On 21/08/2014 8:59 a.m., squid@xxxxxxxxxxxxxxxxx wrote: > why are you using unbound for this at all? > > Well, we use a geo location service much like a VPN or a proxy. > For transparent proxies, it works fine, squid passes through the SSL > request and back to the client. > For VPN, everything is passed through. > But with unbound, we only want to pass through certain requests and some > of them have SSL sites. > Surely, there's a way to pass a request from unbound, and redirect it > through the transparent proxy, returning it straight to the client? > I'm not sure what you mean, unbound is a DNS server it does not process HTTP protocol at all. All it does is tell the client where the *web server* for a domain is located. But the client only needs to know which route to use. With a client connecting over WAN through a proxy you have: client --WAN--> proxy --> Internet client <--WAN-- proxy <-- Internet plus for non-proxied traffic: client --WAN--> Internet client <--WAN-- Internet With a client connecting over a VPN you have: client --VPN--> proxy --> Internet client <--VPN-- proxy <-- Internet plus for non-proxied traffic: client --VPN--NAT--> Internet client <--VPN--NAT-- Internet in both above cases the gateway router receiving WAN or VPN traffic is responsible for the NAT/TPROXY/WCCP interception. What I've gathered so far is that you are trying to achieve one of these: A) client --VPN--> proxy --> Internet client <--VPN-- proxy <-- Internet plus for non-proxied traffic: client --WAN--> Internet client <--WAN-- Internet B) client --VPN--> proxy --> Internet client <--WAN-- proxy <-- Internet plus for non-proxied traffic: client --VPN--> Internet client <--WAN-- Internet which one? Amos
