Discussion:
[Openvpn-users] 2-hop VPN + proxy configuration
Adam Kruger
2009-12-21 16:56:14 UTC
Permalink
Hi.

Can anybody please suggest some options for routing OpenVPN client traffic
from an OpenVPN server through another proxy server before reaching the
Internet? Traffic should be routed to different proxies for different
clients. Ideally the traffic between the OpenVPN server and the proxy
should be encrypted.

I understand that SOCKS5 servers can be used to proxy and route an OpenVPN
client connection to an OpenVPN server. However, for ease of management,
I want OpenVPN to be the first hop.

Thanks.
tiggersWelt.net (Support)
2009-12-21 17:14:13 UTC
Permalink
Hello Adam,
Post by Adam Kruger
I understand that SOCKS5 servers can be used to proxy and route
an OpenVPN client connection to an OpenVPN server. However, for ease of
management, I want OpenVPN to be the first hop.
Am I right when I think that you want to proxy connections right after
they came out of the VPN - for example to a transparent HTTP-Proxy on
the VPN-Server itself?

For HTTP the solution is already given ;) For any other setup - for
example a transparent gateway for TOR - you may use a transparent
socks-gateway just as you would do with HTTP.
There are some solutions out there. One of them has been written by me
(and is merely a fork of another project):

http://oss.tiggerswelt.net/transocks_ev/


Kind regards,

Bernd
--
\\\||///
\\ - - //
( @ @ )
-oOo--( )--oOo-------------------------------------------------------
Firma Bernd Holzmüller www.tiggerswelt.net
***@tiggerswelt.net
Mönchstrasse 25 Tel: 07 11 / 550 425-90
70191 Stuttgart Fax: 07 11 / 550 425-99
Deutschland/Germany OpenPGP/GnuPG: 0xDF553B9F
Adam Kruger
2009-12-21 20:16:55 UTC
Permalink
Thanks Bernd.

Am I right when I think that you want to proxy connections right after
Post by tiggersWelt.net (Support)
they came out of the VPN - for example to a transparent HTTP-Proxy on
the VPN-Server itself?
Yes, I want to proxy connections right after they come out of the VPN,
ultimately to one of several remote proxies.
Post by tiggersWelt.net (Support)
For HTTP the solution is already given ;) For any other setup - for
example a transparent gateway for TOR - you may use a transparent
socks-gateway just as you would do with HTTP.
I have looked at transocks, transocks_ev and redsocks. If I'm not mistaken,
these can only accept TCP packets. Are there any technical reasons that UDP
is not supported?

Also, ideally I would like the connection between the OpenVPN server and my
proxies to be encrypted. I am considering using ssh or stunnel to tunnel to
the end-proxies, and redirecting packets out of the VPN through something
like transocks to the tunnel. This solution seems overly complex. Are
there any better ideas?

Thanks and best regards,

Adam
tiggersWelt.net (Support)
2009-12-21 22:10:07 UTC
Permalink
Hello Adam,
Post by Adam Kruger
I have looked at transocks, transocks_ev and redsocks. If I'm not
mistaken, these can only accept TCP packets. Are there any technical
reasons that UDP is not supported?
No, I don't think so. It's quite far away that I've done this work, but
as far as I know SOCKS5 *should* support UDP-Connections so there should
be no problem to rewrite one of these applications to support UDP-Traffic.
Post by Adam Kruger
Also, ideally I would like the connection between the OpenVPN server and
my proxies to be encrypted. I am considering using ssh or stunnel to
tunnel to the end-proxies, and redirecting packets out of the VPN
through something like transocks to the tunnel. This solution seems
overly complex. Are there any better ideas?
I don't think that there is any other option.


Kind regards,

Bernd
--
\\\||///
\\ - - //
( @ @ )
-oOo--( )--oOo-------------------------------------------------------
Firma Bernd Holzmüller www.tiggerswelt.net
***@tiggerswelt.net
Mönchstrasse 25 Tel: 07 11 / 550 425-90
70191 Stuttgart Fax: 07 11 / 550 425-99
Deutschland/Germany OpenPGP/GnuPG: 0xDF553B9F
Loading...