But once the tunnel reaches the OpenVPN server, you can direct port 80
and 443 traffic from it via the proxy server can't you?
Once it gets to the OpenVPN server (where you would also have the proxy
server), isn't it decrypted?
Lots of companies have VPN tunnels and then route web traffic through a
proxy so it must be possible somehow.
On 11/08/12 13:54, Alex Crow wrote:
On 11/08/12 08:20, J Webster wrote:
Is there a way to push all openvpn connections using http ports
through a transparent squid and how?
Also, can I log which openvpn certificate/client is accessing which
pages in this way?
I assume I would have to use an alternative port or use firewall
rules to only allow squid connections from the network 10.8.x.x
Squid is an HTTP proxy, so no.
You can't really proxy OpenVPN as it's end-to-end encrypted with SSL.
If you issued the certs from your CA it might be possible to MITM it
but that may be illegal in many jurisdictions.
Alex
of course you can.
it's a basic IPTABLES rules and since openvpn uses a tunX interface
you can intercept all traffic from the tunX interface to the proxy.
but you cant force the clients to use the vpn as gateway to the whole
word but only to the VPN connection.
Regards,
Eliezer
So, I simply forward port 80 and 443 on network 10.8.00 to a transparent
squid proxy?
How can I record in the squid logs which OpenVPN client certificate is
using the proxy?
Also, how do I do this for rtmp connections because port 80 and 443 will
have to go via the proxy but rtmp will have to bypass it somehow?