Squid traffic tunneled through VPN

squidtunnelingvpn

So what I'm trying to do is have a Squid Proxy run on 1 machine along side a VPN connection. What I want to happen is all traffic running though the Squad Proxy would run though the VPN for its outbound. ie Desktop -> (Squid Proxy -> VPN)

The goal is to allow my desktop selective tunneling through the VPN. So that Instant Messaging and the like that do not need to run through the VPN can go through my normal traffic. Typically I would go though a SSH Proxy but currently am forced to use VPN to gain entry into the office, and a Squid proxy seemed like it might work out the easiest for what I am needing.

EDIT> Realize I forgot to actually state what problem I'm running into. I have the Squid setup and verified it works, but once I connect to the VPN. All requests to Squid get accepted but Squid is unable to make the request over the VPN. So the client ends up just sitting there.

Best Answer

I do something similar. I do it using two pieces:

$ cat bin/openproxy
#!/bin/bash
ssh -C -o ServerAliveInterval=150 -L 3128:proxy:3128 gateway.company.com

Then in Firefox, I use FoxyProxy to use localhost:3128 as a proxy for machines in *.company.com.

This works for pretty much everything that I need.

Is this what you're trying to do?

Related Solutions

Tunneling traffic through two VPN hops/tunnels

This is kind of jankety, but you could setup openvpn on your desktop at work. You would then connect the original home->work VPN and connect OpenVPN through it. You would then push a route from the work desktop to the home system so it could then route traffic appropriately directly to the server in the DC.

In the openvpn config, the route could be pushed to the home system like so:

push "route 12.34.56.78 255.255.255.255"

12.34.56.78 being the IP of the server in the DC

Alternatively, you could run an SSHD via cygwin or something on the work system and use that to tunnel the RDP connection through.

Ssh – Tunneling into vpn using squid and ssh-tunnel

20:40:11.245849 IP 192.168.237.1.43253 > 172.30.3.93.https: Flags [S], seq 885758311, win 13720, options [mss 1372,sackOK,TS val 34964016 ecr 0,nop,wscale 7], length 0
20:40:11.467567 IP 172.30.3.93.https > 192.168.237.1.43253: Flags [S.], seq 1102840217, ack 885758312, win 5792, options [mss 1380,sackOK,TS val 4294961122 ecr 34964016,nop,wscale 2], length 0
20:40:11.467591 IP 192.168.237.1 > 172.30.3.93: ICMP 192.168.237.1 tcp port 43253 unreachable, length 68

First line says that your machine sent SYN flag i.e. [S] to initiate handshake with the server(segment sequence number 885758311).

Second line says that server has acknowledged with Flag [S.] to your machine's SYN request(ack 885758312 i.e 885758311+1).

I am not sure about the third line but I think it says that destination host(your machine) is informing sending host(remote machine) that the requested port i.e. 43253 is not reachable. So there must be something in your firewall that is rejecting this connection. Check the firewall rules.

Best Answer

Related Solutions

Tunneling traffic through two VPN hops/tunnels

Ssh – Tunneling into vpn using squid and ssh-tunnel

Related Topic