VPN’s and Gmail acess via Thunderbird

I recently signed up for a PIA VPN – which is great – I added a second router to my network and end created a subnet, and configured the router to connect solely to  PIA VPN.

It means that any PC/Laptop/Device attached to that router – by wire or via wireless has a degree of anonymity on the net, this is great for surfing, but for an email less so, why ? you ask.

As soon as I fired up Thunderbird it started to connect to my email providers (gmail) and was blocked, at the same time , I received emails to my other devices advising that my email may be compromised  as someone had attempted to sign on in a different location to my other signons.. it was a PITA to sort as you have to confirm via multi-factor that it was indeed a legitimate logon.

So as I have a small network , I looked for various solutions to allow me to continue using Thunderbird while not causing teh alerts from gmail.

At first I spent a day setting up a nginx webserver to run roundcube on a remote machine on my network, this proved to not be suitable as I have more than one imap based email provider and more that 1 account with each of them .

So I started to look at proxy’s , long story short I selected TinyProxy which in Archlinux is started via systemd and has a simple-ish configuration file , located at /etc/tinyproxy.

my final configuration file looks like this

 changes from defaults are commented
User tinyproxy
Group tinyproxy
Port 8080   # <em><< the port that tinyproxy listens on</em>
Listen 192.168.1.101 <em>#<< the address that is assigned to tinyproxy' physical interface</em>
Timeout 600
DefaultErrorFile "/usr/share/tinyproxy/default.html"
StatFile "/usr/share/tinyproxy/stats.html"
Syslog On
LogLevel Info
PidFile "/var/run/tinyproxy/tinyproxy.pid"
MaxClients 100
MinSpareServers 5
MaxSpareServers 20
StartServers 10
MaxRequestsPerChild 0
Allow 127.0.0.1   # client's network/subnet address
Allow 192.168.1.201/24
Allow 192.168.1.0/24
Allow 192.168.2.0/24
Allow 192.168.2.100/24
ViaProxyName "tinyproxy"
ConnectPort 443  # the port of SSL connections that are allowed
ConnectPort 563
ConnectPort 587
ConnectPort 993
ConnectPort 465

You also need to add rules to your firewall to allow both tcp and upd traffic on port 8080, I use shorewall so added the following to /etc/shorewall/rules

ACCEPT net fw tcp 8080 -
ACCEPT net fw udp 8080 -

and then restarted shorewall

shorewall restart

now that the proxy is ready to be used , we can tell Thunderbird about it, to do this open up Preferences> Advanced >network & disk-space > connect. and configure  a manual proxy for both HTTP ans SSL , leave SOCKS blank.

as the proxy on my network is on 192.168.1.101 and port 8080 , I just entered in that detail to the spaces as required.

so now I have a VPN’d machine , where the email client connects in the same locality as the rest of my devices

so far its working ok, I have had no warnings/alerts from gmail

Hope this helps someone somewhere

Jase

Advertisements
VPN’s and Gmail acess via Thunderbird

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s