0
1
Hi all !
I have a Ubuntu server running a squid cache proxy server and i was wondering if it was possible to set things up so that squid would "connect to the internet" though a vpn (PureVPN). But here is the catch, only squid has to use the VPN other services like Plex/Apache... shouldn't :/
Could you help me ?
Thanks
Skïp
Posted 2015-12-12T02:54:02.580
Reputation: 11
0
Yes, it can be done. You need policy routing, i.e. the ability to handle two distinct routing tables simultaneously. The reason is that you need to have two simultaneous gateways, one for Squid and the other for the remaining applications. Two gateways are not allowed in OSes, the only exception being policy routing in the Linux kernel.
You find a very good and very short explanation of policy- (sometimes also called source-) routing in David Schwartz's answer to a question on a sister site (Unix and Linux).
You will need to setup your VPN so that its routing table is the alternative routing table. The details depend on the kind of VPN you use.
Now, supposing that the VPN virtual interface is called tun0, with IP address 10.0.0.2, you will need a rule that uses the second routing table (let's call it table2) for applications coming from 10.0.0.2:
ip rule add from 10.0.0.2 table table2
and you also need to make sure that Squid binds to 10.0.0.2 as its outgoing address: for this, you need the directive
tcp_outgoing_address 10.0.0.2
MariusMatutiae
Posted 2015-12-12T02:54:02.580
Reputation: 41 321
Thanks for your help, But i dont get it, if i setup my vpn it will just apply to my hole connexion (let's imagine I setup a pptp vpn). I didn't setup a rooting table for my actual connexion how can i proceed in creating 2 distinct rooting tables and making sure the vpn is on the second one and that only squid will go through it ? I'm sorry i'm having a hard time with linux for the moment – Skïp – 2015-12-12T11:22:46.767
@Skïp Can you post your routing table? – MariusMatutiae – 2015-12-12T12:07:29.270