Sunday, October 25, 2015

OpenVPN + VPN Gate + Squid

OK, so I need a VPN tunnel for my Internet connection at home. I don't want client-to-site VPN as it will isolate all my traffic (e.g. not only HTTP/S) to the Internet. I want only my HTTP/S traffic to go to the VPN tunnel.

So I setup Ubuntu server with OpenVPN client and Squid Proxy. This server has got 2 vNICs. One is facing the Internet and the other want is facing the internal network. The goal is to have this server establishes OpenVPN connection to VPN Gate from its primary interface and listen to the proxy connection on the secondary interface.

This way, I can use my browser to use Squid proxy and my Internet traffic is going through the VPN tunnel

Install OpenVPN client
Install OpenVPN with the following command

#> sudo apt-get install openvpn curl unzip dnsmasq-base wget

Download VPN Gate .ovpn file
Go to and download OpenVPN Config File. This can be TCP or UDP. Save this file to /etc/openvpn/ and change its extension from .ovpn to be .conf

Install Squid
Install Squid3 with the following command

#> sudo apt-get install squid3

Modify Squid.Conf
This modification is to set Squid to use google DNS servers for its resolution instead of using OpenVPN Client auto configuration

#> sudo vi /etc/squid3/squid.conf

find dns_nameservers and change it to:

Restart Squid
Restart Squid daemon to make the change

#> sudo service squid3 restart

Launch OpenVPN Client
Start VPN client connection to VPN Gate using the file downloaded earlier

#> sudo openvpn /etc/openvpn/vpngate.conf

The reason changing the .ovpn to .conf, is because by default if you put any file in the /etc/openvpn/ folder with .conf, it will be treated as configuration file by OpenVPN and it will launch itself every time the server is restarted

Browser Proxy
Now you can set your browser proxy to us the internal IP address of this server and port number 3128 as the proxy server and the traffic will be tunnelled to the VPN tunnel