ocproxy is a user-level SOCKS and port forwarding proxy for OpenConnect
based on lwIP.  When using ocproxy, OpenConnect only handles network
activity that the user specifically asks to proxy, so the VPN interface
no longer "hijacks" all network traffic on the host.

Commonly used options include:

  -D port                   Set up a SOCKS5 server on PORT
  -L lport:rhost:rport      Connections to localhost:LPORT will be redirected
                            over the VPN to RHOST:RPORT
  -g                        Allow non-local clients.
  -k interval               Send TCP keepalive every INTERVAL seconds, to
                            prevent connection timeouts


Dependencies:

libevent >= 2.0 - *.so library and headers


Building:

cd contrib/ports/unix/proj/ocproxy
make


Sample usage:

openconnect --script-tun --script \
    "./ocproxy -L 2222:unix-host:22 -L 3389:win-host:3389 -D 11080" \
    vpn.example.com

ssh -p2222 localhost
rdesktop localhost
socksify ssh unix-host
tsocks ssh 172.16.1.2
...

OpenConnect can (and should) be run as a non-root user when using ocproxy.


Sample tsocks.conf (no DNS):

server = 127.0.0.1
server_type = 5
server_port = 11080


Sample socks.conf for Dante (DNS lookups via SOCKS5 "DOMAIN" addresses):

resolveprotocol: fake
route {
        from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 11080
        command: connect
        proxyprotocol: socks_v5
}


FoxyProxy can be used to tunnel Firefox browsing through the SOCKS5 server.
This will send DNS queries through the VPN connection, and unqualified
hostnames (e.g. http://intranet/) should work.


dme@dme.org, 2012-11-14