Road Warriors Proxy

Thursday, September 17. 2009

Do you have a Notebook running Linux?

Do you frequently use it in different network environments with different proxy configurations?

Are you sick of frequently reconfiguring all the applications that have their own proxy settings like the web browser, the Java IDE, the desktop and the applications that uses its settings, the other desktop environment that uses other settings... and so on?

If your answer to these questions is yes, yes and yes then read on. The solution I present here allows you to configure proxy settings in any of your applications just once and will even change the proxy settings automatically as soon as you connect your laptop to a network.


The whole magic behind this solution is to run a lightweight proxy on your notebook computer. This proxy will be dynamically configured according to a pattern that matches an IP address pattern after the DHCP server has assigned it. And all your applications are configured to use your local running proxy. Voila... that's the simple idea behind it.

So here is how I set this up. Here are the prerequisites that you need to resemble my setup:

  • Kubuntu Intrepid or Jaunty
  • knetworkmanager or wicd
  • Tinyproxy
  • Optionally KDE with kdialog to display the update notifications

Depending on your environment you might want to adapt the script and configuration steps (I am curious about your setup, so please post a comment in case you believe that you found a better solution).

Installing a Local Proxy Server

So I have chosen to use Tinyproxy as local proxy server on my notebook. First of all it's very simple to configure, but even more important is its very low footprint. After all the proxy does not have to do serious work. It just has to forward HTTP, HTTPS and FTP requests to the current networks proxy or directly to the contacted server in case the network does not provide a network.

On Ubuntu systems the installation is a one liner as always:

apt-get install tinyproxy

After Tinyproxy has been installed you might want to change some of its basic settings like the port it is listening on. Just have a look at the configuration file at /etc/tinyproxy/tinyproxy.conf. It's well documented at pretty easy to configure. For now don't configure an upstream proxy. This will be done by the configuration script.

Configuration Script

For tinyproxy I have written a small shell script that checks the assigned IP address and configures tinyproxy accordingly.

  1. Download the script: roadwarriorsproxy.bz2
  2. Extract it: bunzip roadwarriorsproxy.bz2
  3. If necessary make it executable: chmod +x roadwarriorsproxy
  4. As the script must be run as root, it's very advisable to make root the owner of the script. Otherwise others might be able to change the script and do bad things: chown root:root roadwarriorsproxy
  5. Open the script in an editor and change the settings.
  6. The script requires ethtool, so install it: apt-get install ethtool

The configuration is pretty simple and is already documented. In the 'General Settings' section you might want to change the NETWORK_DEVICE_LIST variable. Your laptop might use wlan0 fuer it's WLAN interface. Mine is using eth1 for WLAN. Run ifconfig, if you are unsure.

If you are using KDE, you might want to get a notification, which proxy has been set. Then set ANNOUNCE_UPDATE to yes and ANNOUNCE_USER to your user name (the last option allows to display the notification on your desktop, as the script must be run as root). You are also able to change various paths to match your environment, but the preconfigured paths should be OK in case you are using Ubuntu.

In the next section you have to configure the proxies. The script already contains some examples and it is also well documented so I shouldn't need to explain how to set up a proxy configuration here. You can configure up to 254 proxies for different networks. I guess that should be enough. The configuration with the index 255 is reserved for fallback in case none of the previous IP patterns are matching. In general you will want to have no proxy in this case.

### Proxy configuration ########################################################
# The configuration of the proxies is organized in 'sets' that are identified
# through the same index number. Each set can have the following parameters:
#
#   config_name[<index>]=""
# [Required] The name of the configuration: An desired string that identifies
# the configuration.
#
#   ip_pattern[<index>]=''
# [Required] A pattern that matches the IP address for which the configuration
# shall be activated. Example:
#   ip_pattern[0]='192\.168\.\.*'
# Note the single quotes!
#
#   use_proxy[<index>]=
# [Required] Shall a proxy for this configuration be enabled or not?
#
#   proxy[<index>]=:
# [Optional] If a proxy should be used specify the name and the port using this
# setting. Example:
#   proxy[0]="externalproxy.example.com:8080"
#
#   no_proxy_urls[<index>]=
# [Optional] Space separated list of URLs for which the proxy shall be bipassed.
# Example:
#   no_proxy_urls="localhost .internal.example.com 192.168.0.0/255.255.255.0"
# For more information consult the tinyproxy configuration documentation.

# Home
config_name[0]="Home"
ip_pattern[0]='192\.168\..*'
use_proxy[0]=no

# Office
config_name[1]="Office"
ip_pattern[1]='123\.234\..*'
use_proxy[1]=yes
proxy[1]="proxy.example.com:8080"
no_proxy_urls[1]="localhost 127.0.0.1 .intranet.example.com"

# Default fallback configuration is #255
config_name[255]="Default"
ip_pattern[255]='.*' # Do not change the pattern for the fallback configuration
use_proxy[255]=no

Proxy settings for Firefox
Now it's the time for a first test run. Execute sudo roadwarriorsproxy. This should reconfigure Tinyproxy and restart it and on the shell you should get an output like '[Info] The proxy cofiguration '<Name>' has been activated'. If that is not the case, please re-check your settings in the script. Note that sudo must not ask any questions. It must be configured to run without asking for a password.

Next open up a browser and configure the local Tinyproxy as proxy server. By default the proxy server is listening on the port 8080, so enter localhost for the proxy host and 8080 as port. On the left you can see my proxy settings. Note that I have changed the default port of Tinyproxy to 8888. When you open up an URL the browser should be able to load it.

If that does not work, check if at least one tinyproxy process is running. If not the most likely case is that the configuration of Tinyproxy is wrong. Check /var/log/tinyproxy for more information or try to run tinyproxy directly and see its output.


Running the Script Automatically

When you have the script running and your browser is able to use the proxy to browse the web there is just one thing that's left to automate it completely. Launch it as soon as your computer acquires a network connection. For that you can either use knetworkmanager or Wicd.

KNetworkmanager is the network manager for KDE that sits in the system tray. In case you have it as a Plasmoid you are using the newer Plasma version that comes with Jaunty. However this is not able to configure notifications for events. But you still can install knetworkmanager with apt-get and use it anyway.

Knetworkmanager notifications

So when you have knetworkmanager running, do a right click on the tray icon and select Configure Notifications. This will open up the window you can see on the right. Select the event NetworkManager is now connected, click on Advanced and check Execute a programm. Enter sudo followed by the path to where you have installed the script (have I already mentioned that sudo must be able to run without any prompt?). From now on, the proxy should be configured every time you connect to the network.

In case you don't want to use KNetworkmanager because you are using Gnome or KNetworkmanager does not work for you (that's the case for my new notebook, where KNetworkmanager simply refuses to start a WiFi connection) you may want to use Wicd. In Wicd it's possible to specify different scripts for to be run before a connection was acquired (Pre-connection) after a connection was established (Post-connection) or when a link is lost (Disconnection). Simply expand the network for which you want to specify the script, click on the Scripts button and enter the path to the Road Warriors Proxy script in the Post-connection Script field. Note that you do not have to run the script with sudo in this case as the script is executed by the wicd daemon, which runs as root. This may be another pro argument for favoring Wicd over KNetworkmanager as you do not have to set up sudo to run without entering a password. You will have to repeat this for all the networks you are using, so each WLAN connection and the LAN connection.

Wicd script setup
There may be just one problem left. In case you are connected to a LAN at boot time, you'll get an IP address, before the Network Manager starts and it will not trigger this event. To circumvent this, I have also created an Application Link in ~/.kde/Autostart that runs the same command as knetworkmanager, so that the proxy is updated on each login in addition to the event triggered by KNetworkmanager.

 

And as last action you just have to reconfigure all other applications to use the local proxy. I have this setup running for some months now and it works without any problems. I never had to change my proxy since then in any application - a task which I performed several times in various applications each day previously.


Trackbacks


Trackback specific URI for this entry
    No Trackbacks

Comments


    #1 [deXter] on 11/15/09 at 03:20 AM [Reply]
    *Nice, but how do I specify a username/password for the proxy? Also, does this setup work with HTTP/1.1 ?
    #1.1 Carsten Schlipf on 11/15/09 at 06:16 PM [Reply]
    *I guess you mean a username/password for the upstream proxy. Well, I do not know and the tinyproxy configuration file does not given any hints. Maybe you have to specify user:password@proxy for the upstream proxy? Have you tried that. However you will have to enter the password in plain text in this case.

    There should be no problems with HTTP 1.1 though.
    #2 Michael on 12/20/11 at 08:08 PM [Reply]
    *Thank you very much for posting this. I have been looking for a proxy solution for when I am out on network consulting jobs. My clients to not always allow anyone to connect to their proxy and this is a great solution!

    Thanks!

    -Michael
    #3 Antonio Petrelli on 07/09/12 at 05:32 PM [Reply]
    *Thanks a lot! Now I save a lot of time thanks to your script and blog!

Add Comment

HTML-Tags will be converted to Entities.
Standard emoticons like :-) and ;-) are converted to images.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA