How to turn VoCore2 into transparent proxy

leo
 
Posts: 1
Joined: Wed Dec 21, 2016 8:54 am

How to turn VoCore2 into transparent proxy

Wed Dec 21, 2016 9:23 am

Hello,

It took me a while to figure out how to turn VoCore2 into a transparent proxy, so I decided to share
in case anyone else want the same.

Goal:
* I wanted to have proxy in US, so I access some US-only sites
* I don't want to configure proxy in browser, I just wan to connect
to VoCore2 WiFi network and it should work (like connecting to a VPN)

Constraints:
* I don't have a VPN server in US nor root SSH on any server in US
* I DO have some VPS server with regular non-root SSH access in US

So after googling for a while I decided to use OpenSSH SOCKS5 proxy and Redsocks proxy + iptables.

Setup:
1. SSH
Turns out dropbear which is used in OpenWRT does not support SOCK4/5, so install OpenSSH version:
$ opkg update
$ opkg install openssh-client

(I assume you've created an SSH key and copied it to a remove server in US (if you don't you can start with free AWS EC2 instance :)))

Then start the socks5 proxy:
$ ssh -f -N -D 192.168.1.1:9123 user@some_server_in_usa.com

2. Redsocks setup
There are many proxies available, but I found Redproxy in opkg (http://darkk.net.ru/redsocks/).

Edit /etc/redsocks.conf, important fields:
"""
redsocks {
...
local_ip = 192.168.1.1;
local_port = 12345;

ip = 192.168.1.1;
port = 9123;

type = socks5;
...
}
"""

restart the proxy: /etc/init.d/redsocks restart

3. iptables setup
To enable transparent proxy, install the following iptables rules:
"""
# Create new chain
root# iptables -t nat -N REDSOCKS

# Ignore LANs and some other reserved addresses.
# See Wikipedia and RFC5735 for full list of reserved networks.
root# iptables -t nat -A REDSOCKS -d 0.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 10.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 127.0.0.0/8 -j RETURN
root# iptables -t nat -A REDSOCKS -d 169.254.0.0/16 -j RETURN
root# iptables -t nat -A REDSOCKS -d 172.16.0.0/12 -j RETURN
root# iptables -t nat -A REDSOCKS -d 192.168.0.0/16 -j RETURN
root# iptables -t nat -A REDSOCKS -d 224.0.0.0/4 -j RETURN
root# iptables -t nat -A REDSOCKS -d 240.0.0.0/4 -j RETURN

# Anything else should be redirected to port 12345
root# iptables -t nat -A REDSOCKS -p tcp -j REDIRECT --to-ports 12345

# enable redirection
root# iptables -t nat -A PREROUTING --in-interface br-lan -p tcp -j REDSOCKS
"""

After that connect to VoCore2 WiFi and try to access some US only website, or check your IP location (it should be your remove server in US).

Enjoy!

P.S. If you have alternative setup, I'd like to hear how it was done.

Return to VoCore2

Who is online

Users browsing this forum: No registered users and 3 guests