3

I've got a vps in another country. And I'd like to forward all my web traffic through it. I know there are commercial options available in the market but I'd like to do it by myself for the sake of experimentation, learning and some fun.

My vps runs Ubuntu 12.04x64. And I'm connecting to the vps through either a macbook or windows laptop.

Can someone please help me through a step by step guide as to how this can be achieved? Else any guidance in this regard would be appreciated.

Thanks.

user2252999
  • 31
  • 1
  • 2
  • Do you want to use ssh-tunneling? I mean you could presumable setup Squid on your VPS and just point your browsers directly at it... Or is there more to your question? – Elliott Frisch Apr 10 '14 at 20:27
  • Yes I'd like to use ssh-tunneling specifically in order to learn and understand it. However while we are at it, could you also point me how to use squid for it? – user2252999 Apr 10 '14 at 20:32
  • 1
    You can do this using just Perl/Python/Ruby as well via the command line: http://unix.stackexchange.com/questions/38850/is-there-any-command-line-generic-http-proxy-like-squid/38859#38859. Also you can use SSH to do something similar as well. – slm Apr 10 '14 at 23:27

3 Answers3

3

SSH SOCKS5 Tunnelling using PuTTY:

  • Firstly connect to your server via SSH using PuTTY.

  • Right-click on the top bar and hit 'change settings'.

  • Goto Connection/SSH/tunnels. Source port: 4567, select 'Dynamic' and hit 'Add'

  • Open up your choice of browser, and configure the 'Manual Proxy settings' to listen on port 4567 on localhost (127.0.0.1).

In Firefox you do this by going to: Firefox/Options/Network > Settings, selecting: 'Manual Proxy Settings' and inputting '127.0.0.1' into the 'SOCKS' column, with 4567 as your port. Also type 'about:config' into the URL bar in Firefox and change the value of network.proxy.socks_remote_dns to true - this will then force all DNS requests through your SOCKS proxy. As far as I am aware this only works in Firefox - both Chrome and IE won't route your DNS requests through a SOCKS proxy.

bolty187
  • 131
  • 3
2

First, set-up squid - 

sudo apt-get install squid

Follow the directions at the above link to configure it. Allow only localhost to be secure.

Then, set-up port-forwarding - from local port 3128 to remote port 3128 (to use the squid defaults); then configure your web-browser to use port 3128 and localhost as your proxy. Requests will go over the ssh port forward (encrypted) to the VPS, where they will arrive at your squid proxy which will then fetch the page and return it to it's locally forwarded socket which will then (encrypted) come back to your browser. There will probably be some performance impacts. Don't forget to enable compression with your forward (that's ssh -C)!

Elliott Frisch
  • 2,176
  • 2
  • 17
  • 16
  • thanks, I'm gonna try now. But should I be using local, remote or dynamic port forwarding? – user2252999 Apr 10 '14 at 21:17
  • @user2252999 From the link, "Local port forwarding is the most common type." And that is the kind you want to use. – Elliott Frisch Apr 10 '14 at 21:22
  • First up it works and thanks for the help. However I still can't access sites such as netflix or hulu or spotify as I'm still detected to be coming from outside of US. How can they be fooled into thinking that the request is coming from within the country? – user2252999 Apr 10 '14 at 21:29
  • Where is your VPS? – Elliott Frisch Apr 10 '14 at 21:30
  • NYC and I'm in Europe. – user2252999 Apr 10 '14 at 21:30
  • Try [this](http://www.cyberciti.biz/faq/squid-proxy-is-not-hiding-client-ip-address/) and then [verify](http://www.whatismyip.com/). – Elliott Frisch Apr 10 '14 at 21:31
  • Whatismyip shows that I'm in NYC and shows the ip address of the vps. However somehow google and others including netflix still are able to determine that I'm coming from outside the US... google.com takes me to its regional page and netflix still says that I'm outta the country. Do I need to flush the cache? – user2252999 Apr 10 '14 at 21:42
  • Cache flushing didn't help. – user2252999 Apr 10 '14 at 21:46
  • You might need to clear your cookies. If whatsmyip is showing NYC, then the proxy is working. Did you disable X-Forwarded-For and restart squid? – Elliott Frisch Apr 10 '14 at 21:49
  • Yes I did disable X-Forwarded-For and restarted the server. And the cookies are cleared too. However here is the interesting bit - even with X-Forwarded-For set to on, whatismyip shows that I'm in NYC, only difference being that regarding proxy it says 'no proxy detected'. With x-forwarded-for on it identifies squid proxy. Proxy: 192.241.184.811.1 localhost (squid/3.1.19) – user2252999 Apr 10 '14 at 21:53
  • And Netflix still shows you out of region? – Elliott Frisch Apr 10 '14 at 22:51
  • yes it shows me out of region – user2252999 Apr 10 '14 at 23:07
  • And you're going to www.netflix.com, and not just hitting refresh on the bad region page? – Elliott Frisch Apr 10 '14 at 23:09
2

Here is a step by step tutorial to make it a VPN server. VPN will send all your internet traffic through an encrypted tunnel to your VPS:

First, install the pptpd package. pptpd offers a PPTP-type VPN which is supported by Microsoft and other network vendors. This is also the easiest to setup.

sudo apt-get install pptpd

Next up, edit /etc/pptpd.conf with sudo vi /etc/pptp.conf. At the bottom add the following lines:

localip 192.168.1.10
remoteip 192.168.1.230-239

Here localip references the IP of the home server. The remoteip variable configures which IPs remote clients may use when the connect through VPN to the network. In this case I reserve 10 IP address: 192.168.1.230 through 192.168.1.239.

With that out of the way, let's tell PPTP which users to allow. Edit /etc/ppp/chap-secrets, just like you did before using sudo.

# client    server  secret          IP Address
rose     pptpd   somepassword    *

That's all! Just restart the pptpd daemon and your VPN server is ready.

Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
Rose Ab
  • 161
  • 4