[strongSwan] http proxy through tunnel

Joe Lippa joe at jjssoftware.co.uk
Sat Nov 18 12:55:38 CET 2017

Thanks to everyone for the input and suggestions.

I've setup something that works for my use-case: a LAN side shared socks5
SSH tunnel (which I can use as a proxy) using key file auth connected via
sshuttle. sshuttle prevents/avoids tcp over tcp SSH performance issues.

This is an easy low friction setup because the server side already has SSH
installed and I can leave all VPN configuration, network configuration,
iptables and routes as-is and it works as intended. In short the VPN
continues to work as-is and the SSH tunnel works alongside it transparently.

There's more info here for anyone interested:


On 18 November 2017 at 07:54, Anvar Kuchkartaev <anvar at anvartay.com> wrote:

> You might use
> modprobe dummy
> ifup dummy0
> ifconfig [some ip]/32 dummy0
> To configure fake network card on vpn server instance and use it as proxy
> address. If you use in vpn server side subnet the ip address ‎of dummy0
> interface and the client side subnet your local network, in this case when
> you try to connect only to proxy ip address traffic will be forwarded
> through tunnel others not.
> Anvar Kuchkartaev
> anvar at anvartay.com
> *From: *Joe Lippa
> *Sent: *viernes, 17 de noviembre de 2017 11:40 a.m.
> *To: *users at lists.strongswan.org
> *Subject: *[strongSwan] http proxy through tunnel
> Hi all,
> Does anyone have an example of how to configure a http proxy server /
> proxy daemon alongside a strongswan VPN tunnel where strongswan is
> installed on linux? i.e. tinyproxy would be nice or some other method is
> fine too.
> Background: at the moment I'm running a tunnel on a small linux device sat
> on the LAN which acts as a gateway for other devices on the LAN that want
> to tunnel traffic. This setup works well and it means that devices that
> want to tunnel traffic have their default gateway configured to the IP
> address of the VPN gateway device. However this setup means that ALL
> traffic gets routed via the tunnel for these devices.
> I'd like the option of running a http proxy server on the VPN gateway
> device to enable the option of configuring this proxy at application level
> for some devices on the LAN.
> Thanks for any help
> Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20171118/11cc1524/attachment.html>

More information about the Users mailing list