On 21/08/2014 2:37 p.m., squid@xxxxxxxxxxxxxxxxx wrote: > >> which one? > It's client --> unbound --> if IP listed in unbound.conf --> forwarded > to proxy --> page or stream returned to client > > For others it's client --> unbound --> direct to internet with normal DNS > Replace "forwarded to proxy" with "IP address forged as proxy". Which is the source of the problem, your proxy does not have any TLS security certificates or keys to handle the HTTPS traffic properly, and no way to identify what the real server actually is. Squid does not yet support receiving SNI, nor do many client software support sending it. So the only way this can work is with packets *routed* through the Squid device. The unbound setup you have cannot work. What I am looking for is the network topology over which the TCP connections are supposed to flow. VPN connection, LAN connection, WAN connection, etc. This is necessary in order to identify which device is the suitable gateway to setup a "tunnel" to the proxy. Then we can look at what types of tunnel are appropriate for your situation. Amos
