How to (re)direct all web traffic through external proxy?

Hello!

I'm new to OpenWrt and just installed it on an old TP-Link router. My idea was to connect it to the modem/router from my provider, and set up a secondary WiFi network that sends all web traffic through a proxy server that I have running on a Raspberry Pi in my hometown.

The goal is to have a WiFi network that I can quickly switch/connect to, so that I can watch public broadcaster content offered there.

Are there certain packages that I would need to install to be able to set this up? Or should this be possible 'out of the box' with the right configuration?

Many thanks!

(I'm running a 'tiny' 18.06 for the moment - I wanted to create a small(er) build but the original firmware didn't accept the image builder creation. Hope to be able to 'upgrade' to a smaller but newer image in a while.)

One of the easiest and most secure methods is to setup a VPN. Wireguard is excellent for this purpose -- simple to setup, fast, low CPU overhead.

Although Wireguard treats all peers as equal, your Pi peer would run as a server and your TP-Link router would be a client connecting to the server, and it would send all of the traffic encrypted over that tunnel. The traffic would emerge from your Pi and appear to be originating from the network location to which it is attached.

The ability to do this depends on your router's flash storage size (or possibly the option to use an extroot configuration). The fact that you are using 18.06 is a bit of a red flag here -- you should be using 19.07 or ideally 21.02 if your device is supported. 18.06 is not supported anymore and may have real security flaws that have been patched in the more recent versions.

1 Like

Thanks for the quick reply :slight_smile:

It is, hehehe. Like I said: I first tried creating a custom build with the image builder based on 19.07, in order to get something small, but that bin file wouldn't get accepted by the original firmware.
The 4/32 warning applies to my device. Extroot unfortunately isn't possible due to absence of a USB port.

I currently don't have Wireguard on my RPi, but could install it I guess. But before I go there; would it be possible on my modem-router? The Wireguard package would cost 80kB on install (kernel + tools).

To make a custom build that includes Wireguard (I read somewhere that saves space, compared to installing afterwards), I can simply use PACKAGES="wireguard"?

I think maybe a new device is the best option.

EDIT: Are you dealing with multiple 4/32 devices? You should be considering upgrades for any of your older routers to more modern and capable devices as soon as reasonably possible. You can easily install Wireguard on your Pi (as well as other VPN solutions), but if you want to put it on your router, that works well provided you have more modern hardware. Your Pi can actually run OpenWrt if you want.

I'm not really interested in the best option per se :wink: It's a hobby project with an old router I had laying around, and my needs are not that strong that I'm willing to buy a new device for it.

No, not that I know. My main modem/router here is from my provider, and I'm not touching that thing.

I guess I'll just go ahead and try to create a custom build and see how that works out. And then if I manage set it up as you suggested:

Thanks for that suggestion and the links :slight_smile: The RPi is in another network (in another country), so a redirect to a local IP address won't work. Is this also possible with a public IP address (publicly exposed VPN server)?

Edit: maybe I should have a close look at this (?): https://docs.openwrt.melmac.net/vpn-policy-routing/