Openvpn + squid implement http Proxy

By simply using the openvpn proxy, all traffic on the local machine will go through the Remote VPN Server. However, when we roll over the wall, it is generally the traffic webpage, that is, as long as the http traffic goes through the VPN. Openvpn combined with squid's http forward proxy can provide the wall-over function for Web browsing, while other traffic such as QQ and thunder still follows the normal route.

There is a VPS with Unlimited Traffic in hand. It is a pity to simply put it on the site. It is also a best use to bring it to the outside world.

Prepare 2 Packages

Openvpn-2.0.9.tar.gz

Lzo-2.06.tar.gz

My system environment

650) this. width = 650; "title =" wps_clip_image-26614 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-26614 "src =" http://img1.51cto.com/attachment/201303/30/2600869_136463113719bR.png "height =" 33 "/>

Decompress, compile, and install

Tar xf lzo-2.06.tar.gz

Cd lzo-2.06

./Configure

Make & make install

Cd ..

Tar xf openvpn-2.0.9.tar.gz

Cd openvpn-2.0.9

./Configure -- with-lzo-headers =/usr/local/include/-- with-lzo-lib =/usr/local/lib

Make & make install

Configure OPENVPN Server

Cd easy-rsa/2.0/

Open the vars file and modify the following behavior information.

Export KEY_COUNTRY = "CN"

Export KEY_PROVINCE = "CA"

Export KEY_CITY = "ZheJiang"

Export KEY_ORG = "NingBo"

Export KEY_EMAIL = "lustlost@foxmail.com"

Read the variable in vars

. Vars

Reinitialize the keys folder

./Clean-all

Generate CA root certificate

./Build-ca all the way to press Enter.

650) this. width = 650; "title =" wps_clip_image-25738 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-25738 "src =" http://www.bkjia.com/uploads/allimg/131227/193S25107-1.png "height =" 312 "/>

Generate server certificate

./Build-key-server enter a password at the end and enter y as prompted.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/193S2B15-2.jpg "border =" 0 "alt =" "/>

Generate DH files

./Build-dh

650) this. width = 650; "title =" wps_clip_image-12116 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-12116 "src =" http://www.bkjia.com/uploads/allimg/131227/193S22Q6-3.png "height =" 462 "/>

Generate client certificate file

./Build-key-pass lustlost

650) this. width = 650; "title =" wps_clip_image-29059 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-29059 "src =" http://www.bkjia.com/uploads/allimg/131227/193S25Z6-4.png "height =" 682 "/>

Mkdir-p/etc/openvpn

Copy the configuration file and the keys folder to the openvpn configuration directory.

Cp keys/etc/openvpn/-

Cp/root/tools/openvpn-2.0.9/sample-scripts/openvpn. init/etc/init. d/openvpn

Cp/root/tools/openvpn-2.0.9/sample-config-files/server. conf/etc/openvpn/

Cd/etc/openvpn/

Edit the server. conf configuration file

Local 184.105.156.88

Port 7890

Proto tcp

Dev tun

Ca keys/ca. crt

Cert keys/server. crt

Key keys/server. key

Dh keys/dh1024.pem

Server 10.8.0.0 255.255.255.0

Ifconfig-pool-persist ipp.txt

Keepalive 10 120

Comp-lzo

Persist-key

Persist-tun

Status openvpn-status.log

Verb 3

Then install squid. Here, you only need to use the simple forward proxy function of squid, so yum is installed.

Yum install squid-y

Edit the squid configuration file and edit the following two lines

Http_port 10.8.0.1: 8080 # Only the address of the tun interface of openvpn can be bound here. If all the addresses are bound, your server will become a public proxy server...

Http_access allow all

Enable openvpn and squid services

Service squid satrt

Service openvpn satrt

View ports

650) this. width = 650; "title =" wps_clip_image-31379 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-31379 "src =" http://www.bkjia.com/uploads/allimg/131227/193S2M92-5.png "height =" 43 "/>

Ifconfig

650) this. width = 650; "title =" wps_clip_image-24704 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-24704 "src =" http://www.bkjia.com/uploads/allimg/131227/193S24108-6.png "height =" 113 "/>

An extra tun0 port is found.

Install and configure the client

OK server configuration is complete, and then download the client openvpn, I am win7 system, it is best to download the openvpn-2.2.2 version here

Download the CA root certificate and the file starting with the user name generated on the server, install the openvpn client, open the Client installation path, and have a config folder. Create a user folder under this folder.

650) this. width = 650; "title =" wps_clip_image-7053 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-7053 "src =" http://www.bkjia.com/uploads/allimg/131227/193S25227-7.png "height =" 260 "/>

Add the user configuration file lustlost. ovpn. Configure the following: remote fill in the openvpn server address and port, ca cert and key are files in the current folder

650) this. width = 650; "title =" wps_clip_image-4952 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-4952 "src =" http://www.bkjia.com/uploads/allimg/131227/193S21629-8.png "height =" 236 "/>

Open openvpn-gui, right-click the openvpn icon in the lower right corner of the taskbar, and click connect

650) this. width = 650; "title =" wps_clip_image-8915 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-8915 "src =" http://www.bkjia.com/uploads/allimg/131227/193S21629-9.png "height =" 197 "/>

Enter the password. After OK, the link is displayed successfully. The allocated address is 10.8.0.6.

650) this. width = 650; "title =" wps_clip_image-31417 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-31417 "src =" http://www.bkjia.com/uploads/allimg/131227/193S23563-10.png "height =" 82 "/>

Ping the tun0 port of the server on the local machine

650) this. width = 650; "title =" wps_clip_image-24373 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-24373 "src =" http://www.bkjia.com/uploads/allimg/131227/193S24G8-11.png "height =" 111 "/>

OK, set the proxy server settings for IE, chrome also uses the IE settings, so chrome users also follow this method

650) this. width = 650; "title =" wps_clip_image-12200 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-12200 "src =" http://www.bkjia.com/uploads/allimg/131227/193S22F1-12.png "height =" 343 "/>

OK. Open youtube for testing.

650) this. width = 650; "title =" wps_clip_image-15690 "style =" border-top: 0px; border-right: 0px; border-bottom: 0px; border-left: 0px; display: inline "border =" 0 "alt =" wps_clip_image-15690 "src =" http://www.bkjia.com/uploads/allimg/131227/193S25010-13.png "height =" 374 "/>

This article from the "lustlost-lost in desire" blog, please be sure to keep this source http://lustlost.blog.51cto.com/2600869/1167421