over vpn is a good option too
I think your best bet is running squid running as a transparent proxy and connecting through a parent proxy.
I recently got a better router since the one from before broke.
It has more than enough free flash space to install squid.
So how do I set up what you suggested?
then how would I compile the sstp protocol used/needed by/for sstp-client?
because sstp-client is the only way I can do this via vpn.
I can't upgrade to a snapshot or pre-release because the snapshots' version of opkg ignores the http_proxy setting.
And because of that I can't install anything through opkg unless it's a manual upload from my pc while the router is running a snapshot or pre-release.
Here's the guide to install squid and use transparent mode:
Here are some guides to configure a parent proxy:
Nevermind, just saw the "proxy-only" option.
how do I turn off caching?
My router has neither the flash space nor a usb port to save the cache in.
And I don't want to use the caching feature anyway.
can squid forward to a parent proxy that isn't a Squid proxy?
if no, can both child and parent Squid proxies run on the same device?
It should work on any proxy. If a browser can use it, then I see no reason that squid wouldn’t be able to.
then I need someone to teach me through writing the configs and setting up Squid.
Since I haven’t done it before, I’ll try to do it in my test environment first, and will get back to you in a day or two.
how's it going so far?
Be aware that transparent proxy doesn't work with https... Which is the bulk of the web now.
Do you mean the proxy I connect to, or the sites I can visit once connected?
Because if it's just on the proxy I connect to, then it won't be a problem.
As the proxy I'll be connecting to is http only.
The sites you can visit, a transparent proxy is known in cryptography as a man in the middle attack. Https prevents that. So you can't transparently proxy https sites. You can do a successful man in the middle attack by installing certificates on all your devices but it's not generally a good idea for security or ease of use.
I assume that it doesn't matter that the proxy being connected to is intranet only on my end?
There's actually a "proxy", that let you do this, and handles https.
Unfortunately I don't think it's in the openwrt repository, it's called sniproxy.
I use it for tunneling geo blocked traffic through a VPS in US.
You map all the DNS names you want to route through it, to the IP of the host of sniproxy, and that's it.
The traffic affected will be routed using it, everything else goes the usual route.
I think it was initially designed for bypassing geo blocking on Netflix, HBO, etc, but it works for regular web traffic as well.
If you Google sniproxy openwrt you get a github page, that might be useful, still DIY though.
I've gotten squid to access another proxy(squid also). I haven't gotten to setting up in transparent mode. I think @dlakelan is right about the https handling through transparent mode, but I think there may be a way. I remember seeing a working pfsense firewall running transparent https before.
Is setting up a VPN tunnel feasible for you? That may be another way you could get this to work.