Michael Svanström

developer, photographer

Roll your own unblock-us

So you’ve got your VPS located in the US up and running but just don’t know how to put it to use? A nifty little tool named sniproxy will do great things for you.

In this tutorial we will be using a US based VPS, OpenVPN between our VPS and router (running Tomato) and sniproxy to proxy all traffic to web sites of our choosing. By doing so we’re bypassing the evilness of IP address location restrictions. Set up an OpenVPN server on your VPS. These are the important configuration bits.

/etc/openvpn/server.conf server 10.8.0.1 255.255.255.0 ;push "redirect-gateway def1"`

Compile and install sniproxy Configure sniproxy. Note that this configuration will allow anyone with access to this service to use your server as a proxy for ANY .com site. You should probably name the sites you wish to proxy explicitly.

/etc/sni_proxy.conf

 user daemon listener 10.8.0.1 8080 { proto http table http }
 listener 10.8.0.1 8443 { proto tls table https }
 table "http" { .*\.com * 80 } table "https" { .*\.com * 443 }  

Append the following to /etc/rc.local. Since our sniproxy is listening on 8080 and 8443, we need to redirect ports 80 and 443 to the respective ports.

 /usr/local/sbin/sniproxy -c /etc/sniproxy.conf # start sniproxy # add preroutes iptables -t nat -A PREROUTING -i tun0 -d 10.8.0.1 -p tcp --dport 80 -j DNAT --to 10.8.0.1:8080 iptables -t nat -A PREROUTING -i tun0 -d 10.8.0.1 -p tcp --dport 443 -j DNAT --to 10.8.0.1:8443  

You will also need to make sure your devices/browsers resolve yourfavouritesite.com to your VPS’s IP address. If you happen to be running Tomato on your router you can use a dnsmasq such as:

 # Never forward plain names (without a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv
 # If you don't want dnsmasq to read /etc/resolv.conf or any other
 # file, getting its servers from this file instead (see below), then
 # uncomment this. no-resolv # If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
 # files for changes and re-read them then uncomment this. no-poll address=/yourfavouritesite.com/10.8.0.1 server=8.8.8.8 server=8.8.4.4  

You can also choose to set up your own DNS server or “simply” adding all known hostnames to your hosts file.   Now fire up your OpenVPN client (preferably on your Tomato router!) and you’re good to go.  

Credits: