[gschoppe]

!!UPDATE!!
I finally got the AnonyBox working perfectly. The Detailed steps are on my website:
http://gschoppe.com/blog/the-anonybox-how-to/

I want to run OpenVPN (with privateinternetaccess) and a SOCKS5 proxy on my E02, so that I can use some network services on other computers on my network anonymously.

The end goal is a device that connects to privateinternetaccess on boot, and provides a SOCKS5 tunnel to any computer in the 192.168.0.0/16 range. I also want to provide an HTTP proxy.

Unfortunately, I am at a bit of a loss as to how to go about this...

Here is where I stand:

I installed ntpd, but seem to have trouble getting it to run on boot
I installed openVPN, created the conf file, and managed to get it running in the background, but not as a daemon.
I installed dante, but have failed to get it configured and functional, due to lack of knowledge

Can anyone help me get this working?

[gschoppe]

ok, so here's an update:

• I managed to get NTPD going by enabling it through systemctl (details below for future n00bs), but it seems to take an extremely long time to synchronize after each reboot, so i went back to openntpd
• I managed to get OpenVPN working with privateinternetaccess.com (details below for future n00bs)
• Dante is installed and configured, but likes to fail on boot

Can anyone help me with setting up Dante?

-=a n00b's guide to Fixing System time and running OpenVPN w privateinternetaccess.com at boot=-
PART 1: OpenNTPD
1. $this->bbcode_second_pass_code('', 'pacman -Syu') - updates all packages on system
2. $this->bbcode_second_pass_code('', 'pacman -S openntpd') - installs openntpd (note: removes current network time package)
3. $this->bbcode_second_pass_code('', 'systemctl enable openntpd') - runs openntpd daemon at boot
4. $this->bbcode_second_pass_code('', 'systemctl start openntpd') - runs openntpd daemon now
PART 2: OpenVPN
5. $this->bbcode_second_pass_code('', 'pacman -S openvpn') - installs openVPN
6. $this->bbcode_second_pass_code('', 'wget https://www.privateinternetaccess.com/openvpn/openvpn.zip') - download the vpn configuration files for privateinternetaccess.com
7. $this->bbcode_second_pass_code('', 'unzip openvpn.zip') - unzip vpn config files
8. $this->bbcode_second_pass_code('', 'cp "YOUR REGION HERE.ovpn" /etc/openvpn/config.conf') - copy the config file for your region to /etc/openvpn and rename it
9. $this->bbcode_second_pass_code('', 'cp ca.crt /etc/openvpn/ca.crt') - copy certificate to /etc/openvpn
10. $this->bbcode_second_pass_code('', 'nano /etc/openvpn/auth.txt') - create a new file to hold your login credentials for privateinternetaccess.com
11. enter username on the first line and password on the second, with no additional characters or formatting. then hit ctr-x, then y, then enter
12. $this->bbcode_second_pass_code('', 'nano /etc/openvpn/config.conf') - open your config fire for editing
13. change "ca ca.crt" to "ca /etc/openvpn/ca.crt" (for some reason relative paths gave me trouble)
14. change "auth=user-pass" to "auth=user-pass /etc/openvpn/auth.txt" (tells openvpn to get the username/password from the auth file)
15. hit ctr-x, then y, then enter
16. $this->bbcode_second_pass_code('', 'curl ifconfig.me') - returns current public ip
17. $this->bbcode_second_pass_code('', 'systemctl enable openvpn@config.service') - starts openvpn as a daemon at boot
18. $this->bbcode_second_pass_code('', 'systemctl start openvpn@config.service') - starts openvpn as a daemon now
19. $this->bbcode_second_pass_code('', 'curl ifconfig.me') - returns current public ip... compare to the earlier result, to confirm that your vpn is active

[gschoppe]

Update 2:
I now have Dante and Squid installed and running. The entire system is functional from end to end. I have included my steps below. UPDATE!! SYSTEM IS COMPLETE

-=N00b's Guide to Anonymous Proxy Part 2=-
PART 1: INSTALL & CONFIGURE DANTE (SOCKS5 Proxy)
1. $this->bbcode_second_pass_code('', 'pacman -S dante') - installs the Dante package
2. $this->bbcode_second_pass_code('', 'nano /etc/sockd.conf') - edit Dante config
3. $this->bbcode_second_pass_code('', 'logoutput: syslog

#this allows connections from any computer on this side of the tunnel
internal: eth0 port = 1080
internal: 127.0.0.1 port = 1080

#this is the openvpn interface
external: tun0

#no login necessary (behind firewall/router)
method: username none
user.notprivileged: nobody

#local computers can use this as a proxy to anything
client pass {
from: 192.168.0.0/16 port 1-65535 to: 0.0.0.0/0
}

client pass {
from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}

client block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}

pass {
from: 192.168.0.0/16 to: 0.0.0.0/0
protocol: tcp udp
}

pass {
from: 127.0.0.0/8 to: 0.0.0.0/0
protocol: tcp udp
}

block {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect error
}')
3. hit ctrl-x, y, enter to save

PART 2: INSTALL SQUID (http proxy)
4. $this->bbcode_second_pass_code('', 'pacman -S squid') - installs the squid proxy (default settings are ok)

PART 3: CONTROL PROXIES WITH OPENVPN
5. $this->bbcode_second_pass_code('', 'nano /etc/openvpn/up.sh') - create a new script to run when openvpn connects sucessfully
6. $this->bbcode_second_pass_code('', '#!/bin/bash -e
echo none > /sys/class/leds/status\:blue\:health/trigger
echo default-on > /sys/class/leds/status\:green\:health/trigger
systemctl start sockd
systemctl start squid')
7. hit ctrl-x, y, enter to save
8. $this->bbcode_second_pass_code('', 'chmod +x /etc/openvpn/up.sh') - set script as executable
9. $this->bbcode_second_pass_code('', 'nano /etc/openvpn/down.sh') - create a new script to run when openvpn disconnects
10. $this->bbcode_second_pass_code('', '#!/bin/bash -e
echo none > /sys/class/leds/status\:green\:health/trigger
echo default-on > /sys/class/leds/status\:blue\:health/trigger
systemctl stop sockd
systemctl stop squid')
11. hit ctrl-x, y, enter to save
12. $this->bbcode_second_pass_code('', 'chmod +x /etc/openvpn/down.sh') - set script as executable
13. $this->bbcode_second_pass_code('', 'nano /etc/openvpn/config.conf') - edit openvpn configuration
14. add the following lines to the end of the file $this->bbcode_second_pass_code('', 'script-security 2
up /etc/openvpn/up.sh
down /etc/openvpn/down.sh
') - tells openvpn to run the scripts we just created when the vpn connection goes up or down

[dhead666]

Nice, I'm in the process of setting the same configuration.

Configuring OpenVPN was quite easy,
the only thing I wasn't sure about was how to let other machines use the vpn connection.

I thought SOCKS server wasn't required, only basic routing as described on the wiki: setting IPv4 forwarding, enabling promiscious lan and maybe editing the routing table.
I wasn't sure about the routing table so I didn't edit it, and it seems like without editing it no routing is done.
Have a look at Advanced L3 IP routing on the wiki @ https://wiki.archlinux.org/index.php/Op ... IP_routing

Anyway I'll try the SOCKS server approach, Thanks.

Few features to consider adding:
1. Using a script to auto rotate between vpn servers when your local SOCKS server can't connect to the remote vpn server.
2. Stopping the SOCKS server when no vpn connection is available.

EDIT: Working great, thanks mate.

[gschoppe]

I have two new fixes... first, ntpd is crap... it hangs for almost 3 minutes, when syncing on boot. I switched back to openntpd, despite its depricated status, and now time is set almost instantly.

I am still having an issue with Dante (socks server) crashing on boot and needing to be manually restarted. I think this is because it needs tun0 to be active before it can run. any thoughts on how to fix that would be really awesome.

as for a script to disable proxy on vpn failure, I'm not sure I need one. The external interface in my conf file is set to tun0. if the vpn goes down, that interface shouldn't go anywhere... at least i think.

as for cycling between vpn hosts, that would be nice, but so far my regional host has been stable as a rock.

future improvements? i want to write a script to use the front led color to symbolize the status of the tunnel.

[gschoppe]

Finally got it all working perfectly... I'll edit my earlier instructions to show the completed new solution.

the trick is that you can have openvpn run scripts on connect/disconnect.