On 23/12/2016 1:02 p.m., Sameh Onaissi wrote: > I have been trying to replicate what he is doing. > > I have tried 4 or 5 VPN software and none connects, including Hotspot > Shield. My iptables seem to be doing the job in that regard (Eliezer > helped me set them up) > Do you have matching ip6tables rules to prevent IPv6 networking being used for the prohibited things? >> On Dec 22, 2016, at 5:14 PM, Antony Stone wrote: >> >> On Thursday 22 December 2016 at 22:50:33, Sameh Onaissi wrote: >> >>> The user has hotspot shield installed on his PC, which I believe is a >>> similar extension to the one you mentioned. >> >>> He is getting by squid with some sort of VPN, I thought squid can be >>> configured against such things? Squid can only prevent things going through itself. Unless the VPN software is using HTTP(S) protocol messaging as a transport layer, AND that messaging goes through the proxy, the answer is no. That kind of control is what firewalls are for. >> >> It sounds as though you need to review your firewall (routing) policies. >> >> Anyone who is allowed to use a VPN can effectively bypass all security policies >> on your network. >> I second that. Keep in mind that "iptables" command only sets up rules for IPv4 connections. They could be using IPv6. 'VPN' also has a number of sub-types: 6to4, SOCKS, IP-IP, or remote NPT relay. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
