On 21/08/2014 8:59 a.m., squid_at_proxyplayer.co.uk wrote:
> why are you using unbound for this at all?
>
> Well, we use a geo location service much like a VPN or a proxy.
> For transparent proxies, it works fine, squid passes through the SSL
> request and back to the client.
> For VPN, everything is passed through.
> But with unbound, we only want to pass through certain requests and some
> of them have SSL sites.
> Surely, there's a way to pass a request from unbound, and redirect it
> through the transparent proxy, returning it straight to the client?
>
I'm not sure what you mean, unbound is a DNS server it does not process
HTTP protocol at all. All it does is tell the client where the *web
server* for a domain is located. But the client only needs to know which
route to use.
With a client connecting over WAN through a proxy you have:
client --WAN--> proxy --> Internet
client <--WAN-- proxy <-- Internet
plus for non-proxied traffic:
client --WAN--> Internet
client <--WAN-- Internet
With a client connecting over a VPN you have:
client --VPN--> proxy --> Internet
client <--VPN-- proxy <-- Internet
plus for non-proxied traffic:
client --VPN--NAT--> Internet
client <--VPN--NAT-- Internet
in both above cases the gateway router receiving WAN or VPN traffic is
responsible for the NAT/TPROXY/WCCP interception.
What I've gathered so far is that you are trying to achieve one of these:
A)
client --VPN--> proxy --> Internet
client <--VPN-- proxy <-- Internet
plus for non-proxied traffic:
client --WAN--> Internet
client <--WAN-- Internet
B)
client --VPN--> proxy --> Internet
client <--WAN-- proxy <-- Internet
plus for non-proxied traffic:
client --VPN--> Internet
client <--WAN-- Internet
which one?
Amos
Received on Wed Aug 20 2014 - 22:38:02 MDT
This archive was generated by hypermail 2.2.0 : Thu Aug 21 2014 - 12:00:06 MDT