By running a proxy server on a Linux device, you can let multiple devices use your VPN connection without the need of getting a VPN router. This works on any Linux-based device, e.g. Raspberry Pi, Linux-on-Android (e.g. via Linux Deploy) or even on a virtual machine.
Advantages:
Example scenarios of use:
This tutorial is using tinyproxy as proxy server. Basic Linux knowledge is required though!
|
# Allow: Customization of authorization controls. If there are any # access control keywords then the default action is to DENY. Otherwise, # the default action is ALLOW. # # The order of the controls are important. All incoming connections are # tested against the controls based on order. # Allow 127.0.0.1 |
Here you can add IPs or subnets that are allowed to use the proxy.
So if you want to let only client IP 192.168.0.35 use the proxy, add:
Allow 192.168.0.35
If you want to let the whole subnet 192.168.0.x use the proxy, add:
Allow 192.168.0.0/24
Now, scroll down to this part:
# ConnectPort: This is a list of ports allowed by tinyproxy when the # CONNECT method is used. To disable the CONNECT method altogether, set # the value to 0. If no ConnectPort line is found, all ports are # allowed (which is not very secure.) # # The following two ports are used by SSL. # ConnectPort 443 ConnectPort 563 |
Comment the "ConnectPort 443" line, so it looks like this:
# ConnectPort 443
Of course you can also remove it.
This is required, otherwise the proxy can't be used while the VPN is connected via OpenVPN-TCP on port 443.
Save the file, exit nano.
Now, enable forwarding if you wish to have access to your entire home network while away.
Edit the ‘sysctl’ file.
nano /etc/sysctl.conf
Find “net.ipv4.ip_forward=1” and uncomment it (or change =0 to =1) to enable forwarding.
Now, execute the following command to apply changes:
sysctl -p
Step 3: Testing the proxy
Start tinyproxy by running "tinyproxy".
Now get onto your client to test the proxy.
Set it to use the IP of the device where tinyproxy is running, at standard port 8888.
This is easily done in Windows by opening Internet Explorers menu:
Tools - Internet Options - Connections - LAN settings
Check: Use a proxy server for your LAN
Address: IP of the device where tinyproxy is running on
Port: If not configured in tinyprox.conf otherwise, its 8888
Click OK.
Browse to e.g. ipaddress.com
If you get an error page, tinyproxy.conf wasn't properly configured to allow you access.
If you can browse, tinyproxy is working.
Step 4: Connecting to VPN
Now download the HideMyAss OpenVPN connection script:
wget http://hmastuff.com/hma-vpn.sh
Make it executable:
chmod +x hma-vpn.sh
Connect to the VPN (e.g. "./hma-vpn.sh -p tcp Texas")
When the VPN is connected, go to ipaddress.com on your client computer and check location again.
It should now show you the location of the VPN server. Thats all!
Now you can set any device to use the proxy server, and it will automatically use the VPN connection.
Notes
- If you get any permission denied errors, or can't modify file contents in the editor, make sure you have root access.
Do so either by first running "su" and then proceed, or prefix each command with "sudo".
- Feel free to use other VPN connection methods, e.g. PPTP or L2TP via a GUI like LXDE, Gnome, Unity;
PPTP via command line, or gOpenVPN via GUI.
- To use the proxyserver from outside of our local network, you'll need to create a port forwarding rule on your router
for the port the proxyserver is running on (in this example, TCP port 8888) to the IP of the linux device.
Here's a list of tutorials for various routers on how to create port forwarding rules.
Since you may not always know your external IP, consider using a Dynamic DNS service on it.
- When running the proxyserver on a virtual machine, you will have to use a bridged network setup in your virtualization software,
so that the device fetches its own IP from your networks DHCP server.
- To prevent non-proxified traffic, you could forbid all traffic that is not coming from / going to the proxy servers IP, e.g. with Windows or Comodo Firewall.
For links on how IP binding rules are created, see the article IP Binding
- If you want even more security, prevent fallsbacks to your real IP and ensure that your whole system is using the VPN, check this tutorial:
Tutorials:Using local PPTP server as VPN router alternative
- Having trouble with this tutorial? Have suggestions, improvements, questions? Feel free to email in at wiki@hmastuff.com