Browser only VPN or Proxies

[Terry Stanford 11]

Is there any way I can connect just one browser, say Firefox, to VPN or just one server as a proxy set up?
Or is there any browser extension for Firefox that might work with AirVPN in some way to achieve the same?

[grammarye 1]

I won't claim to know how secure it is, but I am running the new AirVPN Suite on a separate box (Raspberry Pi as it happens) with a SOCKS 5 proxy (Dante) for a split setup, and point Firefox at that. The browser and its DNS queries (assuming you check the relevant Firefox setting) all goes over the VPN at that point. So far DNS leak tests all show everything is fine, shows the VPN IP address etc. I haven't tested with other browsers, and not sure that others have the privacy settings to ensure DNS behaves without extra routing of that.

[Daniel15 14]

Usually this is done by configuring a HTTPS or SOCKS proxy in the Firefox settings, rather than using a VPN. Some competitor VPN services offer HTTPS proxies, I don't know whether AirVPN offers it though. There's also "split tunnelling" where some traffic goes through the VPN while other traffic does not, but as far as I know that's based on destination IP address rather than app.

There might be another way to accomplish the same thing - someone with more knowledge than me may be able to help

[Terry Stanford 11]

Thanks Daniel. Yes, I only really trust AirVPN, I have tried many others over the years and nobody (for me) has stood the test of time AND trust as well as Air. I was hoping there was some way to make ONLY Firefox route via VPN, all other traffic outside the tunnel. I hate to pay the silly prices for a private proxy just for this purpose! thanks, hopefullly someone can confirm if there's a way to do it or not

[Daniel15 14]

3 hours ago, Terry Stanford said:

I only really trust AirVPN, I have tried many others over the years and nobody (for me) has stood the test of time AND trust as well as Air.

Of course I just thought I'd mention that some providers do it, as that's what I've done in the past when I only wanted to tunnel one single app. I thought AirVPN may offer something similar, but it doesn't seem like they don't.
@grammarye's suggestion of running AirVPN's app (Suite / Eddie) or OpenVPN on a separate box (or in a Docker container or VM) then tunnelling through it either with a SOCKS proxy (eg. Dante) or HTTP + HTTPS proxy (eg. Squid) would work too, but that's a bit more complicated.

[Terry Stanford 11]

Yes thanks, that's a bit beyond me I think. Although I did have this idea and may be able to set it up instead of a VPS as I am currently doing:

Create a Linux VM in my mac.
Install another VPN inside that VM, maybe Mullvad or SurfShark or another reputable one.
Then I think my data is encrypted by the first VPN and 'mailed' to their server, but that data is then packaged/encrypted/routed by Eddie running on my Mac to go to their servers first.
When the data reaches Air servers it gets the Air encryption layer decrypted, then goes to the other VPN's servers, where it is fully decrypted and routed to the original destination.

I quite like that idea, just experimenting to see just how much privacy one can obtain without using the Tor network as I never use that and don't want to really (performance and ISP flagging of users)

I think this idea would mean VPN 1 (VM) would see my data but not my real IP, Air would see my real IP but not my data.
Does this make sense and sound like it would do what I think it would?

[Terry Stanford 11]

18 hours ago, grammarye said:

I won't claim to know how secure it is, but I am running the new AirVPN Suite on a separate box (Raspberry Pi as it happens) with a SOCKS 5 proxy (Dante) for a split setup, and point Firefox at that. The browser and its DNS queries (assuming you check the relevant Firefox setting) all goes over the VPN at that point. So far DNS leak tests all show everything is fine, shows the VPN IP address etc. I haven't tested with other browsers, and not sure that others have the privacy settings to ensure DNS behaves without extra routing of that.

Thanks. I had never heard of Dante. I have read the page on setting up Dante and still don't really understand, is it just a proxy IP like you can buy/rent to set up manually in firefox or whatever? Or is it a system which makes your Pi act as your proxy server for your other machine to tunnel browser traffic through it, kind of like your own VPN just for one app (FF)?
Nice if the latter, not quite what I am looking for here but I may try it out some time for fun!

[grammarye 1]

19 hours ago, Terry Stanford said:

Thanks. I had never heard of Dante. I have read the page on setting up Dante and still don't really understand, is it just a proxy IP like you can buy/rent to set up manually in firefox or whatever? Or is it a system which makes your Pi act as your proxy server for your other machine to tunnel browser traffic through it, kind of like your own VPN just for one app (FF)?
Nice if the latter, not quite what I am looking for here but I may try it out some time for fun!

The latter, correct. In my case it's running my own SOCKS proxy inside the firewall, mainly because the apps I want to have sent over the VPN have SOCKS settings rather than HTTP proxies, and pointing those apps to it. Think of it like an alternative gateway (and I could probably set up the Pi as an actual gateway too).

Essentially:
Firefox sends all its traffic to a SOCKS port on the Pi
The SOCKS proxy routes any incoming traffic on that port to whatever interface it's told to
That interface happens to be tun0 over the VPN
The VPN tunnel goes out over the usual default gateway of the local router

The only reason it's on a separate box is because configuring this to all happen on Windows directly & automatically is harder (though I have no doubt a Docker container could probably do it). I also wanted a location where I can proxy all DNS for the whole network, since a split network like this has a greater chance of DNS accidentally going out through the default gateway instead of the VPN (though Firefox has very configurable settings for DNS thankfully).

[Terry Stanford 11]

Very neat!