<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html>
<head>
<meta name="Generator" content="Kopano WebApp v3.4.21.1704+968.1">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Squid 4.5 Transparent Proxy, StrongSwan VPN - Working in Browser but not in any android apps</title>
</head>
<body>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">Hi.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">I've got a strange problem, and I don't know if you can help me:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">To secure my mobile phone, I have set up a VPN using Strongswan which is used anytime I use an open WiFi hotspot. This works fine.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">But to get rid of all the trackers applied to websites and android apps, I want to use a proxy to filter any unwanted communication:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">So I have set up squid to intercept both port 80 and 443, with SSL_BUMP, Self-Signed Certificates, ...<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;">In firefox mobile, I had to download the CA-certificate in PEM format, so that firefox asked if I wanted to install the certificate. After doing so, the proxy works just fine, and any website shows the Squid Authority as CA. </p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">For Chrome, I had to download the CA-Certificate as .crt file. I installed that in Android, so that it is displayed in the user section of the Trusted-CA page. Afte that, Chrome accessed any website without complains, stating that every site was signed by the Squid Authority.<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">But now my problem:<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">Any android app I try wants to open an SSL connection to some servers, but none of them does work. Every app either says it has no connection, or shows a certifate mismatch...<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">Can anybody tell me what I have to do so that every android app accepts the intercepted connection?<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">Best regards,<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">Dirk<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;"><br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-size: 10pt; font-family: tahoma, arial, helvetica, sans-serif;">BTW: If any squid developer is reading this: Squid is awesome work! Thank you very much for such beauty!<br /></span></p>
<p style="padding: 0; margin: 0;"><span style="font-family: Times New Roman; font-size: medium;"> </span></p>
<p style="padding: 0; margin: 0;"></p>
<p style="padding: 0; margin: 0;"><u></u><span style="text-decoration: line-through;"></span><span style="font-size: medium;"></span><span style="font-family: Times New Roman;"></span><br /></p>
</body>
</html>