1

A small startup I work for has employees all over the world, including countries such as China where censoring is in place.

All these employees connect to the corporate network through OpenVPN which works great.

Now, I'd like the employees who are working abroad to stay connected to their friends and family even when in China.

Is there a way to route all YouTube, Facebook, Twitter, ... traffic through the VPN without forcing the VPN to set itself as gateway for all hosts?

I could just route the IPs, similar to this (sample of the oVPN config):

   route 192.168.200.0 255.255.255.0
   route 192.168.110.0 255.255.255.0
   route 192.168.22.0 255.255.255.0

However, it's pretty clear Youtube and sites alike use quite a lot of IPs, and adding a DNS (or a catch all, for subdomains, and external domains such as ytimg.com) would make it a lot easier.

As I have control over the DNS, perhaps forcing youtube.com to resolve to the VPN's IP, and forward from there on to the right host might be a solution ?

How can I best do this ?

Thanks, Yeri

Tuinslak
  • 1,465
  • 8
  • 32
  • 56

1 Answers1

0

The easiest way would probably be to install a web proxy (Squid for example) on a server on your LAN, and that chinese employees set it up in the favorite browser : All their web traffic (Youtube, Twitter, ...) will go through the OpenVPN and then go out on the Internet with your IP in Belgium : no filter :-)

klipz
  • 168
  • 2
  • 8
  • But that forces all web traffic through the proxy. This will result in local sites to be very slow (traffic goes from China -> Belgium -> China again). If I could just route certain sites through it, that would be lovely. – Tuinslak Jan 22 '11 at 15:23
  • If they have a good enough proxy plugin or browser has good proxy support, you can configure it to blacklist everything and whitelist the domains that you want to go through the proxy. I use FoxyProxy on Firefox and it works great. – deltaray Jan 22 '11 at 15:32
  • 1
    Using a proxy.pac file (http://en.wikipedia.org/wiki/Proxy_auto-config), you can set up proxy for just a few URL. – klipz Jan 22 '11 at 15:44
  • All right. This seems to do the trick. The PAC file & Squid work. I'll test it Monday with an employee currently in China. Thanks! – Tuinslak Jan 22 '11 at 19:57