-
Notifications
You must be signed in to change notification settings - Fork 0
Accessing university network from home without VPN
Simon Anders edited this page May 17, 2025
·
2 revisions
This Cisco VPN client can be annoying as it routes all traffic through the VPN. Here is a solution (for Linux clients) that only reroutes traffic to the university subnet, and uses appl1 as proxy host.
First install redsocks. (Ubuntu: sudo apt-get install redsocks)
Then store the following config file somewhere
base {
log_debug = on;
log_info = on;
daemon = on;
redirector = iptables;
}
redsocks {
local_ip = 127.0.0.1;
local_port = 13521;
ip = 127.0.0.1;
port = 1080;
type = socks5;
login = "";
password = "";
}
Now place the following two scripts somewhere in your search path (and make them executable):
The first script activates the redirection. Call it, e.g., redir_uhd_up. You need to adjust two things:
- in line 3, put your own username after
BQ_USERNAME= - in line 4, put the path to the config file you have just stored after
REDSOCKS_CONFIG=
#!/bin/bash
# Define subnet and proxy port
UNIV_SUBNET="129.206.0.0/16"
REDSOCKS_CONFIG=~/bin/etc/redsocks.conf
REDSOCKS_PORT=13521 # must agree with local_port specified in redsocks config file
BQ_USERNAME=bq_sanders
SSH_DEST="appl1.bioquant.uni-heidelberg.de"
set -e # Exit on any error
# Start SOCKS proxy in background if not already running
if ! pgrep -f "ssh -Nf -D 1080" > /dev/null; then
ssh -Nf -D 1080 ${BQ_USERNAME}@$SSH_DEST
fi
# Start redsocks with config if not already running
if ! pgrep -x redsocks > /dev/null; then
redsocks -c $REDSOCKS_CONFIG
else
echo "redsocks already running."
fi
# Avoid re-adding rules or overwriting chain
sudo iptables -t nat -N REDSOCKS 2>/dev/null || true
# Flush REDSOCKS if already exists to avoid duplicates
sudo iptables -t nat -F REDSOCKS
# Redirect only university subnet
sudo iptables -t nat -A REDSOCKS -d "$UNIV_SUBNET" -p tcp -j REDIRECT --to-ports "$REDSOCKS_PORT"
# Only add jump to REDSOCKS if not already present
if ! sudo iptables -t nat -C OUTPUT -p tcp -j REDSOCKS 2>/dev/null; then
sudo iptables -t nat -A OUTPUT -p tcp -j REDSOCKS
fi
echo "Redsocks and iptables rules for UniHD subnet now active."
And here is the script to switch off the redirection. Call it, e.g., redir_uhd_down.
#!/bin/bash
set -e
# Stop redsocks if running
pkill redsocks 2>/dev/null || true
# Clean up iptables rules and custom chain
sudo iptables -t nat -D OUTPUT -p tcp -j REDSOCKS 2>/dev/null || true
sudo iptables -t nat -F REDSOCKS 2>/dev/null || true
sudo iptables -t nat -X REDSOCKS 2>/dev/null || true
# Optional: Kill SSH SOCKS tunnel
pkill -f "ssh -Nf -D 1080" 2>/dev/null || true
echo "Redsocks and iptables rules cleaned up."