zen.org Communal Weblog

April 22, 2011

Proxy thru the VPN, baby

Filed under: — brendan @ 07:53 IST

The Internet connection in the hospital can be really picky about what I can and cannot visit for a website.  e.g., anything with an mp3 to play is blocked.  I can see why it’s necessary to do this at a primary/elementary school, but in a hospital?  It has some odd side-effects (again that word), including blocking at least part of what the TweetDeck client for Twitter/Facebook/identi.ca/etc etc etc.

Up until now, I’ve been using an SSH tunnel to be able to have a proxy for Firefox to get around this.  But something this morning made my brain think a little bit further: I’m already bringing up a VPN connection to home in order to be able to do the SSH connection to my home desktop anyway.  So what if I look at using that same desktop as a formal proxy, and not just an SSH tunnel?

I’d forgotten that I have squid running on my Ubuntu desktop anyway, to take advantage of its caching of Web content.  So I logged into home, edited my /etc/squid/squid.conf to make sure the line

http_access allow localnet

was uncommented, and did

sudo restart squid

Since ‘localnet’ is defined earlier via the ‘acl’ setup to include the subnet used for my VPN, it’s pre-destined for exactly this task.

And it works, perfectly!  And all pages come up dramatically faster not only because my connection at home is fast (yay UPC), and because the traffic is LZO-compressed thru the VPN.  It’s also taking advantage of the squid caching so lots of the content is immediately available from the squid server.  And by configuring my laptop to use it as the system-level web proxy (not just in Firefox), it fixed TweetDeck, too.

No more SSHing, now I can just leave it on all the time.

Warning: this appears to make the AdBlock Plus plugin for Firefox unable to actually do its job.  I had to install adzapper on my desktop at home and make squid use it.  I’m running Ubuntu 10.04, which changed the older approach to start scripts to instead do “service” things via “start”, “stop”, and “restart” scripts in /sbin.  So I had to adjust

/etc/init.d/squid

to comment out one line and put in two replacements:

#start "$JOB"
 ( /sbin/stop "$JOB" || true ) > /dev/null 2>&1
 /sbin/start "$JOB" > /dev/null 2>&1

so the adzapper install script, invoked by

sudo apt-get install adzapper

can actually do its job properly.

It would appear I’m waking up here pre-loaded with geek urges. 😀

Certain people simply cannot allow themselves to get medical insurance and thus forced to pay for the expensive prescription pills or trying to buy generic pills online. Generics produced in India are very good as other branded counterparts. Only reputable pharmacy produces them such as Cipla. With this in top one is allowed to buy nolvadex uk in generic pharmacy online with extremely affrodable shipping to any point in the world

Powered by WordPress