Setting up a proxy server that uses a vpn connection

linux vpn proxy

My thoughts are like this:

I have this external vpn service that I am connecting to. But Is it possible for me to set up a local proxy server that uses that vpn connection, so applications that connects throu that proxy uses the vpn? This is applies to a Linux system.

Hints and links are welcome!

EDIT: Use case: Perhaps there is another way to do this.

Router #1 - Connects by the default net provided by ISP
Router #2 - Connects by PPTP VPN to another 'ISP'

Clients in network are by the default connected to the normal router #1 and all traffic gets handled by that. Client have a different browser (opera) that connects via a proxy on router #2 and ends up at the end of the VPN tunnel.

Does this clearify?


Six year later I came to this question and almost let it down based on the accepted answer. As of today, it is not complicated, using policy routing. All the details are available on this same site, at https://serverfault.com/a/389004/70774.

In my case, I had first to make sure that the vpn was not the default route. How you will achieve that depends on what kind of connection manager you are using.

The proxy (tinyproxy) is running with its own user, so I mark all the packages coming from this user with the command

iptables -t mangle -A OUTPUT -m owner --uid-owner 125 -j MARK --set-mark 2

where 125 is the uid of the tinyproxy user and 2 is an arbitrary number, to be matched later.

Then I instruct the routing system to use a specific table to route all requests marked with 2.

ip rule add fwmark 2 table 3

Again, the 3 is just an arbitrary number. Just pray attention to choose an unused table (just see if there is something on the table with you choose with ip route list table 3 ).

Then I populate the table 3 with my default route:

ip route add default dev ppp0 via proto static scope link metric 1024

The last step was making a masquerading rule, of which I do not fully understand the necessity:

iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Et voilà!


This becomes quite easy with Squid and its tcp_outgoing_address xxx parameter:

apt install squid
nano /etc/squid/conf.d/proxy2vpn
# put this in: tcp_outgoing_address YOUR_VPN_NIC_IP (check ifconfig)
systemctl restart squid.service

Squid is listening on port 3128 by default.

Usage example:

curl --proxy 127.0.0.1:3128 https://ipinfo.io

The request will first go through Squid proxy and then through the VPN.

Related

Can I remove the useless click when switching monitors? [duplicate]
When using CMD-Tab, how to re-open the app's main window?
Is there any official reason why OSX does not have a native package manager? [closed]
Boot Camp External Drive only booting to one computer
Spam in Apple Calendar [duplicate]
how to prevent these alerts from appearing on my calendar [duplicate]
How to back up Photos Library to an external hard drive?
iphone 6 water damage, screen black, responds to iTunes
Finder window opens scrolled down
USB Sticks not getting properly recognized
Why would dsenableroot NOT work on a 10.7.5 OSX Server?
MacBook Pro Early 2015 13" temperature