Thanks to everyone for the input and suggestions. I've setup something that works for my use-case: a LAN side shared socks5 SSH tunnel (which I can use as a proxy) using key file auth connected via sshuttle. sshuttle prevents/avoids tcp over tcp SSH performance issues.
This is an easy low friction setup because the server side already has SSH installed and I can leave all VPN configuration, network configuration, iptables and routes as-is and it works as intended. In short the VPN continues to work as-is and the SSH tunnel works alongside it transparently. There's more info here for anyone interested: https://github.com/apenwarr/sshuttle http://sshuttle.readthedocs.io/en/stable On 18 November 2017 at 07:54, Anvar Kuchkartaev <[email protected]> wrote: > You might use > modprobe dummy > ifup dummy0 > ifconfig [some ip]/32 dummy0 > To configure fake network card on vpn server instance and use it as proxy > address. If you use in vpn server side subnet the ip address of dummy0 > interface and the client side subnet your local network, in this case when > you try to connect only to proxy ip address traffic will be forwarded > through tunnel others not. > > Anvar Kuchkartaev > [email protected] > *From: *Joe Lippa > *Sent: *viernes, 17 de noviembre de 2017 11:40 a.m. > *To: *[email protected] > *Subject: *[strongSwan] http proxy through tunnel > > Hi all, > > Does anyone have an example of how to configure a http proxy server / > proxy daemon alongside a strongswan VPN tunnel where strongswan is > installed on linux? i.e. tinyproxy would be nice or some other method is > fine too. > > Background: at the moment I'm running a tunnel on a small linux device sat > on the LAN which acts as a gateway for other devices on the LAN that want > to tunnel traffic. This setup works well and it means that devices that > want to tunnel traffic have their default gateway configured to the IP > address of the VPN gateway device. However this setup means that ALL > traffic gets routed via the tunnel for these devices. > > I'd like the option of running a http proxy server on the VPN gateway > device to enable the option of configuring this proxy at application level > for some devices on the LAN. > > Thanks for any help > Joe > >
