<div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">Thanks to everyone for the input and suggestions.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">I've setup something that works for my use-case: a LAN side shared socks5 SSH tunnel (which I can use as a proxy) using key file auth connected via sshuttle. sshuttle prevents/avoids tcp over tcp SSH performance issues.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">This is an easy low friction setup because the server side already has SSH installed and I can leave all VPN configuration, network configuration, iptables and routes as-is and it works as intended. In short the VPN continues to work as-is and the SSH tunnel works alongside it transparently.</div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small">There's more info here for anyone interested: </div><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><br></div><div class="gmail_default"><font face="verdana, sans-serif"><a href="https://github.com/apenwarr/sshuttle">https://github.com/apenwarr/sshuttle</a> </font><br></div><div class="gmail_default"><font face="verdana, sans-serif"><a href="http://sshuttle.readthedocs.io/en/stable">http://sshuttle.readthedocs.io/en/stable</a><br></font></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 18 November 2017 at 07:54, Anvar Kuchkartaev <span dir="ltr"><<a href="mailto:anvar@anvartay.com" target="_blank">anvar@anvartay.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="en-GB" style="background-color:rgb(255,255,255);line-height:initial"> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">You might use </div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">modprobe dummy</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">ifup dummy0</div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">ifconfig [some ip]/32 dummy0 </div><div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">To configure fake network card on vpn server instance and use it as proxy address. If you use in vpn server side subnet the ip address of dummy0 interface and the client side subnet your local network, in this case when you try to connect only to proxy ip address traffic will be forwarded through tunnel others not.</div><span class="HOEnZb"><font color="#888888"> <div style="width:100%;font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)"><br style="display:initial"></div> <div style="font-size:initial;font-family:Calibri,'Slate Pro',sans-serif,sans-serif;color:rgb(31,73,125);text-align:initial;background-color:rgb(255,255,255)">Anvar Kuchkartaev <br><a href="mailto:anvar@anvartay.com" target="_blank">anvar@anvartay.com</a> </div> <table width="100%" style="background-color:white;border-spacing:0px"> <tbody><tr><td colspan="2" style="font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> <div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0in 0in;font-family:Tahoma,'BB Alpha Sans','Slate Pro';font-size:10pt"> <div><b>From: </b>Joe Lippa</div><div><b>Sent: </b>viernes, 17 de noviembre de 2017 11:40 a.m.</div><div><b>To: </b><a href="mailto:users@lists.strongswan.org" target="_blank">users@lists.strongswan.org</a></div><div><b>Subject: </b>[strongSwan] http proxy through tunnel</div></div></td></tr></tbody></table></font></span><div><div class="h5"><div style="border-style:solid none none;border-top-color:rgb(186,188,209);border-top-width:1pt;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div><br><div id="m_-1455694710545320161_originalContent"><div dir="ltr"><div class="gmail_default" style="font-family:verdana,sans-serif;font-size:small"><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Hi all,</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Does anyone have an example of how to configure a http proxy server / proxy daemon alongside a strongswan VPN tunnel where strongswan is installed on linux? i.e. tinyproxy would be nice or some other method is fine too.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Background: at the moment I'm running a tunnel on a small linux device sat on the LAN which acts as a gateway for other devices on the LAN that want to tunnel traffic. This setup works well and it means that devices that want to tunnel traffic have their default gateway configured to the IP address of the VPN gateway device. However this setup means that ALL traffic gets routed via the tunnel for these devices.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">I'd like the option of running a http proxy server on the VPN gateway device to enable the option of configuring this proxy at application level for some devices on the LAN.</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px"><br></div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Thanks for any help</div><div style="margin:0px;padding:0px;border:0px;font-family:Arial,Helvetica,sans-serif;font-size:13px">Joe</div></div></div>
<br></div></div></div></div>
</blockquote></div><br></div>