Sharing a VPN with Squid Proxy

[baz4096]

Hi

I have a particular set up that requires me, and a few of my colleagues, to access work servers from a predetermined IP address. Previously I've tackled this by installing Squid Proxy on a small dedicated Centos server and having my colleagues and I SSH tunnel to the proxy. This has worked great for quite some time, except that now my company is restricting access to (Open)VPN only. I still wish to continue using Squid/SSH as I know it works well and my colleagues are accustomed to it.

My question is this: Is it possible to share one vpn connection with several people using Squid (or similar) as a transparent proxy?

I need the dedicated server to still function as a small web server.

Setup is as follows:


eth0 IP_1 - httpd, ftp, etc
eth0:1 IP_2 - Squid Proxy (This is an IP Alias)

Squid has been configured to use IP_2 for outgoing connections. Ideally I'd love to keep all VPN/Proxy traffic restricted to IP_2, and all normal server traffic restricted to IP_1.

I've managed to install and connect to the new VPN, however I was only able to stay connected to SSH after making some manual alterations to the routing table to prevent "redirect-gateway def1" from blocking all non-vpn access to the server.

I'm unable to use iptables -t mangle due to a non-modular kernel being installed on the server, however if it turns out that using a mangle to redirect traffic then I will change the kernel to a modular one.


Any help would be greatly appreciated

[krzee]

you can easily run squid listening on the VPN ip, then it is inside the vpn =]
i do this with dante (socks server)

[baz4096]

Hi krzee

Thanks for the reply - I just drafted up a huge reply providing loads of extra info, then it hit me... I'll just use Dante - would you possibly mind sharing your config/settings?

Baz