PDA

View Full Version : Sharing connection to the internet over VPN?




MacSimoPark
Jul 9, 2008, 11:43 AM
I'll keep this nice and simple, and put the details at the bottom.


I have a PPC Server (10.4.7 Server)
It is hosting a VPN network
I want to be able to connect to the internet over VPN


Can somebody please tell me how to do this?


I want to do it because my school blocks Mail, Skype, BBC video etc.
The Server is a PowerMac G4 733 MHz connected via Ethernet to a Router (Netgear DG834DT).
I have enabled a DMZ, so that all connections are forwarded to the Server.
The VPN connection is L2TP, Authentication: MS-CHAPv2, Encryption 128-bit MPPE.
I tried to set up a Transparent Proxy with Squid, but I didn't know enough PPC terminal commands. (It refused 'make install').


Any help would be much appreciated.



operator207
Jul 9, 2008, 02:06 PM
When you tried a make install, what did it do? Specifically.

I use this at some clinics that I goto that have a firewall.

Bring the Proxy up:

>cat proxy.sh
#!/bin/sh
ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill
ssh -D 8080 -f -C -q -N user@server


Bring the proxy down:

>cat proxydown.sh .sh
#!/bin/sh
ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill


Then set your browser to use a socks 4 server at 127.0.0.1 without authentication. It tunnels all port 8080 traffic from your computer to the server, over an ssh connection.

You will need SSH open on the server, and you run the scripts from the machine your currently using.

You can edit the scripts for any port you want to bounce off your server. 443, 110, 143 etc...
I use a similar script for IMAP SMTP and rsync traffic, I just change the port numbers.

If you want to go the route of squid, either lock it down to specific IPs, or require authentication. It WILL be abused at some point. And I would be happy to help you with the error of the "make install", I will just need to know what it is, and how your running it (macports, source, etc...)

MacSimoPark
Jul 10, 2008, 06:06 AM
Thanks for replying to such a specific topic with such knowledge!

I don't think this is the path I want to go down. SSH tunneling isn't for me. Instead what I want to be able to do is connect to my VPN using the L2TP over IPSec setting in Network Prefs. When I connect, I want to be able to surf without adding any proxy settings to the Network Prefs. To get this result, apparently I need a transparent Squid proxy on the VPN server, so that I can use Skype (which can't cope with proxies...).

I tried to run ./configure on a Squid package which I downloaded and it returned a message saying I don't have a cc compiler. I've never come across that before.

Cheers.

operator207
Jul 10, 2008, 02:19 PM
Try typing "which cc" and "which gcc" does it give you anything?

Have you installed the developer tools? If on Tiger do that.

I found a very old Binary: http://www.d2m.com.br/community/squid%20mac%20os%20x/

I have no clue if it works or not. I do know they arelady have squid 3.0 and 2.7 seems to be the current 2.x release.

You could also install macports, and do a "sudo make install squid" and let it compile itself. But you still need the dev tools.

MacSimoPark
Jul 10, 2008, 04:18 PM
I found a very old Binary: http://www.d2m.com.br/community/squid%20mac%20os%20x/


Thank you so much for this, its just what I was looking for. I'm making progress now. I'll update tomorrow when this task should be complete.

operator207
Jul 10, 2008, 06:51 PM
Thank you so much for this, its just what I was looking for. I'm making progress now. I'll update tomorrow when this task should be complete.

That binary being 2.5Stable10 SHOULD not suffer from this bug:
http://www.squid-cache.org/Advisories/SQUID-2008_1.txt

It says 3.0, but if you read it was only fixed in the 2.5Stable7 release and above, though apparently they neglected the 3.0 branch, and out up this advisory.

I wanted to make sure you were aware of this. I have run a squid proxy, and had friends that did too. I ran one for a friend in a country that likes to censor, but a few friends have not locked it down well, and gotten in trouble because they ran squid. Make sure your ISP's TOS is ok with this too. They may scan for proxies, and auto shutdown accounts running them.

MacSimoPark
Jul 11, 2008, 05:48 AM
a few friends have not locked it down well, and gotten in trouble because they ran squid. Make sure your ISP's TOS is ok with this too. They may scan for proxies, and auto shutdown accounts running them.


Thanks for the heads up, but my school won't be able to find out and my ISP should be ok with it.

What I really need help on now is making my squid proxy transparrent. Any ideas?

Cheers.

operator207
Jul 11, 2008, 11:20 AM
Thanks for the heads up, but my school won't be able to find out and my ISP should be ok with it.

What I really need help on now is making my squid proxy transparrent. Any ideas?

Cheers.

I would imagine the configs, though maybe in different locations, would be the same as on Linux. http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

MacSimoPark
Jul 11, 2008, 01:57 PM
I would imagine the configs, though maybe in different locations, would be the same as on Linux. http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html

Similar, but not the same. There are no IPlists in Mac OS X.

So I'm stuck until I can get round the IPlists