Re: [squid-users] Put all port 80, 443 http https rtmp connections from openvpn through squid?

From: J Webster <jw.jwebster_at_gmail.com>
Date: Sat, 11 Aug 2012 17:15:22 +0200

But once the tunnel reaches the OpenVPN server, you can direct port 80
>> and 443 traffic from it via the proxy server can't you?
>> Once it gets to the OpenVPN server (where you would also have the proxy
>> server), isn't it decrypted?
>> Lots of companies have VPN tunnels and then route web traffic through a
>> proxy so it must be possible somehow.
>>
>> On 11/08/12 13:54, Alex Crow wrote:
>>> On 11/08/12 08:20, J Webster wrote:
>>>> Is there a way to push all openvpn connections using http ports
>>>> through a transparent squid and how?
>>>> Also, can I log which openvpn certificate/client is accessing which
>>>> pages in this way?
>>>> I assume I would have to use an alternative port or use firewall
>>>> rules to only allow squid connections from the network 10.8.x.x
>>> Squid is an HTTP proxy, so no.
>>>
>>> You can't really proxy OpenVPN as it's end-to-end encrypted with SSL.
>>> If you issued the certs from your CA it might be possible to MITM it
>>> but that may be illegal in many jurisdictions.
>>>
>>> Alex
>>
>>
> of course you can.
> it's a basic IPTABLES rules and since openvpn uses a tunX interface
> you can intercept all traffic from the tunX interface to the proxy.
> but you cant force the clients to use the vpn as gateway to the whole
> word but only to the VPN connection.
>
> Regards,
> Eliezer
>

So, I simply forward port 80 and 443 on network 10.8.00 to a transparent
squid proxy?
How can I record in the squid logs which OpenVPN client certificate is
using the proxy?
Also, how do I do this for rtmp connections because port 80 and 443 will
have to go via the proxy but rtmp will have to bypass it somehow?
Received on Sat Aug 11 2012 - 15:15:38 MDT

This archive was generated by hypermail 2.2.0 : Sat Aug 11 2012 - 12:00:03 MDT