This blog has permanently moved to here
Recently I just rent a VPS on Digital Ocean, which is cheap for a student and who is price sensitive. As it gives you all the controls of an OS, it likes a remote compute machine. Meanwhile, you could do anything as you have your own server.
Therefore, it comes to my mind to create a VPN server. VPN is a virtual private network that extends a private network across a public network, which usually used to bypass firewalls or increase access speed. Proxy is a server that acts as an intermediary for requests from clients seeking resources from other servers. It needs to be set in software application’s configuration. VPN and Proxy both could hide your ip. The differences between them are listed following:
| |VPN |Proxy |
|:—————–|:———————————————————:|:——————————————:|
|Protocols |Support any Protocols|Support certain Protocols, such as HTTP, SOCKS
|Softwares |Any softwares that can run on the machine |Softwares support proxy configuration
|Price |High if you rent from vpn provider|Low
|Speed |Varies depend on number of users
usually depends on servers |Depend on servers
|Security |Encryption (128-bit to 2048-bit)|Not encrypted
Because of the encryption, every accesses through VPN retrive the objects directly from the source. This could slow down the user experience when hits a same object multiple times, such as icons in a webpage. If there is a way that could cache web objects into VPN server, that will significantly increase the access speed, which get objects from local disk instead of downloading from source website. Here, I should introduce the transparent proxy, which usually sets on the gateway and caches content from WWW requests. It calls transparent because client side does not need any configuration. Hence, every WWW requests through VPN need go to transparent proxy.
This installation guide is tested on Ubuntu 14.04 64bit. VPN is set up by pptp. Transparent proxy is on Squid3.
- pptp installation
In terminal, type the command bellow to install pptp server:
1
|
|
To restrict user access your VPN server, you also need to add users and passwords in /etc/ppp/chap-secets
.
In the client column is user’s name, the secret column is for passwords.
I masked mine for privacy.
Add the following DNS to /etc/ppp/pptpd-options
:
1 2 |
|
Restart pptp server by command service pptpd restart
. Check if it is running by netstat -alpn | grep :1723
.
You also should enable the IP forwarding on your pptp server.
This would transfer the package between public ip and private ips on your server.
Open /etc/sysctl.conf
, add the following line if not exist: net.ipv4.ip_forward = 1
.
Then run sysctl -p
to make the change effective.
Create NAT rule for iptables, and your VPN is ready to use:
1
|
|
- Squid3 installation
Similar to pptpd, typing the following in terminal:
1 2 |
|
The proxy is usable now, but it is the normal proxy with default settings.
To change it to transparent proxy, we need to edit the /etc/squid3/squid.conf
file.
The squid.conf follows the rules of allow/deny order.
It obeys the first come first serve, the first matched rule will apply.
For example, if you put “deny all” at the first line of squid.conf, then the proxy denies all request.
If a rule does not indicate in squid.conf, then it defaults as deny.
First, find the line http_port 3128
, change it to http_port 3128 transparent
.
this is important
Second, add the following rules:
1 2 3 4 |
|
The ‘192.168.0.1’ is my public ip, and the ‘10.0.0.0/16’ is my private ips.
Restart squid sudo service squid3 restart
.
Finally, we set the iptables to redirect all the traffic through 80 port to 3128 port that is our transparent proxy.
1
|
|
The transparent proxy is set up.
- Restore iptables rules while system start up
Right now, you couldn’t restart the system, otherwise the iptables will be set to empty again. But you can input the previous iptables commands again to solve this.
Here I introduce a method that will do it once and for all.
Save iptables into /etc/network/iptables.rules
by iptables-save > /etc/network/iptables.rules
Open /etc/rc.local
and add the following line before “exit 0”:
1
|
|
Then our saved iptables rules will be loaded every time the system start up.
Enjoy your VPN server with transparent proxy!