VPN ON PROXY

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

VPN ON PROXY

abellon
Hello squidUsers,

I have a bit of a problem. Im currently on a network where there is a vpn
already configured and running. The proxy is working perfectly but for 1
issue. Te issue is as follows:

  VPN works perfectly, proxy sends ping, ssh, vnc, samba, cups protocols
by the tunnel but when trying to access local http adresses, the proxy
reads them as public http and send those protocols via wan... Making it
an error.

I have located the error (local http/https is read as public http and is
send by wan) how can I configure it so that the local http goes by the vpn
(tun1).


Thanks in advance.

Alexis



_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VPN ON PROXY

Antony Stone
On Thursday 08 March 2018 at 00:56:45, [hidden email] wrote:

> Hello squidUsers,
>
> I have a bit of a problem. Im currently on a network where there is a vpn
> already configured and running.

What is the VPN connecting?  I mean, what is defined as the "local" network and
what is defined as the "remote" network, for which traffic will pass through the
VPN?

> The proxy is working perfectly but for 1 issue. Te issue is as follows:
>
>   VPN works perfectly, proxy sends ping, ssh, vnc, samba, cups protocols
> by the tunnel

This sounds like you are trying to send almost everything over the VPN.

Why?  What is the purpose of this VPN?

> but when trying to access local http adresses,

Please define "local", in terms of which IP addresses you think are local, and
how this compares to the VPN configuration.

> the proxy reads them as public

So, are these addresses RFC1918 "private" addresses, or are they simply public
IPs which happen to exist in your local network?

> http and send those protocols via wan... Making it an error.
>
> I have located the error (local http/https is read as public http and is
> send by wan) how can I configure it so that the local http goes by the vpn
> (tun1).

Give us some examples of addresses which are being incorrectly routed, and
tell us how your VPN is set up, and we can give you some advice as to whether
this is a Squid problem or a VPN / network routing problem.


Regards,


Antony.

PS: No need to send the same question twice within 2 minutes :)

--
"Linux is going to be part of the future. It's going to be like Unix was."

 - Peter Moore, Asia-Pacific general manager, Microsoft

                                                   Please reply to the list;
                                                         please *don't* CC me.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VPN ON PROXY

abellon
> On Thursday 08 March 2018 at 00:56:45, [hidden email] wrote:
>
>> Hello squidUsers,
>>
>> I have a bit of a problem. Im currently on a network where there is a
>> vpn
>> already configured and running.
>
> What is the VPN connecting?  I mean, what is defined as the "local"
> network and
> what is defined as the "remote" network, for which traffic will pass
> through the
> VPN?
>
>> The proxy is working perfectly but for 1 issue. Te issue is as follows:
>>
>>   VPN works perfectly, proxy sends ping, ssh, vnc, samba, cups protocols
>> by the tunnel
>
> This sounds like you are trying to send almost everything over the VPN.
>
> Why?  What is the purpose of this VPN?
>
>> but when trying to access local http adresses,
>
> Please define "local", in terms of which IP addresses you think are local,
> and
> how this compares to the VPN configuration.
>
>> the proxy reads them as public
>
> So, are these addresses RFC1918 "private" addresses, or are they simply
> public
> IPs which happen to exist in your local network?
>
>> http and send those protocols via wan... Making it an error.
>>
>> I have located the error (local http/https is read as public http and is
>> send by wan) how can I configure it so that the local http goes by the
>> vpn
>> (tun1).
>
> Give us some examples of addresses which are being incorrectly routed, and
> tell us how your VPN is set up, and we can give you some advice as to
> whether
> this is a Squid problem or a VPN / network routing problem.
>
>
> Regards,
>
>
> Antony.
>
> PS: No need to send the same question twice within 2 minutes :)
>
> --
> "Linux is going to be part of the future. It's going to be like Unix was."
>
>  - Peter Moore, Asia-Pacific general manager, Microsoft
>
>                                                    Please reply to the
> list;
>                                                          please *don't* CC
> me.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>





So I have to networks in differnet physical locations(11.0.15.0/24,
11.0.20.0/24) connected by VPN (11.0.3.0/24). The VPN works perfectly fine
(yo can visualize the 2 networks files, connect by ssh, ping),my only
problem is, when i try to enter local addresses by http/s protocol, lets
say the router from the other network (11.0.15.2/24) from a browser(http
protocol) will have a time-out error.

PS: when ping 11.0.15.2 you DO get a response.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

R: VPN ON PROXY

Troiano Alessio
In reply to this post by Antony Stone
The VPN is on the proxy server or on a firewall?
In the first case it may be a problem of the software that do VPN, try to check "route" with linux command.
In the second case check that the firewall that do the VPN is the default gateway of the proxy, either you have to add static route for the address 11.x.x.x that are public address, wrong utilized in VPN...


Il presente messaggio e-mail e ogni suo allegato devono intendersi indirizzati esclusivamente al destinatario indicato e considerarsi dal contenuto strettamente riservato e confidenziale. Se non siete l'effettivo destinatario o avete ricevuto il messaggio e-mail per errore, siete pregati di avvertire immediatamente il mittente e di cancellare il suddetto messaggio e ogni suo allegato dal vostro sistema informatico. Qualsiasi utilizzo, diffusione, copia o archiviazione del presente messaggio da parte di chi non ne è il destinatario è strettamente proibito e può dar luogo a responsabilità di carattere civile e penale punibili ai sensi di legge.
Questa e-mail ha valore legale solo se firmata digitalmente ai sensi della normativa vigente.

The contents of this email message and any attachments are intended solely for the addressee(s) and contain confidential and/or privileged information.
If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately notify the sender and then delete this message and any attachments from your system. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. Unauthorized disclosure and/or use of information contained in this email message may result in civil and criminal liability. “
This e-mail has legal value according to the applicable laws only if it is digitally signed by the sender
-----Messaggio originale-----
Da: squid-users [mailto:[hidden email]] Per conto di [hidden email]
Inviato: giovedì 8 marzo 2018 01:43
A: [hidden email]
Oggetto: Re: [squid-users] VPN ON PROXY

> On Thursday 08 March 2018 at 00:56:45, [hidden email] wrote:
>
>> Hello squidUsers,
>>
>> I have a bit of a problem. Im currently on a network where there is a
>> vpn already configured and running.
>
> What is the VPN connecting?  I mean, what is defined as the "local"
> network and
> what is defined as the "remote" network, for which traffic will pass
> through the VPN?
>
>> The proxy is working perfectly but for 1 issue. Te issue is as follows:
>>
>>   VPN works perfectly, proxy sends ping, ssh, vnc, samba, cups
>> protocols by the tunnel
>
> This sounds like you are trying to send almost everything over the VPN.
>
> Why?  What is the purpose of this VPN?
>
>> but when trying to access local http adresses,
>
> Please define "local", in terms of which IP addresses you think are
> local, and how this compares to the VPN configuration.
>
>> the proxy reads them as public
>
> So, are these addresses RFC1918 "private" addresses, or are they
> simply public IPs which happen to exist in your local network?
>
>> http and send those protocols via wan... Making it an error.
>>
>> I have located the error (local http/https is read as public http and
>> is send by wan) how can I configure it so that the local http goes by
>> the vpn (tun1).
>
> Give us some examples of addresses which are being incorrectly routed,
> and tell us how your VPN is set up, and we can give you some advice as
> to whether this is a Squid problem or a VPN / network routing problem.
>
>
> Regards,
>
>
> Antony.
>
> PS: No need to send the same question twice within 2 minutes :)
>
> --
> "Linux is going to be part of the future. It's going to be like Unix was."
>
>  - Peter Moore, Asia-Pacific general manager, Microsoft
>
>                                                    Please reply to the
> list;
>                                                          please
> *don't* CC me.
> _______________________________________________
> squid-users mailing list
> [hidden email]
> http://lists.squid-cache.org/listinfo/squid-users
>





So I have to networks in differnet physical locations(11.0.15.0/24,
11.0.20.0/24) connected by VPN (11.0.3.0/24). The VPN works perfectly fine (yo can visualize the 2 networks files, connect by ssh, ping),my only problem is, when i try to enter local addresses by http/s protocol, lets say the router from the other network (11.0.15.2/24) from a browser(http
protocol) will have a time-out error.

PS: when ping 11.0.15.2 you DO get a response.


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: VPN ON PROXY

Matus UHLAR - fantomas
In reply to this post by abellon
On 07.03.18 19:43, [hidden email] wrote:
>So I have to networks in differnet physical locations(11.0.15.0/24,
>11.0.20.0/24) connected by VPN (11.0.3.0/24). The VPN works perfectly fine
>(yo can visualize the 2 networks files, connect by ssh, ping),my only
>problem is, when i try to enter local addresses by http/s protocol, lets
>say the router from the other network (11.0.15.2/24) from a browser(http
>protocol) will have a time-out error.

what is your browsers' proxy configuation? You apparently need to put
11.0.15.0/24, 11.0.20.0/24 and 11.0.3.0/24 in proxy exclusion list.



>PS: when ping 11.0.15.2 you DO get a response.

BTW do you work for USA department of defense?
because 11.0.0.0/8 is their IP range:

NetRange:       11.0.0.0 - 11.255.255.255
CIDR:           11.0.0.0/8
NetName:        DODIIS
NetHandle:      NET-11-0-0-0-1
Parent:          ()
NetType:        Direct Allocation
OriginAS:
Organization:   DoD Network Information Center (DNIC)
RegDate:        1984-01-19
Updated:        2007-08-22
Ref:            https://whois.arin.net/rest/net/NET-11-0-0-0-1

if not, you should probably use other private ranges, like 10.0.0.0/8

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users