Zeroshell seems to have everything needed to be a good internet gateway.
I would like to use it in a country where censorship is pretty strong.
OpenVPN to a remote server is unfortunately not an option anymore, at least not in a standard configuration, authorities have successfully block OpenVPN connection since December 2012.
SSH tunnel on the other hand is a very good compromise, as it is supposedly faster and allow for whitelist/blacklist based connection.
Typically, Privoxy –> SOCKS remote proxy, with a proxy.pac is an efficient enough solution.
My idea is to use Zeroshell to generalize the solution and install it as gateway for a couple of LAN badly in the need for uncensored internet.
Looking at Zeroshell, proxy support does look pretty undeveloped at this stage. HAVP is the only listed proxy, and it seems fully oriented toward transparent LAN antivirus, with no caching or forwarding capabilities.
Opening a tunnel with command line being a given and working fine, the only missing piece would be a Squid and a privoxy or the likes.
Would it be possible to simply install a proxy software package and route traffic toward it?
Would it be possible to forward all traffic to a SOCKS proxy with iptable?
I am also living in a similar country and I have a working setup as you describe, but not using Zeroshell unfortunately.
What country are you in?
Do you know which restrictions they have placed on openvpn? ports or Deep Packet Inspection?
They started to block OpenVpn and other solution in december 2012.
I’m not sure how they do it. I can change port, it’ll work for a short time, then will be block. I’ve read about solutions consisting of playing with MTU.
ANywaym I’ve switched to SSH tunnel now, it’s good stable and fast, and probably won’t ever be blocked.
I’ve a working setup, but it require devices to go thru a proxy.
I’d like to have a transparent solution that would act as a router, with a blacklist of local website that shouldn’t be accessed thru the tunnel.
Zeroshell seems idea for that, except that it doesn’t seem to support routing thru an SSH tunnel….