<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
What does OpenVPN to SQUID ?!<br>
<br>
21.04.15 7:17, snakeeyes пишет:<br>
<span style="white-space: pre;">> Thankx , I will tell u wt I did
so far abd hope u help me in the directive squid needed :<br>
><br>
> Mkdir /etc/openvpn/<br>
> wget
<a class="moz-txt-link-freetext" href="https://github.com/OpenVPN/easy-rsa-old/archive/master.zip">https://github.com/OpenVPN/easy-rsa-old/archive/master.zip</a><br>
><br>
> unzip master<br>
><br>
> cd easy-rsa-old-master/<br>
><br>
> <br>
><br>
> cp -R easy-rsa/ /etc/openvpn/<br>
><br>
> <br>
><br>
> cd /etc/openvpn/easy-rsa/2.0<br>
><br>
> chmod 755 *<br>
><br>
> source ./vars<br>
><br>
> ./vars<br>
><br>
> ./clean-all<br>
><br>
> <br>
><br>
> ./build-ca<br>
><br>
> <br>
><br>
> ./build-key-server server<br>
><br>
> <br>
><br>
> ./build-dh<br>
><br>
> <br>
><br>
> Now I have the files :<br>
><br>
> [root@squid keys]# ls -l<br>
><br>
> total 76<br>
><br>
> -rw-r--r-- 1 root root 4120 Apr 20 17:51 01.pem<br>
><br>
> -rw-r--r-- 1 root root 4006 Apr 20 17:52 02.pem<br>
><br>
> -rw-r--r-- 1 root root 1383 Apr 20 17:51 ca.crt<br>
><br>
> -rw------- 1 root root 912 Apr 20 17:51 ca.key<br>
><br>
> -rw-r--r-- 1 root root 245 Apr 20 17:51 dh1024.pem<br>
><br>
> -rw-r--r-- 1 root root 276 Apr 20 17:52 index.txt<br>
><br>
> -rw-r--r-- 1 root root 21 Apr 20 17:52 index.txt.attr<br>
><br>
> -rw-r--r-- 1 root root 21 Apr 20 17:51 index.txt.attr.old<br>
><br>
> -rw-r--r-- 1 root root 136 Apr 20 17:51 index.txt.old<br>
><br>
> -rw-r--r-- 1 root root 3 Apr 20 17:52 serial<br>
><br>
> -rw-r--r-- 1 root root 3 Apr 20 17:51 serial.old<br>
><br>
> -rw-r--r-- 1 root root 4120 Apr 20 17:51 server.crt<br>
><br>
> -rw-r--r-- 1 root root 729 Apr 20 17:51 server.csr<br>
><br>
> -rw------- 1 root root 920 Apr 20 17:51 server.key<br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> <br>
><br>
> What do I need for squid directive ?<br>
><br>
> <br>
><br>
> Is what I did above is okay ?<br>
><br>
> <br>
><br>
> <br>
><br>
> cheers<br>
><br>
> <br>
><br>
> From: squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>] On Behalf Of
Yuri Voinov<br>
> Sent: Monday, April 20, 2015 6:22 AM<br>
> To: <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> Subject: Re: [squid-users] squid HTTPs as reverse proxy
problem<br>
><br>
> <br>
><br>
><br>
> Man,<br>
><br>
> self-signed sertificate required only for SSL Bump (not pump
:)).<br>
><br>
> For SSL reverse proxy you need CA's signed server
certificate.<br>
><br>
> Feel the difference.<br>
><br>
> 21.04.15 5:16, snakeeyes пишет:<br>
> > Hi all , I need a help in<br>
><br>
> setting up squid for https reverse proxy<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > I mean I want to authorize the certificate on my
pc so that<br>
><br>
> be able to<br>
><br>
><br>
><br>
> > acces https using http not tunnel method<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > I have searched a lot and most of docs mention ssl
pump , but<br>
><br>
> again im here<br>
><br>
><br>
><br>
> > don't want ssl pump feature and all I need is just
reverse<br>
><br>
> proxy.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Here is steps that I did :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > cd /etc/squid<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > openssl req -new -newkey rsa:1024 -days 3650
-nodes -x509<br>
><br>
> -subj<br>
><br>
><br>
><br>
> > '/C=dsa/ST=asd/L=aaa/O=abcv/CN=abc' -keyout<br>
><br>
> /etc/squid/abc.pem -out<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > /etc/squid/abc.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > openssl x509 -in /etc/squid/abc.pem -outform DER
-out<br>
><br>
> /etc/squid/abc.der<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > whereis ssl_crtd<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > chown squid:squid /var/lib/ssl_db<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > after that edited squid.conf with :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > https_port 443 cert=/etc/squid/abc.pem
key=/etc/squid/abc.pem<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > then went to my browser and added abc.der as
authorized<br>
><br>
> certificates<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > when I connect to proxy I have erros logs :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:44:18 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:44:19 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:44:21 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:44:23 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:45:33 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:45:33 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:47:01 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:53:44 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:53:46 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > 2015/04/20 15:53:47 kid1| Error negotiating SSL
connection on<br>
><br>
> FD 11: Success<br>
><br>
><br>
><br>
> > (0)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Where could be the problem ?<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Here is my squid config :<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > squid -v<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Squid Cache: Version 3.5.1<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > Service Name: squid<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > configure options: '--prefix=/usr'
'--includedir=/include'<br>
><br>
><br>
><br>
> > '--mandir=/share/man' '--infodir=/share/info'<br>
><br>
> '--sysconfdir=/etc'<br>
><br>
><br>
><br>
> > '--enable-cachemgr-hostname=drx'
'--localstatedir=/var'<br>
><br>
><br>
><br>
> > '--libexecdir=/lib/squid'
'--disable-maintainer-mode'<br>
><br>
><br>
><br>
> > '--disable-dependency-tracking'
'--disable-silent-rules'<br>
><br>
> '--srcdir=.'<br>
><br>
><br>
><br>
> > '--datadir=/usr/share/squid'
'--sysconfdir=/etc/squid'<br>
><br>
><br>
><br>
> > '--mandir=/usr/share/man' '--enable-inline'<br>
><br>
> '--enable-async-io=8'<br>
><br>
><br>
><br>
> > '--enable-storeio=ufs,aufs,diskd,rock'<br>
><br>
> '--enable-removal-policies=lru,heap'<br>
><br>
><br>
><br>
> > '--enable-delay-pools' '--enable-cache-digests'<br>
><br>
> '--enable-underscores'<br>
><br>
><br>
><br>
> > '--enable-icap-client'
'--enable-follow-x-forwarded-for'<br>
><br>
> '--enable-auth'<br>
><br>
><br>
><br>
><br>
><br>
>
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,DB,POP3,getpwnam<br>
><br>
><br>
><br>
> > ,squid_radius_auth,multi-domain-NTLM'<br>
><br>
> '--enable-ntlm-auth-helpers=smb_lm'<br>
><br>
><br>
><br>
> > '--enable-digest-auth-helpers=ldap,password'<br>
><br>
><br>
><br>
> > '--enable-negotiate-auth-helpers=squid_kerb_auth'<br>
><br>
> '--enable-esi'<br>
><br>
><br>
><br>
> > '--disable-translation'
'--with-logdir=/var/log/squid'<br>
><br>
><br>
><br>
> > '--with-pidfile=/var/run/squid.pid'<br>
><br>
> '--with-filedescriptors=131072'<br>
><br>
><br>
><br>
> > '--with-large-files' '--with-default-user=squid'<br>
><br>
> '--enable-linux-netfilter'<br>
><br>
><br>
><br>
> > '--enable-ltdl-convenience' '--enable-ssl'<br>
><br>
> '--enable-ssl-crtd'<br>
><br>
><br>
><br>
> > '--enable-arp-acl'
'CXXFLAGS=-DMAXTCPLISTENPORTS=20000'<br>
><br>
> '--with-openssl'<br>
><br>
><br>
><br>
> > '--enable-snmp'<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > cheers<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > _______________________________________________<br>
><br>
><br>
><br>
> > squid-users mailing list<br>
><br>
><br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a>
<a class="moz-txt-link-rfc2396E" href="mailto:squid-users@lists.squid-cache.org"><mailto:squid-users@lists.squid-cache.org></a><br>
><br>
><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJVNRlzAAoJENNXIZxhPexG4/QIAJUl79LIoLOVaFJk2mygK+fd
<br>
IZdw9cXaZ3e7nVsgyZ/Ue4PYxQHyHuRXjU36rdVMsOn5xZV8Xltw37WEkMnZZvRF
<br>
DheuJ6T2FNVgkRJrMb1PcE4Wz/CjIbWje07l3B49Ou2HRuU5EIXYEerYxv52qXU5
<br>
k+T+lRrB1gGwPgH/BveM3JHKq1p2TDj9rR4eYc5VRJenZe7bgRF73ocpgzdkJYzb
<br>
Q3VpUhq3IZ+e1JSbiyGV2lD5Uc91Ys7vP8ER9rm4DSjSQC2rO94/jHBwr6mCQbZi
<br>
i2ZOA329mtXkfwTbGvWNeyFpNf/AfTxjOIBfY1ZWLfcPzZCm62rA8VIxMA7qaz8=
<br>
=264Y
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>