before the VPN.

The interesting part of the configuration is like this:

*Note: the redacted IP in the config file is the same as both squid and OpenVPN server are on the same VPS.

[...]
remote xxx.xxx.xxx.xxx 15855 tcp-client
http-proxy xxx.xxx.xxx.xxx 3128
[...]
http-proxy-option CUSTOM-HEADER Host [redacted]
[...]

I understand that the proxy is located before the VP connection, but squid being an HTTP proxy how can it handle the TCP connection to the VPN? When the custom header is passed? It's passed when the client connects to the proxy or when from the proxy the packets go to the VPN?

Can anybody explain it or point me to some reference to better understand what's happening?

Answer 1

Proxies like Squid supports a bunch of different HTTP request methods. You have probably heard of GET, POST etc, but there are others like the one OpenVPN is utilising above; CONNECT.

CONNECT creates a "tunnel" over HTTP, and you can read more on this wikipedia page.

Answer 2

The "proxy" in OpenVPN only means that the OpenVPN client is connected to the server through a proxy, like socks5 proxy you can open on a ssh client. Unless you set squid to be the http proxy on a given port, it will automatically hijack any outbound traffic to port 80 or port 443 with its own cached files. Under this settings, you can view squid as reverse-proxy like nginx who does not provide a real http proxy.