There is another option if you don't have any issue to allow a certain public IP address access to your network you can use some kind of portal which will allow based on a SSL(even with self signed certificate) the "session" access to the service. If it sounds fine let me know and I will prepare and example. Eliezer ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: eliezer@xxxxxxxxxxxx From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of j m Sent: Tuesday, May 2, 2017 12:05 AM To: squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Re: Tutorial for better authentication than basic Wow, I didn't find that one. Not super secure, but better than clear text and I'm not too worried about someone sniffing my packets. ________________________________________ From: Eliezer Croitoru <mailto:eliezer@xxxxxxxxxxxx> To: 'j m' <mailto:acctforjunk@xxxxxxxxx>; mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx Sent: Monday, May 1, 2017 3:30 PM Subject: RE: Tutorial for better authentication than basic And what about digest authentication? ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: mailto:eliezer@xxxxxxxxxxxx From: squid-users [mailto:mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of j m Sent: Monday, May 1, 2017 4:18 PM To: mailto:squid-users@xxxxxxxxxxxxxxxxxxxxx Subject: Tutorial for better authentication than basic I'm using Ubuntu 16.04 Server in the home and would like to set up a proxy server for use from over the Internet. The main purpose for this is to easily access a few web-devices on my LAN without using VPN, and at times to route web traffic from a remote location through my home ISP. I do not need nor want any caching or filtering. I previously used Tinyproxy and that did the job, but it had no authentication whatsoever. I have basic authentication working on squid 3.5, where it asks for the username and password, but I believe this login is sent in clear text. I've did some research and found squid supports various better methods, such as kerberos, ntlm, smb, etc. However, while I'm able to install Linux and set up various things, I'm struggling with this authentication aspect. I have a suspicion some of these methods will not work well because they rely on other services (such as SMB) and may require opening more ports on my router, something I'm not crazy about. Amos previously suggested client cert auth, but I'm not sure how to set this up. Are there any other secure auth methods that would work well over the Internet and are fairly simple to configure? In any case, can anyone point me to an online tutorial somewhere (for a authentication newbie) that outlines how this is done? _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users