In the following example I'll use local port 1234, but it could be any.
Btw what's "SSH tunneling"? Check this: http://www.revsys.com/writings/quicktips/ssh-tunnel.html, or that (nice graphs): http://www.akadia.com/services/ssh_putty.html
The web page below indicate how to run OpenVPN over SSH tunnel:
http://www.niteoweb.com/blog/openvpn-over-ssh
First I need to install SQUID on my server:
apt-get install squid
--> seems Squid is up and running right after that, listening on port 3128.
_ add /etc/squid a line "http_access allow all" ... (insecure but...)
_ keep playing around with "http_access" in squid config (haven't found the optimal config yet)
Create the SSH tunnelling on Windows side:
_ Run Putty
_ Go to Connection / Data / Tunnels
_ Check "Local port accept connections from other host" (!!! not sure that is needed ???)
_ Add new port: 1234, host "yourvpnserver_address:3128"
[EDIT Feb. 2nd 2013 : I don't use OpenVPN at all anymore. I've just setup proxy 127.0.0.1:1234 in my Firefox ]
And finally tweak the OpenVPN config as indicated on niteoweb.com. With a little difference: SQUID being an HTTP proxy, not a SOCKS proxy. I'm lazy for the time being:
_ in server.conf:
proto tcp_ in client.conf:
proto tcp http-proxy 127.0.0.1 1234 route <some_IP_on_the_net> 255.255.255.255 net_gateway_ Add a new IPTABLE rule on server side:
iptables -I INPUT 1 -p tcp --dport 1194 -j ACCEPT
or: iptables -I INPUT 1 -p tcp --dport 1195 -j ACCEPT
(the latest is because I've kept the old server on 1194. Note: I first made a mistake and set 1194 for the new IPTABLES rule, and the new server on 1195 still worked! So not sure how useful it is in my setup).
Aucun commentaire:
Enregistrer un commentaire