NAT with OpenVpn instead of using Squid, Client Setup?


If I set up iptables to NAT my Vpn traffic throug the linode, how do i manage to point my browser to send traffic through the vpn? - I know, I could use "redirect-gateway" in Openvpn, but that would redirect all my traffic and I only want traffic from i.e. Firefox to be nat-ed. I imagine setting up a local proxy (Windows-machine) would be a possibility, but I have no concrete idea?

Could someone point me to to some tutorial or else about that?


13 Replies

if all you want to do is subject your firefox traffic through your linode, you dont need to worry about a vpn.

A simple proxy server will do your needs.

you could use ssh socks proxy, or a tiny non caching proxy on your linode, it doesn't have to be squid.

I would use the socks proxy with firefox configured to use socks to proxy the dns, too.

@chesty: ssh-socks is a good idea. which proxy servers do you mean, i only know squid, thx!

Take a look at tinyproxy.


If your OpenVPN server is set to forward traffic, then simply connecting with the OpenVPN client should automatically forward all traffic through the VPN.

If you'd like a trivial-to-set-up VPN solution, the OpenVPN guys make "OpenVPN Access Server". It's semi-commercial, but does come with 2 free simultaneous logins (extra logins cost $5 each, one-time fee). Deploying it is pretty simple (no configuration on your end), so you basically just need to install it and create some user accounts and you're golden. I'd recommend switching from the default TCP+UDP mode to UDP-only, though.


@chesty: ssh-socks is a good idea. which proxy servers do you mean, i only know squid, thx!

If you use ssh socks proxy, you don't need any other proxy. You don't really need the vpn, but either way works. On windows putty is the go for ssh socks proxy, if you google putty socks proxy you should get tutorials.

ok, thanks, I tested ssh-proxy and vpn+squid - both have dismal speed, maybe its because i am over the ocean, cant get over 150kb/sek, but thats another story


Squid proxy is for caching stuff, so just connect to the VPN server. I doubt that has anything to do with your bandwidth, however.

Encrypting your traffic and tunneling it to another server usually does not improve performance. It can make it much worse, especially when the server is far away.

(That said, a hotel I stayed at in California only rate-limited TCP traffic on the "free 512 kb/sec wireless." OpenVPN uses UDP by default. Pretty sure the hotel had a T1, and I'm pretty sure I was saturating it accidentally.)

thx all, maybe its the long distance+tunneling which slows down everything, scp gives me ca 300kb/sek, half for http over ssh proxy or vpn+squid.

SSH tunneling is TCP-over-TCP, so unless I'm mistaken, even the smallest packetloss or jitter is going to cause two layers of TCP to fight eachother. Congestion control on top of congestion control…

@guspaz: Thanks for your input, that is the solution! I changed openvpn to UDP and voila: near line speed of my internet connection - amazing!


I have an update: this worked amazingly fast until my ISP changed something, now I got max 8mbit/sec and tons of udp-packet replays. Tunnel over tcp works slightly more steadily, but is overall slower. i cant figure out any fix, seems my isp is shuffling udp packets. Do you have any ideas what I could try?



Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct