1

I have a vpn server with HTTPS, L2TP, OPENVPN, and PPTP. I want to set up a proxy on the server, so all connection that comes from vpn clients, they will use that.

I created the following bash script file for it, but the proxy isn't working.

gsettings set org.gnome.system.proxy mode 'manual'
gsettings set org.gnome.system.proxy.http enabled true
gsettings set org.gnome.system.proxy.http host 'cproxy.anadolu.edu.tr'
gsettings set org.gnome.system.proxy.http port 8080
gsettings set org.gnome.system.proxy.http authentication-user 'admin'
gsettings set org.gnome.system.proxy.http authentication-password 'admin'
gsettings set org.gnome.system.proxy use-same-proxy true


export http_proxy=http://admin:admin@cproxy.anadolu.edu.tr:8080
export https_proxy=http://admin:admin@cproxy.anadolu.edu.tr:8080
export HTTP_PROXY=http://admin:admin@cproxy.anadolu.edu.tr:8080
export HTTPS_PROXY=http://admin:admin@cproxy.anadolu.edu.tr:8080

What to do to make a global proxy for server and all vpn clients to use it automatically?

peterh
  • 4,953
  • 13
  • 30
  • 44
Morteza Soltanabadiyan
  • 217
  • 3
  • 14
  • By proxy, you mean just an HTTP proxy, right ? In this case, I suggest you use [Squid](http://www.squid-cache.org/), I've used it myself with success, and it has support for transparent proxying which is what you need. –  Aug 21 '14 at 15:01

1 Answers1

0

The problem is, that on unix there is no such thing as a global proxy setting. On windows, there is a proxy setting in the internet explorer configuration, which is intended to use by every other programs as well, but nothing makes it for them obligatory on it as well.

And your biggest problem, that you simply can't guarantee, there won't some software installed, which (even intentionally) avoids this proxy setting.

For such problems exist the so-named "transparent proxying". It means, that you redirect the packets of protocol to be proxied to your proxy server, without the knowledge/influence of the clients. The clients won't see, that are you doing - they will be only connecting to the outer ip-s, and won't even know, that they are connecting actually only your proxy server.

What you need, is practically 2 steps:

1: first, with some welldirected iptables rule, you should redirect the outgoing http/https to your http/https proxy server (which is or isn't on your gateway/vpn machine).

2: you set up a http proxy server, which is capable to work as a transparent proxy. When the clients are communicating with http to a proxy, they are talking a little bit different protocol, thus transparent proxying needs an explicit support on the proxy side. But it doesn't differs too much.

Squid has very well support for transparent proxying, although every other viewpoint it is not the best software I found in my life.

Apache is not a proxy server, but a webserver, although it can proxying as well, and can be made capable to transparent proxying as well with some little configuration tricks.

Summa summarum, google is your friend. My suggested keywords: transparent http proxy gateway linux

peterh
  • 4,953
  • 13
  • 30
  • 44