Redirect Privoxy traffic through OpenVpn

Question

I am not sure if this is possible but I would like to route all traffic from FireFox through my OpenVpn connection with HideMyAss.

Basically the setup I have is that I am running a connection using OpenVpn through HideMyAss, I have edited the ovpn file and added "route-nopull" so that when using Chrome, IE, etc. I use my local connection, I have installed Privoxy and setup FireFox to use that proxy and what I would like to do is then have all traffic requested through just that proxy which FireFox is using use the OpenVpn connection.

Forgive me as I am quite new to this, is this possible?

Answer 1

Yes it's possible. The OpenVPN works at the network level, so you can't have it on the same machine that your normal default connection works through. You can't have two default gateways on your computer and tell the proxy only to use one of them, and that's what your trying to do.

You would need to setup another machine on a separate network to do this. You would then setup your Proxy and OpenVPN on that other machine and then proxy the FireFox traffic through it.

Answer 2

In contrast to the answer of @illandous I think it's quite possible to do what you want on just a single machine. I can't give you a specific step by step tutorial, that's not what this website is about, but here are some thoughts, at least:

• Use iptables and leverage the owner module (match the process via the --pid option) to send only the traffic generated by Privoxy to the OpenVPN gateway.
• Bind Privoxy to your OpenVPN interface, ensure to block access from the OpenVPN network to your Privoxy, and, in case the IP you're getting by the provider changes, find a way to dynamically update the Privoxy and Firefox configs to inform them about the updated IP.
• ...

I guess there are more possible ways. In either case, this will need some scripting, but nothing rocket science, and I'm quite sure you'll get help if you run into specific problems. Good luck!

Answer 3

First, you really should be asking this on https://superuser.com. There are a lot more privoxy questions there.

Yes this will work and yes you can have it on the same machine.

There are three moving parts here and this post is going to be way too long if I don't freeze one of them so let's just say you're running a straight-out-of-the box vanilla privoxy, bound to 127.0.0.1 ipv4 only, port 8118.

The important openvpn options (in addition to whatever hidemyass gives you) route-nopull and one of redirect-gateway def1 or redirect-gateway block-local.

route-nopull stops your client from accepting routes from hidemyass (they'd probably just hand you a default route, there's not much else they could do).

redirect-gateway def1 gives you a route to 0.0.0.0/1 with hidemyass as your gateway: it is slightly more specific than your existing default route on your LAN (it has a smaller mask)

the second option, redirect-gateway block-local which I would imagine you want, will block traffic to the LAN (except for VPN) while you are connected to the VPN. It does this by adding a route to 0.0.0.0/1 and a route to your LAN subnet with hidemyass as your gateway. You would not use this if you wanted to provide proxy services for other computers on your LAN, and you would configure privoxy to listen to your LAN ip address AND lo interface.

So all browsers (LAN or just you, whichever setup you prefer) that have been configured to use your local IP:8118 as a proxy server. You aren't actually doing any routing or packet forwarding here (proxying is not routing).

The third moving part, routing other stuff, I can't even address because you didn't tell us what OS you're running beyond Chrome and IE as clues. So what OS are you running?

Answer 4

While it may in fact be technically possible to do this with some effort (for example using a method suggested by @gf_ ) , unfortunately, it's also incredibly easy to get wrong, and almost impossible to verify that you got it 100% right. Going to a web page might for example load a plugin which might not be caught properly to go through the VPN.

If what you actually want to do is to be able to do private browsing through a VPN and non-private browsing on the same computer at the same time, your goal would be better served by setting up a Virtual Machine. You would then run your OpenVPN client and your private web browser instead of that VM. It'd be a lot easier as well as more secure than what you're suggesting.