3

I would like to redirect the traffic that goes through my OpenVPN gateway to Privoxy, like so:

OpenVPN client->Internet->OpenVPN gateway->Privoxy->Internet->Webserver (and vice versa)

So far I managed to get the OpenVPN gateway working fine. Connecting to the Privoxy proxy appears to be working aswell. But redirecting port 80 traffic via iptables just won't work (external webservers are unreachable). What would my iptables config file have to look like?

Thanks in advance

PS: This is what I came up with so far...

iptables -t nat -A POSTROUTING -o eth0 -s 10.10.10.0/24 -j MASQUERADE

iptables -I FORWARD -i tap0 -j ACCEPT
iptables -I FORWARD -o tap0 -j ACCEPT

# No success with the following line
iptables -t nat -A PREROUTING -i tap0 -p tcp --dport 80 -j REDIRECT --to-port 8118
Max Rother
  • 31
  • 1
  • 3

3 Answers3

2

You can push proxy configuration to the OpenVPN clients.

From the OpenVPN Access Server web interface go to Advanced VPN Settings → Server Config Directives and enter the following directive with your proxy ip/port info.

push "dhcp-option PROXY_HTTP 111.222.333.44 8118"

I am not sure if all OpenVPN clients support this config. But on IOS it works well.

ali köksal
  • 121
  • 3
1

Privoxy is an HTTP proxy. What you're trying to do is feed it intact network packets, which I'm 99% sure it's not going to accept that without some very complex mangle rules in iptables. Instead you should expose the proxy to the VPN (seems like it is already), and push it as a DHCP option to your VPN clients.

Instructions for doing that via OpenVPN can be found here https://forums.openvpn.net/topic14829.html and it can be done on a client-by-client basis using the ccd directory if you have that set up.

Arthur Kay
  • 461
  • 2
  • 10
1

Set up privoxy to listen on an address on the tunnel interface, for example 172.26.0.1, then just redirect VPN traffic to it:

sudo iptables -t nat -A PREROUTING --source 172.26.0.0/16 -p tcp -m tcp --dport 80 -j DNAT --to 172.26.0.1:8118
uwotm8
  • 11
  • 1