QuotaGuard VPN Tunneling
Question: “How can I do VPN Tunneling using Quotaguard?”
Answer: We have a wrapper program call QGSocksify that can route traffic destined for specific IP ranges through our proxies.
We have a few customers use this to send ALL of their outbound traffic through the proxy.
Here are our instructions on how to accomplish this:
-
Download QGSocksify and unpack into your project:
curl https://quotaguard.s3.amazonaws.com/quotaguard-socksify-latest.tar.gz tar xz -
Change your startup code to use QG Socksify. In Heroku this is done with the Procfile. Prepend your existing application startup with bin/qgsocksify.
So if you have a Procfile that looks like this:
web: npm startworker: rails worker go
Then change it to this:
web: bin/qgsocksify npm startworker: bin/qgsocksify rails worker go
-
Set the environment variable QUOTAGUARDSTATIC_MASK to this:
0.0.0.0/5,8.0.0.0/7,11.0.0.0/8,12.0.0.0/6,16.0.0.0/4,32.0.0.0/3,64.0.0.0/3,96.0.0.0/4,112.0.0.0/5,120.0.0.0/6,124.0.0.0/7,126.0.0.0/8,128.0.0.0/3,160.0.0.0/5,168.0.0.0/6,172.0.0.0/12,172.32.0.0/11,172.64.0.0/10,172.128.0.0/9,173.0.0.0/8,174.0.0.0/7,176.0.0.0/4,192.0.0.0/9,192.128.0.0/11,192.160.0.0/13,192.169.0.0/16,192.170.0.0/15,192.172.0.0/14,192.176.0.0/12,192.192.0.0/10,193.0.0.0/8,194.0.0.0/7,196.0.0.0/6,200.0.0.0/5,208.0.0.0/4
This should NOT mask out:
- 10.0.0.0/8 - LAN private range
- 127.0.0.0/8 - Loopback range
- 172.16.0.0/12 - LAN private range
- 192.168.0.0/16 - LAN private range
- 224.0.0.0+ - multicast and reserved range
Everything else should go through the QGSocksify.
- Commit and push your code.
Be sure to add all of the files from the first step. You may have to force add the .so file with the following additional command:
git add -f vendor/dante/lib/libdsocks.so.0
This solution may include software developed by Inferno Nettverk A/S, Norway.
If you have questions, or if this solution doesn’t work or fit your use case, please reach out to us at Support so we can help figure it out with you.
Working with sensitive data, like HIPAA, Financial, or Personally Identifiable Information (PII)?
Then you will want to check out our QuotaGuard Shield solution, it's the same as QuotaGuard Static, but with stronger end to end security for your requests. We can also help migrate current Static customers to Shield for free, just reach out to us at Support to request assistance. </div>