Victories with interarea routes and Squid!

So I have been struggling to apply my networking knowledge to use my FreeBSD in Singapore to enable me to access content.

I originally was using a client based installation of OpenVPN using a tunnel interface, while this worked quite well on desktops the connection quality was poor and it drained the battery on my Android devices.

I purchased a embedded AMD device with twin Ethernet nics and had planned to use it as a gateway – but my home internet connection uses VDSL. So I had to purchase a consumer router just to get online.

My original topology was like this:

VDSL –> Consumer router -> NAT -> FreeBSD Box -> OpenVPN Tunnel -> NAT -> WiFi Network

But that was absolutely dreadful. 3 layers of NAT! It was glitchy and slow. Horrible.

I finally settled on an OpenVPN tap interface and multiple OSPF areas. I would configure Quagga on the Digital Ocean droplet and on my Internal FreeBSD firewall (by name only). This way they could exchange routes and I would be able to directly connect to the DO droplet’s proxy service from my internal lan.

I also configured static routes on my consumer router so that I can access the proxy while on any wireless network.

The total configuration is quite complex but it works fantastically.

I ran into a snag configuring a static ip address for my internal FreeBSD firewall.
Here is how I got it working:
1.) make dirs /usr/local/etc/openvpn/ccd/
2.) touch /usr/local/etc/openvpn/ccd/DEFAULT
3.) Create /usr/local/etc/openvpn/ccd/”youruser”
Add this line (for a tap interface you must push the netmask):
ifconfig-push 172.16.1.2 255.255.255.0
4.) Change ownership:
# chown -R nobody:nobody /usr/local/etc/openvpn/ccd
# chmod -R 700 /usr/local/etc/openvpn
The last command makes the directories “searchable”. If it isn’t set OpenVPN cannot access the dirs even though they are owned by the group it runs as.

Here is the topology:
squid proxy.png

Internal FreeBSD config:
OpenVPN Config:
client openvpn conf
OSPF config:
firewall ospf config
OSPF/Quagga Config:
firewall ospf quagga

FreeBSD Droplet Config:
Rc.conf
server rc.conf
OpenVPN L2 config (I run two servers):
server openvpnl2 config

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s