Dynamic proxy using HTTP CONNECT

2

1

My university provides internet access through an HTTP proxy which blocks POP, SMTP, and IMAP. To circumvent this, the IT department's "Internet setup guide" suggests to use socat:

socat TCP-L:6660,fork,reuseaddr PROXY:proxy-address:pop.googlemail.com:995

This works well, but I need to have one such command per server that I want to connect to. It doesn't sound ideal.

Is there a way to build a local proxy that inspects the traffic and opens TCP connections using CONNECT every time it sees a connection that the proxy wouldn't let through ?

Just to give you an idea, Tor is allowed and works well on the university network; I'd like to find a proxy that offers the same experience, without Tor though.

Is this possible at all? I'm no network Guru, so please bear with me if the idea is flawed in any way.

Thanks!

Clément

Posted 2012-05-16T19:06:07.160

Reputation: 740

Answers

1

The way I would deal with such a situation is by setting up a VPN (OpenVPN is great, I have a server with it at home and then use the client on my laptop if you're the do-it-yourself/network type; You mention otherwise, so a paid solution might work out easier for you), and then adding static routes for each of the servers you want to use to run over the VPN.

The socat method tells the system how to proxy a specific port to a specific location, and so you have to set one up for every target location. The VPN on the other hand, can route any packet to any destination. It offers a much more flexible solution, where you can tell your system to use your main connection for all traffic, and then add specific exceptions for IPs that should be routed over the VPN. This requires a bit more legwork, such as tracking down all of the IPs that need to be proxied (Google has a number of mailservers, for example. Look up MX records for gmail.com or googlemail.com or pop.googlemail.com)

Most paid-provider VPNs will probably try to route all of your traffic over the VPN when you set it up initially, so it may take tweaking to get all the traffic flowing how you desire. Perhaps a good time to learn about how networking works?

Darth Android

Posted 2012-05-16T19:06:07.160

Reputation: 35 133

Thanks. I do have a VPN running on my home server, but it requires to leave it on all day long, which I don't really like. – Clément – 2012-05-16T21:19:09.430

I run mine through my router, since I have one that supports DD-WRT and has enough memory to handle an openVPN server on it. (Dlink N750 I think) – Darth Android – 2012-05-16T21:30:41.567

Asked: 2012-05-16T19:06:07.160

Viewed: 996 times

Active: 2012-05-16T20:11:50.153