Re: [Openvpn-users] feature request: HTTPS proxy support

Tue, 15 Mar 2016 15:17:10 -0700 

Yeah, instead of opening a TCP socket to a proxy port (eg 3128) and sending
"GET url..." proxy commands, you set up a TLS/TCP socket to a different
proxy port and then send your proxy commands. squid-3.X supports it and it
means we can securely (actually, privately would be a better word) run
proxied clients over the Internet. So I was thinking that if openvpn
supported TLS proxies, then we could run openvpn through a true TLS layer -
at the moment if you run openvpn on (say) TCP/443, that can be picked up by
layer7 firewalls as being non-HTTPS traffic (more correctly, non-TLS
traffic). If you encapsulated openvpn inside TLS, it would look to the
world identical to HTTPS traffic

On Wed, Mar 16, 2016 at 9:07 AM, Gert Doering <g...@greenie.muc.de> wrote:

> Hi,
>
> On Tue, Mar 15, 2016 at 03:52:50PM -0400, Jake Thompson wrote:
> > Are you talking about having OpenVPN connect through the proxy via
> > HTTP CONNECT, or have it disguise its traffic as HTTP GET and POST
> > requests?
>
> Neither.  Connect *to* the proxy using a SSL session (and then go ahead
> with HTTP CONNECT, but that part is long supported)
>
> I have no idea whether this functionality will show up, or how much work
> it is to make it happen, though.
>
> gert
> --
> USENET is *not* the non-clickable part of WWW!
>                                                            //
> www.muc.de/~gert/
> Gert Doering - Munich, Germany
> g...@greenie.muc.de
> fax: +49-89-35655025
> g...@net.informatik.tu-muenchen.de
>



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785231&iu=/4140
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users

Reply via email to