I am trying to find what options exist to install a proxy server in Openwrt. I would prefer SOCKS4/5 over a plain HTTP proxy server, although at this point, probably I will not need more than proxying http traffic . Do you have any recommendations?
If there is integration in LUCI to facilitate configuration, it will be an advantage (nevertheless, I can handle commands SSH if needed). To this end, entering socks to search in the available software packages returns only luci-app-shadowsocks-libev as an option that includes a LUCI component. Any experience with shadowsocks?
What use-case do you expect to meet from running a proxy on your router? Also keep in mind that this requires quite some resources, many routers don't have that much to spare to cope with modern WAN speeds.
The use case is as follows: have a first web browser connecting directly without proxy to the web and running on the same machine a separate second web browser configured with the proxy. Because of the proxy being connected with a separate WAN connection to the Internet, the connections of the second browser would appear as originating from a different IP than those of the first web browser.
I understand that a proxy may tax a router. However, this should be like bouncing the packets, i.e., to my understanding, there is not even need to encrypt/decrypt like in a VPN setup. I am not into caching, etc, schemes, as in typical HTTP proxies...
Most traffic today is HTTPS that expects encryption.
So, it may be even more resource intensive than VPN.
VPN doesn't need to process HTTP headers.
Thanks for the replies, I have explained the advantage of SOCKS when using different browsers, one configured with SOCKS and one without at the same computer - this is not possible with VPN.
I guess that despite the availability of some SOCKS packages in the repository, people do not use it much...
Splitting traffic based on PBR with DSCP should also be possible.
Would using an SSH tunnel as proxy be an option? Most light-weight solution imo.
I have tried the command "ssh -D7777 firstname.lastname@example.org" at the Openwrt device which is to act as a socks server at port 7777 and I get the response "Dropbear v2020.81" and nothing else happens. The same response is output if I enter "ssh -D7777 email@example.com" where x.y.z.w is the address of a different Openwrt device. On the other hand, I can run Putty with the dynamic tunnel connecting to either Openwrt device - and works perfectly. But the Putty solution means that I run Putty at my PC, while I would like the ssh client to reside to the Operwrt router of my LAN.
Does somebody understand what "Dropbear v2020.81" signifies? Is it jthat the version of ssh in Openwrt does not support the -D parameter? If I omit -D, it goes through the authentication procedure as expected. I do not think it is a firewall problem, as I entered an explicit firewall rule to accept incoming connections at TCP port 7777.
you could try to install the "real" openssh-client package.
Another option could be to set up a web server, like apache, enable mod_proxy (and probably mod_ssl), and serve a HTTP proxy to the client(s).