On 21/08/2014 2:37 p.m., squid_at_proxyplayer.co.uk wrote:
>
>> which one?
> It's client --> unbound --> if IP listed in unbound.conf --> forwarded
> to proxy --> page or stream returned to client
>
> For others it's client --> unbound --> direct to internet with normal DNS
>
Replace "forwarded to proxy" with "IP address forged as proxy".
Which is the source of the problem, your proxy does not have any TLS
security certificates or keys to handle the HTTPS traffic properly, and
no way to identify what the real server actually is.
Squid does not yet support receiving SNI, nor do many client software
support sending it. So the only way this can work is with packets
*routed* through the Squid device. The unbound setup you have cannot work.
What I am looking for is the network topology over which the TCP
connections are supposed to flow. VPN connection, LAN connection, WAN
connection, etc.
This is necessary in order to identify which device is the suitable
gateway to setup a "tunnel" to the proxy. Then we can look at what types
of tunnel are appropriate for your situation.
Amos
Received on Thu Aug 21 2014 - 05:00:02 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 21 2014 - 12:00:06 MDT