bluenote
Posts: 127
Joined: Thu Feb 05, 2015 8:25 am

Creating a proxy interface for openvpn?

Thu Dec 31, 2015 9:46 pm

Hey guys

I have openvpn running on my pi. Now I want to create a proxy interface, and route all of that traffic through the VPN.
Can someone suggest a proxy software that would do this, *and* be able to route through the VPN?
I don't really want to have to dynamically update the routing tables to go through the VPN by IP, so hopefully there's a way to just route to tun ?

thanks for any tips

bluenote
Posts: 127
Joined: Thu Feb 05, 2015 8:25 am

Re: Creating a proxy interface for openvpn?

Wed Feb 17, 2016 9:56 pm

Ok, so after a few missteps, I am now able to present a SOCKS interface to my clients, using dante.
However, dante does not do what I expect, when I specify the external interface and/or IP.
It breaks when trying to use tun0, because tun0 is not the box default route. (Which should not be needed..)

Can anyone suggest how to properly route dante traffic through tun0 when tun0 is not the default route for the whole device?
I'm not sure why dante bothers asking for an external interface if it's not going to obey what's specified.

thanks for any pointers

(In case any googlers get here .. It took me a long while to find out that most web browsers don't support SOCKS5 authentication, and just fail silently, so for testing you can use Maxthon browser).

bluenote
Posts: 127
Joined: Thu Feb 05, 2015 8:25 am

Re: Creating a proxy interface for openvpn?

Thu Mar 17, 2016 9:26 pm

Ok, since nobody responded I guess nobody has this problem, but just in case for the future I'll detail my solve.

The problem, as I understand it, is dante can accept an interface argument as "external" but then doesn't actually bind to it, at least, it doesn't behave like I would expect. (seems kind of silly to accept an interface argument but not home to it, to me, but I only have a rudimentary understanding.)

I had to create a little up.sh script for openvpn to run when the tunnel comes up, and the secret sauce was this:

ip route add to 0.0.0.0/0 via 10.x.y.z (my tunnel gateway) table 50 (not meaningful)

ip rule add from 10.x.y.a (my tunnel IP) lookup 50 priority 1

you get the gateway and IP passed to the up script from openvpn as arguments $4 and $5

Hope this helps someone. This was really painful.

Return to “Beginners”