ocproxy is a user-level SOCKS and port forwarding proxy for OpenConnect
based on lwIP.  When using ocproxy, OpenConnect only handles network
activity that the user specifically asks to proxy, so the VPN interface
no longer "hijacks" all network traffic on the host.

Commonly used options include:

  -D port                   Set up a SOCKS5 server on PORT
  -L lport:rhost:rport      Connections to localhost:LPORT will be redirected
                            over the VPN to RHOST:RPORT
  -g                        Allow non-local clients.  Must be the first option.
  -k interval               Send TCP keepalive every INTERVAL seconds, to
                            prevent connection timeouts


Dependencies:

libevent >= 2.0 - *.so library and headers


Building:

cd contrib/ports/unix/proj/ocproxy
make


Sample usage:

openconnect --script-tun --script \
    "./ocproxy -L 2222:unix-host:22 -L 3389:win-host:3389 -D 11080" \
    vpn.example.com

ssh -p2222 localhost
rdesktop localhost
socksify ssh unix-host
tsocks ssh 172.16.1.2
...

OpenConnect can (and should) be run as a non-root user when using ocproxy.


Sample tsocks.conf (no DNS):

server = 127.0.0.1
server_type = 5
server_port = 11080


Sample socks.conf for Dante (DNS lookups via SOCKS5 "DOMAIN" addresses):

resolveprotocol: fake
route {
        from: 0.0.0.0/0 to: 0.0.0.0/0 via: 127.0.0.1 port = 11080
        command: connect
        proxyprotocol: socks_v5
}


dme@dme.org, 2012-11-14