Sharing connection to the internet over VPN?

Discussion in 'Mac OS X Server, Xserve, and Networking' started by MacSimoPark, Jul 9, 2008.

  1. macrumors member

    MacSimoPark

    Joined:
    May 19, 2008
    Location:
    UK
    #1
    I'll keep this nice and simple, and put the details at the bottom.

    • I have a PPC Server (10.4.7 Server)
    • It is hosting a VPN network
    • I want to be able to connect to the internet over VPN

    Can somebody please tell me how to do this?

    • I want to do it because my school blocks Mail, Skype, BBC video etc.
    • The Server is a PowerMac G4 733 MHz connected via Ethernet to a Router (Netgear DG834DT).
    • I have enabled a DMZ, so that all connections are forwarded to the Server.
    • The VPN connection is L2TP, Authentication: MS-CHAPv2, Encryption 128-bit MPPE.
    • I tried to set up a Transparent Proxy with Squid, but I didn't know enough PPC terminal commands. (It refused 'make install').

    Any help would be much appreciated.
     
  2. macrumors 6502

    Joined:
    Jul 24, 2007
    #2
    When you tried a make install, what did it do? Specifically.

    I use this at some clinics that I goto that have a firewall.

    Bring the Proxy up:
    Code:
    >cat proxy.sh 
    #!/bin/sh
    ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill
    ssh -D 8080 -f -C -q -N user@server
    
    Bring the proxy down:
    Code:
    >cat proxydown.sh .sh
    #!/bin/sh
    ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill
    
    Then set your browser to use a socks 4 server at 127.0.0.1 without authentication. It tunnels all port 8080 traffic from your computer to the server, over an ssh connection.

    You will need SSH open on the server, and you run the scripts from the machine your currently using.

    You can edit the scripts for any port you want to bounce off your server. 443, 110, 143 etc...
    I use a similar script for IMAP SMTP and rsync traffic, I just change the port numbers.

    If you want to go the route of squid, either lock it down to specific IPs, or require authentication. It WILL be abused at some point. And I would be happy to help you with the error of the "make install", I will just need to know what it is, and how your running it (macports, source, etc...)
     
  3. thread starter macrumors member

    MacSimoPark

    Joined:
    May 19, 2008
    Location:
    UK
    #3
    Thanks but SSH has major drawbacks for me...

    Thanks for replying to such a specific topic with such knowledge!

    I don't think this is the path I want to go down. SSH tunneling isn't for me. Instead what I want to be able to do is connect to my VPN using the L2TP over IPSec setting in Network Prefs. When I connect, I want to be able to surf without adding any proxy settings to the Network Prefs. To get this result, apparently I need a transparent Squid proxy on the VPN server, so that I can use Skype (which can't cope with proxies...).

    I tried to run ./configure on a Squid package which I downloaded and it returned a message saying I don't have a cc compiler. I've never come across that before.

    Cheers.
     
  4. macrumors 6502

    Joined:
    Jul 24, 2007
    #4
    Try typing "which cc" and "which gcc" does it give you anything?

    Have you installed the developer tools? If on Tiger do that.

    I found a very old Binary: http://www.d2m.com.br/community/squid mac os x/

    I have no clue if it works or not. I do know they arelady have squid 3.0 and 2.7 seems to be the current 2.x release.

    You could also install macports, and do a "sudo make install squid" and let it compile itself. But you still need the dev tools.
     
  5. thread starter macrumors member

    MacSimoPark

    Joined:
    May 19, 2008
    Location:
    UK
    #5
    Thank you so much for this, its just what I was looking for. I'm making progress now. I'll update tomorrow when this task should be complete.
     
  6. macrumors 6502

    Joined:
    Jul 24, 2007
    #6
    That binary being 2.5Stable10 SHOULD not suffer from this bug:
    http://www.squid-cache.org/Advisories/SQUID-2008_1.txt

    It says 3.0, but if you read it was only fixed in the 2.5Stable7 release and above, though apparently they neglected the 3.0 branch, and out up this advisory.

    I wanted to make sure you were aware of this. I have run a squid proxy, and had friends that did too. I ran one for a friend in a country that likes to censor, but a few friends have not locked it down well, and gotten in trouble because they ran squid. Make sure your ISP's TOS is ok with this too. They may scan for proxies, and auto shutdown accounts running them.
     
  7. thread starter macrumors member

    MacSimoPark

    Joined:
    May 19, 2008
    Location:
    UK
    #7

    Thanks for the heads up, but my school won't be able to find out and my ISP should be ok with it.

    What I really need help on now is making my squid proxy transparrent. Any ideas?

    Cheers.
     
  8. macrumors 6502

    Joined:
    Jul 24, 2007
    #8
    I would imagine the configs, though maybe in different locations, would be the same as on Linux. http://www.cyberciti.biz/tips/linux-setup-transparent-proxy-squid-howto.html
     
  9. thread starter macrumors member

    MacSimoPark

    Joined:
    May 19, 2008
    Location:
    UK
    #9

Share This Page