Yes SSTP is a type of SSL VPN. Why behind a reverse proxy? Well just like other SSL services I need to share port 443 with one public IP address.
I've run packet captures on the client, vpn server and squid. The request is getting through ok and the vpn server is sending a reply. But squid is not forwarding the reply to the client I believe. Here's some snippets of the squid log: 2015/12/17 14:26:48.550| http.cc(762) processReplyHeader: HTTP Server REPLY: --------- HTTP/1.1 200 Content-Length: 18446744073709551615 Server: Microsoft-HTTPAPI/2.0 Date: Thu, 17 Dec 2015 03:26:48 GMT ---------- 2015/12/17 14:26:48.556| client_side.cc(1377) sendStartOfMessage: HTTP Client local=ip.of.squid:443 remote=1.2.3.4:44582 FD 9 flags=1 2015/12/17 14:26:48.556| client_side.cc(1378) sendStartOfMessage: HTTP Client REPLY: --------- HTTP/1.1 200 OK Content-Length: 18446744073709551615 Server: Microsoft-HTTPAPI/2.0 Date: Thu, 17 Dec 2015 03:26:48 GMT X-Cache: MISS from X-Cache-Lookup: MISS from :443 Connection: keep-alive ---------- 2015/12/17 14:26:48.557| client_side_reply.cc(1114) storeNotOKTransferDone: storeNotOKTransferDone out.size=240 expectedLength=-9223372036854775569 2015/12/17 14:26:48.557| client_side.cc(1827) stopSending: sending error (local=ip.of.squid:443 remote=1.2.3.4:44582 FD 9 flags=1): STREAM_UNPLANNED_COMPLETE; old receiving error: none 2015/12/17 14:26:48.673| Server.cc(362) sentRequestBody: sentRequestBody called 2015/12/17 14:26:48.673| Server.cc(423) sendMoreRequestBody: will wait for more request body bytes or eof Seems like the large value of the Content-Length header field is causing issues. Squid waits for more data but the server never sends it because it's waiting for something from the client. Is there any way to make squid just pass traffic exactly as it comes in? -----Original Message----- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Eliezer Croitoru Sent: Tuesday, 15 December 2015 6:23 PM To: squid-users@lists.squid-cache.org Subject: Re: [squid-users] SSTP_DUPLEX_POST method Isn't SSTP is some kind of secure VPN service? which is based on SSL? Why would you want to put a reverse proxy in front of a VPN service? There are many things to do in the IP level but not much to do in the HTTP level. Eliezer On 15/12/2015 07:20, Wayne Gillan wrote: > Hi all, > > I am trying to configure squid as a reverse proxy in front of a Microsoft > SSTP VPN server but squid does not appear to be forwarding the requests. I > think it may have something to do with this custom verb/method that Microsoft > use. Seehttps://msdn.microsoft.com/en-us/library/cc247364.aspx. Should it > work ok? I am running 3.1.19. > > Thank you, > Wayne _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ ______________________________________________________________________ This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it. If you have received this email in error, please notify us immediately by return email and delete the email and any attachments. Any personal views/ opinions expressed by the writer may not necessarily reflect the views/ opinions of the company. ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________ _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
