New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
help me please with my squid on vps and vpn
Juanmatta5454
Member
in Help
I installed squid on my vps and everything works like a charm, now i wanna connect a vpn from PIA so squid will take turn the vpn into proxy instead of the vps, now I'm face 2 problems, the first one is when i connect to vpn i lose access to ssh and 2nd one is that idk how to make squid take vpn traffic instead of vps traffic.
I wanna do this setup because i believe it's better than buying proxies of different location, and instead just buy vpn and benefut from all locations they are offering and use them as a proxy
Is this can be achieved? and how can I do this?
Thank you
Comments
Check your VPN routes. It sounds like you’re routing everything 0.0.0.0/0 and that’ll route everything to your PIA server, SSH or any other services will no longer work without a port forward from PIA side.
If you receive default GW from VPN but still want to use services like SSH on VPS IP, try to use the original (not VPN) default GW in a separate routing table, then put all traffic from ports less than 1024 to this routing table using iptables. In this setup, Squid will use VPN for outgoing connections, but config it to listen port <1024 for a proper connection. Exact configs can be googled or generated with chatgpt.
now i found a way to connect to my vpn on the vps without losing ssh connection, thanks to the commands i found here
https://superuser.com/questions/1203940/run-openvpn-client-on-vps
however i still don't know how make squid use vpn traffic so my vpn will be the proxy, and not the vps, if you get what i mean.
I haven't used squid in ages but it'll probably basically come down to have it bind to the VPN interface (depending on how you plan to connect to squid you might have to also forward/NAT a port on your external interface).
Do you mean that when you configure a proxy in your browser and check https://ipecho.net/plain, you see VPS IP, not VPN IP?> @Juanmatta5454 said:
yes exactly, when i connect to squid proxy i sat up on my vps, i wanna see the vpn ip and not vps ip
Like ive said, bind Squid to the VPN interface. If you're lucky Squid supports using a specific interface for outgoing traffic. If not you'll have to forward a port from your external interface.
And if it's not supported you could also use a LD_PRELOAD kludge or a net_cls cgroup (classid), then use iptables to add a mark to the packets and then add a different routing table for these packets to route them over a specific interface.
You have to see VPN ip in mentioned config. What about if you run from VPS command line
wget
+
https://ipecho.net/plain
Do you see VPS ip?
Yeah, that's kinda interesting. I've checked the superuser post he used to fix his external availability and it seems the VPN really should be his default gateway. It's kind of a messy solution in my opinion. Even though i was way off in regards to binding to the VPN interface too. That won't help with external networks. If all he wants to route over VPN is Squid marking packets by the user Squid runs under is probably still cleaner than messing with the default default route.
Edit: Nah, that won't work either as it would bork the connection to Squid... These kinds of problems can be somewhat tricky and trying to solve them remotely doesn't make it any better. The ideal solution would probably be OP getting a bit of a grip on routing/iptables and figuring out the details himself. Packet marking and source based routing will surely solve his problem. It likely won't be some simple drop in thing though.