I've gotten squid to access another proxy(squid also). I haven't gotten to setting up in transparent mode. I think @dlakelan is right about the https handling through transparent mode, but I think there may be a way. I remember seeing a working pfsense firewall running transparent https before.
Is setting up a VPN tunnel feasible for you? That may be another way you could get this to work.
VPN tunnel is also feasible.
As long as it can tunnel through an sstp vpn that's manually specified,
which OpenVPN can't do.
And just so we're clear, it would have to be capable of tunneling everything that goes between the router and the internet through the vpn.
Pretty sure you can apply PBR to any VPN protocol.
okay, thankyou.
Could you please tell me how to write the routing rules to route everything between the router and the internet through the vpn?
Routing everything over the VPN is even simpler.
Just enable gateway redirection in the VPN config.
Specific instructions depend on the VPN protocol.
SSTP protocol.
And I hope the "gateway redirection" option is to be set on the router, and not the vpn server.
Because I can't change anything on the vpn server.
Gateway redirection should be enabled by default, unless you disable it specifically:
How do I set it up for SSTP vpn's?
Because the description of the "vpn-policy-routing" package doesn't list SSTP vpn's.
Establish the VPN connection and check the routes/rules:
ip route show table all; ip rule show
why would OpenWRT be monitoring my pc's vpn connection?
Otherwise I don't see how that tells me how to set it up.
If you want to route OpenWrt clients to VPN, set up the VPN connection on OpenWrt.
You haven't said how to setup SSTP specifically
It doesn't need to be SSTP specifically.
There are other VPN protocols that support HTTP proxy:
How do I setup the sstp-client package? - #13 by vgaetera
FFS!
I don't fricking mean vpn through http proxy.
I mean one or the other, NOT both.
Even if you are using SSTP, is still goes through a proxy.
Even if the proxy is transparent, it is still a proxy.
Thus, you will anyway use both explicitly or implicitly.
But this configuration is transparent to the router clients.
Only the router itself requires to set up the VPN connection.
So, the clients do not need to configure proxy and VPN.
I DON'T MEAN BOTH!!!!!
One or the other, NOT BOTH!!!!
I DO NOT MEAN BOTH!!!!
I MEAN ONLY ONE OF THEM!!!
And you still haven't said how to do sstp specifically.
SSTP client config for OpenWrt is almost the same as PPTP client:
https://openwrt.org/docs/guide-user/services/vpn/pptp/client
The only substantial difference should be:
opkg update
opkg install sstp-client
uci set network.vpn.proto="sstp"
uci commit network
/etc/init.d/network restart
1 Like
Proxy all trafic : yes it's possible, but not with half way used of squid stuff or the not clear shadowsocks old package. After doing lot of try for that i found : Brook ! Based on shadow... and multiple option. The package fully work and install as a breeze on rc4. I can have an openwrt acting as a full proxy. Just as if it was a vpn. I haven't find the status properly, but no big deal. it work and it do want you want.
That looks like it's perfect...!
Unfortunately because of this issue I can't go for it yet....
Unless there's a way to manually download all of the packages needed onto your pc without using OpenWRT to do it.