View previous topic :: View next topic |
Author |
Message |
curmudgeon Veteran
Joined: 08 Aug 2003 Posts: 1741
|
Posted: Sat Sep 09, 2017 9:49 pm Post subject: http only traffic through a vpn |
|
|
This may sound like a stupid question (and it probably is), but I have been searching for a while and can't find an answer.
I have openvpn set up, but want to use it for only http (and https) traffic, not for things like ntp. My preference would be to just enter some proxy server in browsers which would route that traffic through the vpn. Is there some way of doing that, and if not, how do I set this up?
Thank you in advance. |
|
Back to top |
|
|
chiefbag Guru
Joined: 01 Oct 2010 Posts: 542 Location: The Kingdom
|
Posted: Mon Sep 11, 2017 9:33 am Post subject: |
|
|
You could add the "route-nopull" to your OpenVPN confih which means it will not setup routes that will route all your traffic through the tunnel.
After that you setup your proxy settings in the browser to use the tunnel
--EDIT--
See the OpenVPN manual for specific details on proxy servers
"Connecting to an OpenVPN server via an HTTP proxy."
https://openvpn.net/index.php/open-source/documentation/howto.html#redirect |
|
Back to top |
|
|
chiefbag Guru
Joined: 01 Oct 2010 Posts: 542 Location: The Kingdom
|
Posted: Mon Sep 11, 2017 10:12 am Post subject: |
|
|
Alternatively you could use iptables to route traffic based on destenation port if you for example have the following rule on your firewall where the OpenVPN is running.
Code: | iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -i LAN -j DNAT --to-destination 10.10.80.1 |
|
|
Back to top |
|
|
curmudgeon Veteran
Joined: 08 Aug 2003 Posts: 1741
|
Posted: Mon Sep 11, 2017 12:05 pm Post subject: |
|
|
Re: your first reply - I don't think that is what I want to do at all. The documentation talks about sending VPN traffic through an HTTP proxy. I want to do the opposite, be able to use the VPN AS an http proxy.
Re: your second reply - that's certainly a possibility, but there are a lot of applications now that send stuff out on port 80 (because it is almost always open). I would rather be able to (effectively) select the routing (VPN or no VPN) in the application. |
|
Back to top |
|
|
chiefbag Guru
Joined: 01 Oct 2010 Posts: 542 Location: The Kingdom
|
Posted: Tue Sep 12, 2017 7:21 am Post subject: |
|
|
Use Tinyproxy or similar on your local machine or some other one on your LAN, if you need to you can add a second ip address to your local machine and bind Tinyproxy to that for outbound connections.
Then use the previous iptables command and add the "-s" source directive to catch traffic from your proxy ip address and send to the OpenVPN tunnel. |
|
Back to top |
|
|
|