[squid-users] How to pass TeamViewer traffic

Marcus Kool marcus.kool at urlfilterdb.com
Sat Oct 23 16:56:47 UTC 2021


sslbump can be used in peek+splice and peek+bump modes.

Depending on what Squid finds in the peek (e.g. a teamviewer FQDN) Squid can decide to splice (not interfere) the connection.

Below is an example.

Marcus



# TLS/SSL bumping definitions

acl tls_s1_connect at_step SslBump1


# define acls for sites that must not be bumped

acl tls_server_is_bank ssl::server_name .abnamro.nl

acl tls_server_is_bank ssl::server_name .abnamro.com

acl tls_server_is_teamviewer ssl::server_name .teamviewer.com

acl tls_to_splice any-of tls_server_is_teamviewer tls_server_is_bank


# TLS/SSL bumping steps

ssl_bump peek tls_s1_connect    # /peek/at TLS/SSL connect data

ssl_bump splice tls_to_splice   # /splice //some/: no active bump

ssl_bump stare all   # /stare/(peek) at server

ssl_bump bump     # /bump/if we can (if the /stare///succeeded)




On 23/10/2021 17:41, Andrea Venturoli wrote:
> On 10/22/21 17:24, Alex Rousskov wrote:
>
>> I do not know much about TeamViewer, ...
>> You do not need SslBump and https_port for this.
>
> AFAIK you *cannot* use SslBump, as TeamViewer pinpoints certificates.
> If someone can prove me wrong, I'd be curious to know how they manage this.
>
>  bye
>     av.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20211023/ce2b5a95/attachment.htm>


More information about the squid-users mailing list