Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Sharing connection to the internet over VPN?

MacSimoPark

MacSimoPark

macrumors member
Original poster
May 19, 2008
49
0
UK
I'll keep this nice and simple, and put the details at the bottom.

  • I have a PPC Server (10.4.7 Server)
  • It is hosting a VPN network
  • I want to be able to connect to the internet over VPN

Can somebody please tell me how to do this?

  • I want to do it because my school blocks Mail, Skype, BBC video etc.
  • The Server is a PowerMac G4 733 MHz connected via Ethernet to a Router (Netgear DG834DT).
  • I have enabled a DMZ, so that all connections are forwarded to the Server.
  • The VPN connection is L2TP, Authentication: MS-CHAPv2, Encryption 128-bit MPPE.
  • I tried to set up a Transparent Proxy with Squid, but I didn't know enough PPC terminal commands. (It refused 'make install').

Any help would be much appreciated.
 
O

operator207

macrumors 6502
Jul 24, 2007
487
0
When you tried a make install, what did it do? Specifically.

I use this at some clinics that I goto that have a firewall.

Bring the Proxy up:
Code: 
>cat proxy.sh 
#!/bin/sh
ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill
ssh -D 8080 -f -C -q -N user@server

Bring the proxy down:
Code: 
>cat proxydown.sh .sh
#!/bin/sh
ps auxww | awk '$0~/8080/&&$0!~/awk/{print $2}' |xargs kill

Then set your browser to use a socks 4 server at 127.0.0.1 without authentication. It tunnels all port 8080 traffic from your computer to the server, over an ssh connection.

You will need SSH open on the server, and you run the scripts from the machine your currently using.

You can edit the scripts for any port you want to bounce off your server. 443, 110, 143 etc...
I use a similar script for IMAP SMTP and rsync traffic, I just change the port numbers.

If you want to go the route of squid, either lock it down to specific IPs, or require authentication. It WILL be abused at some point. And I would be happy to help you with the error of the "make install", I will just need to know what it is, and how your running it (macports, source, etc...)
 
MacSimoPark

MacSimoPark

macrumors member
Original poster
May 19, 2008
49
0
UK
Thanks but SSH has major drawbacks for me...

Thanks for replying to such a specific topic with such knowledge!

I don't think this is the path I want to go down. SSH tunneling isn't for me. Instead what I want to be able to do is connect to my VPN using the L2TP over IPSec setting in Network Prefs. When I connect, I want to be able to surf without adding any proxy settings to the Network Prefs. To get this result, apparently I need a transparent Squid proxy on the VPN server, so that I can use Skype (which can't cope with proxies...).

I tried to run ./configure on a Squid package which I downloaded and it returned a message saying I don't have a cc compiler. I've never come across that before.

Cheers.
 
O

operator207

macrumors 6502
Jul 24, 2007
487
0
Try typing "which cc" and "which gcc" does it give you anything?

Have you installed the developer tools? If on Tiger do that.

I found a very old Binary: http://www.d2m.com.br/community/squid mac os x/

I have no clue if it works or not. I do know they arelady have squid 3.0 and 2.7 seems to be the current 2.x release.

You could also install macports, and do a "sudo make install squid" and let it compile itself. But you still need the dev tools.
 
O

operator207

macrumors 6502
Jul 24, 2007
487
0
MacSimoPark said:
Thank you so much for this, its just what I was looking for. I'm making progress now. I'll update tomorrow when this task should be complete.
Click to expand...

That binary being 2.5Stable10 SHOULD not suffer from this bug:
http://www.squid-cache.org/Advisories/SQUID-2008_1.txt

It says 3.0, but if you read it was only fixed in the 2.5Stable7 release and above, though apparently they neglected the 3.0 branch, and out up this advisory.

I wanted to make sure you were aware of this. I have run a squid proxy, and had friends that did too. I ran one for a friend in a country that likes to censor, but a few friends have not locked it down well, and gotten in trouble because they ran squid. Make sure your ISP's TOS is ok with this too. They may scan for proxies, and auto shutdown accounts running them.
 
MacSimoPark

MacSimoPark

macrumors member
Original poster
May 19, 2008
49
0
UK
operator207 said:
a few friends have not locked it down well, and gotten in trouble because they ran squid. Make sure your ISP's TOS is ok with this too. They may scan for proxies, and auto shutdown accounts running them.
Click to expand...


Thanks for the heads up, but my school won't be able to find out and my ISP should be ok with it.

What I really need help on now is making my squid proxy transparrent. Any ideas?

Cheers.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom