Learning...... Little odd way for here, read as much as you can before trying anything....
and get confused enough to forget the actual task.........
If the traffic between the local and remote proxies is sent through an SSH or Open VPN tunnel, then it will be encrypted as a matter of course.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
If you want TOR, why not just use TOR? That's a proxy to a proxy, just controlling the specific exit node.
ssh leaks DNS queries. I use a ssh-based SOCKS proxy when I'm away from home and don't want to deal with openvpn. I've posted my ssh-socks-proxy script somewhere here at least once. It uses port 64000.
OpenVPN is what I use, but there are newer, easier to configure, VPN solutions. They don't have the same time-in-wild proof of security, but at least 1 is being added to the Linux kernel.
I've never tried to have 2 proxies in series. I'd use a VPN to get to a proxy, if that was even needed
OR
I'd use TOR.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
Default DNS is UDP. ssh only handles TCP, so if trying to hide DNS (and you probably should), then either use a real VPN that handles **all** traffic or only access sites that in your /etc/hosts or a LAN-based DNS that doesn't leak externally.
Just like GPS data, DNS data provides a huge level of "metadata" for anyone who gains access to that data. People aren't paranoid enough about metadata.
Of course, everyone has a different level of "security" needs. My needs probably don't match those for others. My target security stance is like for a mid-CAP company, not doing any DoD business. Not quite Fortune 500 and definitely not secure enough to stop state attackers.
IMHO.
The OpenVPN or layer three tunnel can be formed between two parties only when both agree to do so. The VPN solution providers set the servers for the client to connect securely. The proxies only forward the request(s) made my the host/local user, hence if the connection is initiated as SSL (read HTTPS connection) then it must forward the same to obtain the reply. As most of the websites support HTTPS only over HTTP, hence, the data is already encrypted. Even still if you want to ensure that the connection is secured by SSL or not, please use the solution provided earlier - wireshark or tcpdump. The best way to understand the network better!Exactly, so that is my question. How to configure two proxies so that traffic between local and remote proxy is sent through SSH. Are there any documentation I can refer to ?
If the Squid server is not used as cache server but only for security purpose, IMO it is better to use a hardware/software firewall. They will provide more control over the network, better than proxy server. To manage SSL on squid check the command list in the text file attached.
Learning...... Little odd way for here, read as much as you can before trying anything....
and get confused enough to forget the actual task.........
I only use OpenVPN tunnels so the UDP/TCP issue doesn't arise.
If you set up an OpenVPN tunnel, each end will have a unique tunnel IP address in addition to its external address. For instance, on my local machine I have this configuration for OpenVPN:
That designates the local end of the tunnel as 10.1.1.30 and the remote 10.1.1.1. On the remote the values would be reversed. I could then configure the local squid to forward requests to the remote squid's 10.1.1.1 address. Then all the transactions are encrypted by default.Code:dev tun remote xxx.xxx.xxx.xxx ifconfig 10.1.1.30 10.1.1.1 port 43435 secret /etc/openvpn/keys/my.key [other stuff]
The "port" directive allows you to set a custom port. Usually I use the same value at both ends. The value should be >1023 because the connection does not run as the root user.
Again, read this for details: https://openvpn.net/community-resour...ey-mini-howto/
One more thing. If you set up such an OpenVPN tunnel, you don't really need two squid caches. You could simply run squid on the remote machine and point the clients on the local network to its tunnel IP. You would need to set up a static route on your network so that requests for, say, the 10.1.1.0/24 network would be forwarded to the remote over the tunnel. On my network, the local OpenVPN machine is just another workstation. Thus I have added a static route to my router that directs traffic for the 10.1.1.0/24 network to that workstation so it can be forwarded on to the remote.
Last edited by SeijiSensei; November 15th, 2018 at 06:23 PM.
If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.
Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
I would use a VPN to get to any remote Squid proxy too
or
I'd use TOR.
so finally between openvpn and ssh I chose openvpn-as. sure it is heavier then SSH but I am sure I am going to use more functionalities of open-vpn as I learn about it. Good thing is that it has module in dd-wrt so in a way my entire home network can be vpn'ed to openvpn-as server I host on google cloud platform.
Thanks SeijiSensei for the pointers.
Bookmarks