Create a proxy server on my home router to route all remote client traffic

I have a problem creating a proxy server on my Open WRT router. Unfortunately I can't install squid due to insufficient system memory of the Open WRT router but I can install NGINX on it. The problem is that I don't know about nginx.

I want remote clients (e.g. a smartphone or a computer) that have a public IP X.X.X.X to connect to my HTTP home proxy server via my public IP address Y.Y.Y.Y, a port of my choice, a username and password, and I would also like all remote client traffic to be routed through the proxy and therefore be visible on the internet with the public IP address of my home network.

I know that it can be a security problem and that it would be better to use a VPN like Open VPN or WireGuard which by the way I have already configured in my router, but I also need to configure a proxy for my convenience. I need help with configuring nginx.

Any alternative is welcome, my only goal is for clients to be able to remotely use my home public ip address with a proxy server. Thanks you.

I've used privoxy in the past, there is even a LuCI interface for it (luci-app-privoxy). I assume you are looking for a HTTP proxy, not SOCKS.

Yes, an http proxy is fine. One question, does privoxy accept WAN requests from remote clients that are on another network?

Why a proxy and not just WireGuard (which is, as you state, already installed)? If your remote peers are configured to send all traffic through the tunnel, it will have the apparent IP address of your home router... no muss, no fuss.

1 Like

Hi, thanks for your reply, yes WireGuard is already set up on your router and works perfectly. But I need a proxy to monitor and filter the incoming/outgoing traffic, to limit it, because I have to manage a large number of clients and also for the convenience of remote clients and other reasons. Anyone who can help me to create a server proxy? Thank you.

I suppose so, but it doesn't support authentication. Hence, it's not a good idea to run it on WAN.

After a long search on the internet I managed to configure a Dante socks5 server with basic authentication on my Open wrt router, I opened port 1080 on the WAN, and I must say that it works quite well also in terms of data transmission speed. But there is a problem on the client side: the routed tcp traffic manages to exit the WAN of my router and I see my public IP address change but instead the UDP traffic fails to exit the router, yet I seem to have set the configuration correctly Dante servers. I've also tried adding new NAT rules for all zones, adding the router as a DMZ, opening all router ports on the WAN but nothing to do, UDP traffic seems to go into the client but doesn't seem to exit the server. I would be grateful to anyone who could understand the problem that in my opinion concerns Dante. This is the Dante server configuration:

logoutput: /var/log/sockd.log
internal: port = 1081
external: br-lan

user.privileged: root
user.notprivileged: socks

clientmethod: none
socksmethod: username

client pass {
from: to:
log: error # connect disconnect

socks pass {
from: to:
command: bind connect udpassociate
log: error # connect disconnect iooperation
socksmethod: username
protocol: tcp udp

socks pass {
from: to:
command: bindreply udpreply
protocol: udp

How much RAM/flash do you have on your device ? Usually, 64MB/8MB should suffice running squid on 22.03 or lower, properly shrinked down by means of squid.conf (no cache, basic auth only etc.) . Most efficient method, of course, to build your openwrt from source, omitting all redundant stuff to economize on RAM and flash, and customize makefile for squid.

This is my memory. Yes you are right, unfortunately I only realized it now, I had to create my open wrt from source first. However my system memory is so low after only downloading Dante (sockd) and Wireguard, when I was still trying to download squid and there was no Dante yet, the router was telling me I couldn't download it. One question, Squid supports both udp and tcp right?

Not really, it's limited to L7 protocols like HTTP/HTTPS/FTP.
If you want to redirect any L3/L4 traffic, consider re-evaluating the convenience of VPN.