Search squid archive

Feasibility - Squid as user-specific SSL tunnel (poor-man's VPN)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, all - about to play with an approach to something, and I was hoping to bounce the idea off people here - pls let me know if that's not strictly within bounds/intents of the mailing list (new here).  This is close to the same concept as discussed here with a D.Veenker, in an exchange in April/2010 -- but not quite the same.

Is it possible to use Squid to create an ssh-tunnel effect, including use of a client certificate?  This would be to layer in SSL and client authentication, for applications and web servers for which (for reasons I won't go into here) it's not possible to reconfigure/recode to use SSL.

Concept would be to run Squid as a reverse proxy on the server, configured to do 2-way SSL (and doing HTTP to the parent server); then also run Squid on the client in standard proxy mode, likewise configured for 2-way SSL, pointing at a user's certificate via sslproxy_client_key.

Constraints I see are that multiple users couldn't be using the solution on the PC at the same time; and Squid would have to be restarted (or whatever the Windows equivalent of a squid -k reconfigure is, I still have to figure that out) to establish the tunnel.

Does this seem feasible?  Are there any potential gotchas that we should make sure we test early on, in attempting to achieve this?

Thanks!

----
David G. Bucci
301.240.4885
david.g.bucci@xxxxxxxx


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux