Plugin for routing clients through a proxy?

Is there any plugin/package that can internally route connected client devices through a proxy of my specification on the host network?
I have to use a proxy to get online through my phone.
I bought an Archer C50 v5 to use OpenWRT on.
I got it in the hopes that there'd be an OpenWRT package to do the proxy connection for the connected client devices.
That way said client devices don't have to connect to the intranet proxy on their end.
A lot of stuff on my client devices doesn't play that well with proxies.
The proxy is intranet only.
Meaning the sites and services connected to will still see the same thing as before setting up a plugin for this.

would that be enought ?
wouldn't you need to "convert" the traffic from regular to routered through the proxy, without the clients being aware of it ?

over vpn is a good option too

I think your best bet is running squid running as a transparent proxy and connecting through a parent proxy.

I recently got a better router since the one from before broke.
It has more than enough free flash space to install squid.
So how do I set up what you suggested?

then how would I compile the sstp protocol used/needed by/for sstp-client?
because sstp-client is the only way I can do this via vpn.
I can't upgrade to a snapshot or pre-release because the snapshots' version of opkg ignores the http_proxy setting.
And because of that I can't install anything through opkg unless it's a manual upload from my pc while the router is running a snapshot or pre-release.

How do I setup the sstp-client package? - #11 by vgaetera

Here's the guide to install squid and use transparent mode:

Here are some guides to configure a parent proxy:

Nevermind, just saw the "proxy-only" option.
how do I turn off caching?
My router has neither the flash space nor a usb port to save the cache in.
And I don't want to use the caching feature anyway.

can squid forward to a parent proxy that isn't a Squid proxy?
if no, can both child and parent Squid proxies run on the same device?

It should work on any proxy. If a browser can use it, then I see no reason that squid wouldn’t be able to.

then I need someone to teach me through writing the configs and setting up Squid.

Since I haven’t done it before, I’ll try to do it in my test environment first, and will get back to you in a day or two.

how's it going so far?

Be aware that transparent proxy doesn't work with https... Which is the bulk of the web now.

1 Like

Do you mean the proxy I connect to, or the sites I can visit once connected?
Because if it's just on the proxy I connect to, then it won't be a problem.
As the proxy I'll be connecting to is http only.

The sites you can visit, a transparent proxy is known in cryptography as a man in the middle attack. Https prevents that. So you can't transparently proxy https sites. You can do a successful man in the middle attack by installing certificates on all your devices but it's not generally a good idea for security or ease of use.

1 Like

I assume that it doesn't matter that the proxy being connected to is intranet only on my end?

There's actually a "proxy", that let you do this, and handles https.

Unfortunately I don't think it's in the openwrt repository, it's called sniproxy.

I use it for tunneling geo blocked traffic through a VPS in US.

You map all the DNS names you want to route through it, to the IP of the host of sniproxy, and that's it.

The traffic affected will be routed using it, everything else goes the usual route.

I think it was initially designed for bypassing geo blocking on Netflix, HBO, etc, but it works for regular web traffic as well.

If you Google sniproxy openwrt you get a github page, that might be useful, still DIY though.