Hello list,
I've successfully managed to setup the following: client -> stunnel (local on client) -> stunnel (on server) -> squid (same server)
I was wondering however if it would be possible to NOT use stunnel on the client side and connect directly to the server side one.
My current, working configs are below.
simplified server side stunnel.conf: cert = /etc/stunnel/stunnel.pem debug = 7 output = /var/log/stunnel.log client = no
[squid] accept = 3128 connect = 127.0.0.1:3129
client side config: cert = /etc/stunnel/stunnel.pem client = yes
[squid] accept = 127.0.0.1:8080 connect = server:3128
On the server side, I've tried specifying: client = yes protocol = connect protocolHost = 127.0.0.1:3129 #SSL terminates on the stunnel server (still unsure about this)
but because the proxy needs authentication (it used LDAP), I'm hitting what seems to be stunnel not returning the HTTP407 back to the client. 2020.03.13 20:18:34 LOG6[12306:140677061584640]: Client-mode connect protocol negotiations started 2020.03.13 20:18:34 LOG7[12306:140677061584640]: -> CONNECT 127.0.0.1:3129 HTTP/1.1 2020.03.13 20:18:34 LOG7[12306:140677061584640]: -> Host: 127.0.0.1:3129 2020.03.13 20:18:34 LOG7[12306:140677061584640]: -> 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- HTTP/1.1 407 Proxy Authentication Required 2020.03.13 20:18:34 LOG3[12306:140677061584640]: CONNECT request rejected 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Server: squid/3.5.20 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Mime-Version: 1.0 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Date: Fri, 13 Mar 2020 20:18:34 GMT 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Content-Type: text/html;charset=utf-8 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Content-Length: 3431 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Vary: Accept-Language 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Content-Language: en 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Proxy-Authenticate: Basic realm="myproxy" 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- X-Cache: MISS from myproxy 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- X-Cache-Lookup: NONE from myproxy:3129 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Via: 1.1 myproxy (squid/3.5.20) 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- Connection: keep-alive 2020.03.13 20:18:34 LOG7[12306:140677061584640]: <- 2020.03.13 20:18:34 LOG5[12306:140677061584640]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
I'm testing with the following command from the client side: curl -U mysuer -x http://myproxy:3128 https://www.google.com
Any help would be greatly appreciated.