VPN Exit Controller - Usage Guide¶

This guide explains the dual-mode access provided by the VPN Exit Controller: Tailscale Exit Nodes for network-level routing and Proxy Services for application-level routing.

Overview¶

The VPN Exit Controller provides two complementary approaches for routing traffic through VPN containers in different countries:

🌐 Tailscale Exit Nodes: Full network-level routing where entire devices/networks route through VPN containers
🔗 Proxy Services: Application-level routing where individual applications use HTTP/HTTPS/SOCKS5 proxies

Both approaches use the same underlying VPN containers but provide different levels of integration and control.

Architecture Summary¶

┌─ Tailscale Exit Nodes ──────────────────────────┐ ┌─ Proxy Access ──────────────────────────────────┐
│                                                  │ │                                                  │
│  Device/Network → Tailscale → VPN Container     │ │  Application → Tailscale → VPN Container        │
│                   (Exit Node)   (NordVPN)       │ │               (Proxy)       (Squid/Dante)       │
│                                                  │ │                                                  │
└──────────────────────────────────────────────────┘ └──────────────────────────────────────────────────┘
                                    ↓
                            Internet (Country IP)

VPN Container Services: - Tailscale Exit Node: Full network routing via Tailscale mesh (--advertise-exit-node) - Squid HTTP/HTTPS Proxy: Port 3128 for web traffic (accessible via Tailscale IP) - Dante SOCKS5 Proxy: Port 1080 for application tunneling (accessible via Tailscale IP)
- Health Check Endpoint: Port 8080 for container monitoring - DNS Resolution: Uses NordVPN DNS (103.86.96.100, 103.86.99.100) with fallback

Choosing Your Approach¶

🌐 When to Use Tailscale Exit Nodes¶

Best for: - Routing all traffic from a device through a specific country - Mobile devices (iPhone, Android) using Tailscale app - Docker containers or VMs that need VPN access - Development environments requiring consistent geo-location - Any scenario where you want "set it and forget it" VPN routing

Example: Route your entire laptop through Germany

# List available exit nodes
tailscale status --peers | grep exit-de

# Enable Germany exit node
tailscale up --exit-node=exit-de-server456

# All traffic now appears from Germany
curl https://ipinfo.io/ip  # Returns German IP

🔗 When to Use Proxy Services¶

Best for: - Specific applications that need different geo-locations - Web scraping with rotating country IPs - Testing geo-restricted content from multiple countries - Development/testing without affecting system-wide traffic - Applications that already support proxy configuration

Example: Test from multiple countries simultaneously

# Test US endpoint via direct Tailscale proxy
curl -x http://100.86.140.98:3128 https://api.example.com/us

# Test German endpoint via different container
curl -x http://100.72.45.23:3128 https://api.example.com/de

# Test UK endpoint
curl -x http://100.125.27.111:3128 https://api.example.com/uk

Getting Current VPN Container Information¶

To discover available VPN containers and their Tailscale IPs:

# Get all active nodes with their Tailscale IPs
curl -u admin:Bl4ckMagic!2345erver http://100.73.33.11:8080/api/nodes

# Get optimal node for a specific country
curl -u admin:Bl4ckMagic!2345erver http://100.73.33.11:8080/api/load-balancer/best-node/us

# Get optimal UK node
curl -u admin:Bl4ckMagic!2345erver http://100.73.33.11:8080/api/load-balancer/best-node/uk

# List all available Tailscale exit nodes
tailscale status --peers | grep "exit-"

1. Proxy URL Format¶

Base Domain Structure¶

All proxy endpoints use the following domain pattern:

proxy-{country}.rbnk.uk

Available Countries and Codes¶

Country	Code	Proxy URL	Description
United States	`us`	`proxy-us.rbnk.uk`	US-based exit nodes
Germany	`de`	`proxy-de.rbnk.uk`	German exit nodes
Japan	`jp`	`proxy-jp.rbnk.uk`	Japanese exit nodes
United Kingdom	`uk`	`proxy-uk.rbnk.uk`	UK-based exit nodes
Canada	`ca`	`proxy-ca.rbnk.uk`	Canadian exit nodes
Australia	`au`	`proxy-au.rbnk.uk`	Australian exit nodes
Netherlands	`nl`	`proxy-nl.rbnk.uk`	Dutch exit nodes
France	`fr`	`proxy-fr.rbnk.uk`	French exit nodes
Italy	`it`	`proxy-it.rbnk.uk`	Italian exit nodes
Spain	`es`	`proxy-es.rbnk.uk`	Spanish exit nodes
Switzerland	`ch`	`proxy-ch.rbnk.uk`	Swiss exit nodes
Austria	`at`	`proxy-at.rbnk.uk`	Austrian exit nodes
Belgium	`be`	`proxy-be.rbnk.uk`	Belgian exit nodes
Czech Republic	`cz`	`proxy-cz.rbnk.uk`	Czech exit nodes
Denmark	`dk`	`proxy-dk.rbnk.uk`	Danish exit nodes
Hong Kong	`hk`	`proxy-hk.rbnk.uk`	Hong Kong exit nodes
Hungary	`hu`	`proxy-hu.rbnk.uk`	Hungarian exit nodes
Ireland	`ie`	`proxy-ie.rbnk.uk`	Irish exit nodes
Norway	`no`	`proxy-no.rbnk.uk`	Norwegian exit nodes
Poland	`pl`	`proxy-pl.rbnk.uk`	Polish exit nodes
Romania	`ro`	`proxy-ro.rbnk.uk`	Romanian exit nodes
Serbia	`rs`	`proxy-rs.rbnk.uk`	Serbian exit nodes
Singapore	`sg`	`proxy-sg.rbnk.uk`	Singapore exit nodes
Sweden	`se`	`proxy-se.rbnk.uk`	Swedish exit nodes
Bulgaria	`bg`	`proxy-bg.rbnk.uk`	Bulgarian exit nodes

SSL/HTTPS Support¶

All proxy endpoints support SSL/TLS encryption with valid certificates from Let's Encrypt via Cloudflare DNS challenge.

2. Proxy Protocols¶

The VPN Exit Controller now provides multiple proxy protocols running inside each VPN container:

HTTP/HTTPS Proxy (Port 3128) - Squid¶

URL Format: http://<tailscale-ip>:3128
Protocol: HTTP/1.1 with HTTPS CONNECT support
Service: Squid proxy server
Use Case: Web browsing, API calls, general HTTP/HTTPS traffic
Features:
Header modification and anonymization
Caching disabled for privacy
Access control for Tailscale network (100.64.0.0/10)
SSL port filtering and security checks
Example: curl -x http://100.86.140.98:3128 http://ipinfo.io/ip

SOCKS5 Proxy (Port 1080) - Dante¶

URL Format: socks5://<tailscale-ip>:1080
Protocol: SOCKS5
Service: Dante SOCKS server
Use Case: Application-level proxying, TCP traffic tunneling
Features:
Protocol-agnostic (works with any TCP application)
No HTTP header inspection
Full TCP tunnel support
Example: curl --socks5 100.86.140.98:1080 http://ipinfo.io/ip

Health Check Endpoint (Port 8080)¶

URL Format: http://<tailscale-ip>:8080/health
Protocol: HTTP/1.0
Use Case: Container health monitoring, load balancing decisions
Response: Simple "OK" response for health checks
Features:
Lightweight HTTP server
Used by HAProxy for backend health checks
Always returns 200 OK if container is running

Legacy Country-Specific URLs (Deprecated)¶

The original country-specific proxy URLs (proxy-{country}.rbnk.uk:8080) are being phased out in favor of direct Tailscale IP access for better performance and reliability.

3. Client Configuration¶

Browser Proxy Settings¶

Chrome/Chromium¶

# HTTP proxy through Tailscale IP
google-chrome --proxy-server="http://100.86.140.98:3128"

# SOCKS5 proxy through Tailscale IP
google-chrome --proxy-server="socks5://100.86.140.98:1080"

# UK proxy examples
google-chrome --proxy-server="http://100.125.27.111:3128"
google-chrome --proxy-server="http://proxy-uk.rbnk.uk:8132"

# Legacy country-specific (still supported)
google-chrome --proxy-server="http://proxy-us.rbnk.uk:8080"

Firefox¶

Go to Settings → Network Settings
Select "Manual proxy configuration"
Modern Setup (Recommended):
HTTP Proxy: 100.86.140.98 Port: 3128
HTTPS Proxy: 100.86.140.98 Port: 3128
SOCKS5 Proxy: 100.86.140.98 Port: 1080
UK: HTTP/HTTPS: 100.125.27.111 Port: 3128, SOCKS5: 100.125.27.111 Port: 1080
Legacy Setup:
HTTP Proxy: proxy-us.rbnk.uk Port: 8080
HTTPS Proxy: proxy-us.rbnk.uk Port: 8443
UK: HTTP: proxy-uk.rbnk.uk Port: 8132, SOCKS5: proxy-uk.rbnk.uk Port: 1084

Command Line Examples¶

cURL¶

# HTTP proxy (modern - direct Tailscale IP)
curl -x http://100.86.140.98:3128 http://ipinfo.io/ip

# HTTPS proxy (modern - same port for HTTP proxy with CONNECT)
curl -x http://100.86.140.98:3128 https://ipinfo.io/ip

# SOCKS5 proxy (modern - direct Tailscale IP)
curl --socks5 100.86.140.98:1080 http://ipinfo.io/ip

# Legacy country-specific URLs (still supported)
curl -x http://proxy-us.rbnk.uk:8080 http://ipinfo.io/ip
curl --socks5 proxy-us.rbnk.uk:1080 http://ipinfo.io/ip

# Test with different countries
curl -x http://proxy-uk.rbnk.uk:8132 http://ipinfo.io/ip
curl -x http://proxy-de.rbnk.uk:8080 http://ipinfo.io/ip
curl --socks5 proxy-uk.rbnk.uk:1084 http://ipinfo.io/ip

wget¶

# HTTP proxy
wget -e use_proxy=yes -e http_proxy=proxy-us.rbnk.uk:8080 http://ifconfig.me

# HTTPS proxy
wget -e use_proxy=yes -e https_proxy=proxy-us.rbnk.uk:8443 https://ifconfig.me

Programming Language Examples¶

Python (requests)¶

import requests

# HTTP proxy
proxies = {
    'http': 'http://proxy-us.rbnk.uk:8080',
    'https': 'https://proxy-us.rbnk.uk:8443'
}

response = requests.get('http://ifconfig.me', proxies=proxies)
print(f"Your IP: {response.text}")

# SOCKS5 proxy (requires PySocks)
proxies = {
    'http': 'socks5://proxy-us.rbnk.uk:1080',
    'https': 'socks5://proxy-us.rbnk.uk:1080'
}

response = requests.get('http://ifconfig.me', proxies=proxies)
print(f"Your IP: {response.text}")

# With authentication
proxies = {
    'http': 'http://username:[email protected]:8080',
    'https': 'https://username:[email protected]:8443'
}

Node.js¶

const axios = require('axios');
const HttpsProxyAgent = require('https-proxy-agent');
const SocksProxyAgent = require('socks-proxy-agent');

// HTTP proxy
const httpAgent = new HttpsProxyAgent('http://proxy-us.rbnk.uk:8080');
const response = await axios.get('http://ifconfig.me', { httpAgent });
console.log(`Your IP: ${response.data}`);

// SOCKS5 proxy
const socksAgent = new SocksProxyAgent('socks5://proxy-us.rbnk.uk:1080');
const response2 = await axios.get('http://ifconfig.me', { httpAgent: socksAgent });
console.log(`Your IP: ${response2.data}`);

Go¶

package main

import (
    "fmt"
    "io/ioutil"
    "net/http"
    "net/url"
)

func main() {
    proxyURL, _ := url.Parse("http://proxy-us.rbnk.uk:8080")
    client := &http.Client{
        Transport: &http.Transport{
            Proxy: http.ProxyURL(proxyURL),
        },
    }

    resp, err := client.Get("http://ifconfig.me")
    if err != nil {
        panic(err)
    }

    body, _ := ioutil.ReadAll(resp.Body)
    fmt.Printf("Your IP: %s\n", string(body))
}

System-wide Proxy Configuration¶

Linux/macOS Environment Variables¶

export http_proxy=http://proxy-us.rbnk.uk:8080
export https_proxy=https://proxy-us.rbnk.uk:8443
export HTTP_PROXY=http://proxy-us.rbnk.uk:8080
export HTTPS_PROXY=https://proxy-us.rbnk.uk:8443

# SOCKS5
export all_proxy=socks5://proxy-us.rbnk.uk:1080
export ALL_PROXY=socks5://proxy-us.rbnk.uk:1080

Windows¶

set http_proxy=http://proxy-us.rbnk.uk:8080
set https_proxy=https://proxy-us.rbnk.uk:8443

4. Authentication¶

HTTP Basic Authentication¶

The system supports HTTP Basic Authentication for API access. Credentials are managed through the VPN Exit Controller API.

API Authentication Format¶

curl -u username:password -H "Content-Type: application/json" \
  http://10.10.10.20:8080/api/proxy/urls

Credential Management¶

Credentials are stored in /opt/vpn-exit-controller/configs/auth.txt
API endpoints require authentication via the verify_auth dependency
Web UI uses credentials: admin:Bl4ckMagic!2345erver

Proxy Authentication (if implemented)¶

# Python example with proxy authentication
proxies = {
    'http': 'http://username:[email protected]:8080',
    'https': 'https://username:[email protected]:8443'
}

5. Load Balancing and Failover¶

Automatic Load Balancing¶

The system implements intelligent load balancing with multiple strategies:

Available Strategies¶

Health Score (default): Combines latency, connection count, and server health
Least Connections: Routes to the server with fewest active connections
Round Robin: Distributes requests evenly across servers
Weighted Latency: Prioritizes servers with lower latency
Random: Randomly selects from healthy servers

API Usage¶

# Get optimal proxy for a country
curl -u admin:Bl4ckMagic!2345erver \
  "http://10.10.10.20:8080/api/proxy/optimal/us?strategy=health_score"

# Response example
{
    "node_id": "vpn-us-node-1",
    "country": "us",
    "tailscale_ip": "100.73.33.15",
    "server": "us5063.nordvpn.com",
    "proxy_urls": {
        "http": "http://proxy-us.rbnk.uk:8080",
        "https": "https://proxy-us.rbnk.uk:8443",
        "socks5": "socks5://proxy-us.rbnk.uk:1080"
    },
    "selected_strategy": "health_score"
}

Failover Behavior¶

Health Monitoring: Continuous health checks every 10 seconds
Automatic Failover: Unhealthy nodes automatically removed from rotation
Backup Servers: Default backup servers activated when all primary nodes fail
Connection Draining: Graceful handling of existing connections during failover

Performance Optimization Tips¶

Connection Pooling: Reuse connections when possible
Country Selection: Choose geographically closer countries for better latency
Protocol Selection: Use SOCKS5 for maximum compatibility, HTTP for web traffic
Load Balancing: Let the system handle load balancing rather than sticky sessions

6. Use Cases¶

Geo-location Testing¶

# Test website from different countries
curl -x http://proxy-us.rbnk.uk:8080 "https://ipinfo.io/json"
curl -x http://proxy-uk.rbnk.uk:8080 "https://ipinfo.io/json"
curl -x http://proxy-de.rbnk.uk:8080 "https://ipinfo.io/json"

Content Access by Region¶

import requests

countries = ['us', 'uk', 'de', 'jp']
ports = {'us': 8080, 'uk': 8132, 'de': 8080, 'jp': 8080}
for country in countries:
    port = ports[country]
    proxy = f'http://proxy-{country}.rbnk.uk:{port}'
    response = requests.get('https://example.com', proxies={'http': proxy, 'https': proxy})
    print(f"{country.upper()}: {response.status_code}")

Web Scraping with Different IP Addresses¶

import requests
import random

countries = ['us', 'uk', 'de', 'ca', 'au']
ports = {'us': 8080, 'uk': 8132, 'de': 8080, 'ca': 8080, 'au': 8080}

def get_random_proxy():
    country = random.choice(countries)
    port = ports[country]
    return {
        'http': f'http://proxy-{country}.rbnk.uk:{port}',
        'https': f'http://proxy-{country}.rbnk.uk:{port}'
    }

# Rotate proxies for each request
for i in range(10):
    proxies = get_random_proxy()
    response = requests.get('https://httpbin.org/ip', proxies=proxies)
    print(f"Request {i+1}: {response.json()['origin']}")

Privacy and Anonymity¶

# Check your real IP
curl http://ifconfig.me

# Check IP through US proxy
curl -x http://proxy-us.rbnk.uk:8080 http://ifconfig.me

# Check IP through different countries
for country in us uk de jp; do
    echo -n "$country: "
    case $country in
        uk) port=8132 ;;
        *) port=8080 ;;
    esac
    curl -s -x http://proxy-$country.rbnk.uk:$port http://ifconfig.me
done

7. Performance Considerations¶

Speed Test Results Interpretation¶

The system includes built-in speed testing capabilities:

# Get speed test results
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/speed-test/results

# Run speed test for specific country
curl -u admin:Bl4ckMagic!2345erver -X POST \
  http://10.10.10.20:8080/api/speed-test/run/us

Performance Metrics¶

Latency: Round-trip time to proxy server
Bandwidth: Upload/download speeds through proxy
Connection Success Rate: Percentage of successful connections
Health Score: Combined metric for overall proxy performance

Optimal Country Selection¶

import requests

# Get proxy statistics
auth = ('admin', 'Bl4ckMagic!2345erver')
response = requests.get('http://10.10.10.20:8080/api/proxy/stats', auth=auth)
stats = response.json()

# Find country with best performance
best_country = None
best_score = 0

for country, urls in stats['available_proxy_urls'].items():
    # Logic to determine best country based on your requirements
    pass

Connection Pooling Recommendations¶

import requests
from requests.adapters import HTTPAdapter
from urllib3.util.retry import Retry

# Configure session with connection pooling
session = requests.Session()

# Retry strategy
retry_strategy = Retry(
    total=3,
    backoff_factor=1,
    status_forcelist=[429, 500, 502, 503, 504],
)

adapter = HTTPAdapter(
    pool_connections=10,
    pool_maxsize=20,
    max_retries=retry_strategy
)

session.mount("http://", adapter)
session.mount("https://", adapter)

# Use session with proxy
proxies = {'http': 'http://proxy-us.rbnk.uk:8080'}
response = session.get('https://example.com', proxies=proxies)

8. Troubleshooting¶

Common Connection Issues¶

1. Proxy Connection Refused¶

# Check if proxy is running
curl -I http://proxy-us.rbnk.uk:8080

# Check specific node health
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/proxy/health

2. DNS Resolution Issues¶

# Test DNS resolution
nslookup proxy-us.rbnk.uk
dig proxy-us.rbnk.uk

# Use alternative DNS
curl --dns-servers 8.8.8.8 -x http://proxy-us.rbnk.uk:8080 http://ifconfig.me

3. Authentication Errors¶

# Test API authentication
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/status

# Check authentication headers
curl -v -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/proxy/urls

Debugging Proxy Problems¶

Enable Verbose Logging¶

# Python requests debugging
import logging
import requests

logging.basicConfig(level=logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True

Test Proxy Connectivity¶

# Test basic connectivity
nc -zv proxy-us.rbnk.uk 8080

# Test SOCKS5 connectivity
nc -zv proxy-us.rbnk.uk 1080

# Test with timeout
timeout 10 curl -x http://proxy-us.rbnk.uk:8080 http://ifconfig.me

Check HAProxy Statistics¶

# Access HAProxy stats (if enabled)
curl http://10.10.10.20:8404/stats

# Get detailed proxy statistics
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/proxy/stats

Performance Troubleshooting¶

1. Slow Proxy Response¶

# Test latency to different countries
for country in us uk de jp; do
    echo -n "$country: "
    case $country in
        uk) port=8132 ;;
        *) port=8080 ;;
    esac
    time curl -s -x http://proxy-$country.rbnk.uk:$port http://ifconfig.me >/dev/null
done

2. High Connection Failures¶

# Check node health across all countries
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/nodes/status

# Monitor connection metrics
curl -u admin:Bl4ckMagic!2345erver \
  http://10.10.10.20:8080/api/metrics/connections

3. Load Balancing Issues¶

# Force different load balancing strategies
curl -u admin:Bl4ckMagic!2345erver \
  "http://10.10.10.20:8080/api/proxy/optimal/us?strategy=least_connections"

curl -u admin:Bl4ckMagic!2345erver \
  "http://10.10.10.20:8080/api/proxy/optimal/us?strategy=round_robin"

API Reference¶

Get All Proxy URLs¶

GET /api/proxy/urls
Authorization: Basic YWRtaW46Qmw0Y2tNYWdpYyEyMzQ1ZXJ2ZXI=

Response:
{
    "us": {
        "http": "http://proxy-us.rbnk.uk:8080",
        "https": "https://proxy-us.rbnk.uk:8443", 
        "socks5": "socks5://proxy-us.rbnk.uk:1080"
    },
    "uk": { ... }
}

Get Country-Specific URLs¶

GET /api/proxy/urls/{country}
Authorization: Basic YWRtaW46Qmw0Y2tNYWdpYyEyMzQ1ZXJ2ZXI=

Response:
{
    "country": "us",
    "proxy_urls": {
        "http": "http://proxy-us.rbnk.uk:8080",
        "https": "https://proxy-us.rbnk.uk:8443",
        "socks5": "socks5://proxy-us.rbnk.uk:1080"
    }
}

Get Optimal Proxy¶

GET /api/proxy/optimal/{country}?strategy=health_score
Authorization: Basic YWRtaW46Qmw0Y2tNYWdpYyEyMzQ1ZXJ2ZXI=

Response:
{
    "node_id": "vpn-us-node-1",
    "country": "us", 
    "tailscale_ip": "100.73.33.15",
    "server": "us5063.nordvpn.com",
    "proxy_urls": { ... },
    "selected_strategy": "health_score"
}

Support and Monitoring¶

Health Monitoring¶

Endpoint: http://10.10.10.20:8080/api/proxy/health
HAProxy Stats: http://10.10.10.20:8404/stats
System Status: http://10.10.10.20:8080/api/status

Logs and Diagnostics¶

Application Logs: journalctl -u vpn-controller -f
HAProxy Logs: /opt/vpn-exit-controller/proxy/logs/
Traefik Logs: /opt/vpn-exit-controller/traefik/logs/

For additional support or advanced configuration, refer to the main system documentation or contact the system administrator.