Setup a VPN on a Squid Proxy (Linux)
up vote
0
down vote
favorite
Hi all !
I have a Ubuntu server running a squid cache proxy server and i was wondering if it was possible to set things up so that squid would "connect to the internet" though a vpn (PureVPN). But here is the catch, only squid has to use the VPN other services like Plex/Apache... shouldn't :/
Could you help me ?
Thanks
linux vpn proxy squid source-routing
add a comment |
up vote
0
down vote
favorite
Hi all !
I have a Ubuntu server running a squid cache proxy server and i was wondering if it was possible to set things up so that squid would "connect to the internet" though a vpn (PureVPN). But here is the catch, only squid has to use the VPN other services like Plex/Apache... shouldn't :/
Could you help me ?
Thanks
linux vpn proxy squid source-routing
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Hi all !
I have a Ubuntu server running a squid cache proxy server and i was wondering if it was possible to set things up so that squid would "connect to the internet" though a vpn (PureVPN). But here is the catch, only squid has to use the VPN other services like Plex/Apache... shouldn't :/
Could you help me ?
Thanks
linux vpn proxy squid source-routing
Hi all !
I have a Ubuntu server running a squid cache proxy server and i was wondering if it was possible to set things up so that squid would "connect to the internet" though a vpn (PureVPN). But here is the catch, only squid has to use the VPN other services like Plex/Apache... shouldn't :/
Could you help me ?
Thanks
linux vpn proxy squid source-routing
linux vpn proxy squid source-routing
edited Dec 12 '15 at 11:23
asked Dec 12 '15 at 2:54
Skïp
615
615
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
Yes, it can be done. You need policy routing
, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0
, with IP address 10.0.0.2
, you will need a rule that uses the second routing table (let's call it table2
) for applications coming from 10.0.0.2
:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid
binds to 10.0.0.2
as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Yes, it can be done. You need policy routing
, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0
, with IP address 10.0.0.2
, you will need a rule that uses the second routing table (let's call it table2
) for applications coming from 10.0.0.2
:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid
binds to 10.0.0.2
as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
add a comment |
up vote
0
down vote
Yes, it can be done. You need policy routing
, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0
, with IP address 10.0.0.2
, you will need a rule that uses the second routing table (let's call it table2
) for applications coming from 10.0.0.2
:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid
binds to 10.0.0.2
as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
add a comment |
up vote
0
down vote
up vote
0
down vote
Yes, it can be done. You need policy routing
, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0
, with IP address 10.0.0.2
, you will need a rule that uses the second routing table (let's call it table2
) for applications coming from 10.0.0.2
:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid
binds to 10.0.0.2
as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
Yes, it can be done. You need policy routing
, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0
, with IP address 10.0.0.2
, you will need a rule that uses the second routing table (let's call it table2
) for applications coming from 10.0.0.2
:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid
binds to 10.0.0.2
as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
edited Apr 13 '17 at 12:37
Community♦
1
1
answered Dec 12 '15 at 8:48
MariusMatutiae
37.8k95195
37.8k95195
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
add a comment |
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment
– Skïp
Dec 12 '15 at 11:22
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
@Skïp Can you post your routing table?
– MariusMatutiae
Dec 12 '15 at 12:07
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1012366%2fsetup-a-vpn-on-a-squid-proxy-linux%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown