[squid-users] SSTP_DUPLEX_POST method
Wayne Gillan
wayne.gillan at jurox.com.au
Thu Dec 17 03:57:25 UTC 2015
Yes SSTP is a type of SSL VPN. Why behind a reverse proxy? Well just like other SSL services I need to share port 443 with one public IP address.
I've run packet captures on the client, vpn server and squid. The request is getting through ok and the vpn server is sending a reply. But squid is not forwarding the reply to the client I believe. Here's some snippets of the squid log:
2015/12/17 14:26:48.550| http.cc(762) processReplyHeader: HTTP Server REPLY:
---------
HTTP/1.1 200
Content-Length: 18446744073709551615
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 17 Dec 2015 03:26:48 GMT
----------
2015/12/17 14:26:48.556| client_side.cc(1377) sendStartOfMessage: HTTP Client local=ip.of.squid:443 remote=1.2.3.4:44582 FD 9 flags=1
2015/12/17 14:26:48.556| client_side.cc(1378) sendStartOfMessage: HTTP Client REPLY:
---------
HTTP/1.1 200 OK
Content-Length: 18446744073709551615
Server: Microsoft-HTTPAPI/2.0
Date: Thu, 17 Dec 2015 03:26:48 GMT
X-Cache: MISS from
X-Cache-Lookup: MISS from :443
Connection: keep-alive
----------
2015/12/17 14:26:48.557| client_side_reply.cc(1114) storeNotOKTransferDone: storeNotOKTransferDone out.size=240 expectedLength=-9223372036854775569
2015/12/17 14:26:48.557| client_side.cc(1827) stopSending: sending error (local=ip.of.squid:443 remote=1.2.3.4:44582 FD 9 flags=1): STREAM_UNPLANNED_COMPLETE; old receiving error: none
2015/12/17 14:26:48.673| Server.cc(362) sentRequestBody: sentRequestBody called
2015/12/17 14:26:48.673| Server.cc(423) sendMoreRequestBody: will wait for more request body bytes or eof
Seems like the large value of the Content-Length header field is causing issues. Squid waits for more data but the server never sends it because it's waiting for something from the client.
Is there any way to make squid just pass traffic exactly as it comes in?
-----Original Message-----
From: squid-users [mailto:squid-users-bounces at lists.squid-cache.org] On Behalf Of Eliezer Croitoru
Sent: Tuesday, 15 December 2015 6:23 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] SSTP_DUPLEX_POST method
Isn't SSTP is some kind of secure VPN service? which is based on SSL?
Why would you want to put a reverse proxy in front of a VPN service?
There are many things to do in the IP level but not much to do in the HTTP level.
Eliezer
On 15/12/2015 07:20, Wayne Gillan wrote:
> Hi all,
>
> I am trying to configure squid as a reverse proxy in front of a Microsoft SSTP VPN server but squid does not appear to be forwarding the requests. I think it may have something to do with this custom verb/method that Microsoft use. Seehttps://msdn.microsoft.com/en-us/library/cc247364.aspx. Should it work ok? I am running 3.1.19.
>
> Thank you,
> Wayne
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
______________________________________________________________________
This email is confidential. If you are not the intended recipient, you must not disclose or use the information contained in it.
If you have received this email in error, please notify us immediately by return email and delete the email and any attachments.
Any personal views/ opinions expressed by the writer may not necessarily reflect the views/ opinions of the company.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
More information about the squid-users
mailing list