While I see a ton of commentary on the idea of connecting to VPNs from proxies, I am looking for a solution to keep my proxy server accessible by only one IP to which I’d connect from my host traffic via VPN. I am open to suggestions but my current setup looks like this:
Host > VPN Server / Proxy Server
Where the connection from Host and the VPN server is handled by OpenVPN, and the VPN Server and Proxy Server are installed in a single machine.
My question is how do I route my outgoing VPN traffic through the local proxy server? The closest thing I’ve found to a solution is this but I’m having a hard time interpreting the answer…
The solution I settled for was to just configure my browser (Firefox) to use squid as a proxy.
To allow only one ip to connect you can just tell that to squid, there’s options there, can’t remember which now but they’re there.
I mean I push both dns and dhcp ip via openvpn server and redirect-gateway but I don’t push the proxy settings.
Edit: neither you need to do masquerading if you have a proxy on the vpn network, your openvpn servers allows your client to connect to itself and pushes the rules to force all client traffic and dns/dhcp, without masquerading the clients simply don’t reach the internet tho, but since you have squid on the same machine you can simply point Firefox and/or OS global settings to the squid proxy ip on the private network, in this case the same as the openvpn server, and squid will take care of proxying your requests.
You might want to look into how dns requests are handled depending on your settings (both client and openvpn/squid server side)
You can define persistent ip addresses in openvpn based on client mac or certificate, that can be used to make sure the openvpn dhcp server will always give you an ip whitelisted in the proxy