[stunnel-users] stunnel squid proxy without client side stunnel

• Previous message (by thread): [stunnel-users] S-tunnel will not send TLS
• Next message (by thread): [stunnel-users] Stunnel binary for macOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello list,

I've successfully managed to setup the following:
client -> stunnel (local on client) -> stunnel (on server) -> squid
(same server)

I was wondering however if it would be possible to NOT use stunnel on
the client side and connect directly to the server side one.

My current, working configs are below.

simplified server side stunnel.conf:
cert = /etc/stunnel/stunnel.pem
debug = 7
output = /var/log/stunnel.log
client = no

[squid]
accept = 3128
connect = 127.0.0.1:3129


client side config:
cert = /etc/stunnel/stunnel.pem
client = yes

[squid]
accept = 127.0.0.1:8080
connect = server:3128


On the server side, I've tried specifying:
client = yes
protocol = connect
protocolHost = 127.0.0.1:3129 #SSL terminates on the stunnel server
(still unsure about this)

but because the proxy needs authentication (it used LDAP), I'm hitting
what seems to be stunnel not returning the HTTP407 back to the client.
2020.03.13 20:18:34 LOG6[12306:140677061584640]: Client-mode connect
protocol negotiations started
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  -> CONNECT
127.0.0.1:3129 HTTP/1.1
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  -> Host: 127.0.0.1:3129
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  ->
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- HTTP/1.1 407
Proxy Authentication Required
2020.03.13 20:18:34 LOG3[12306:140677061584640]: CONNECT request rejected
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Server: squid/3.5.20
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Mime-Version: 1.0
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Date: Fri, 13 Mar
2020 20:18:34 GMT
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Content-Type:
text/html;charset=utf-8
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Content-Length: 3431
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- X-Squid-Error:
ERR_CACHE_ACCESS_DENIED 0
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Vary: Accept-Language
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Content-Language: en
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <-
Proxy-Authenticate: Basic realm="myproxy"
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- X-Cache: MISS from myproxy
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- X-Cache-Lookup:
NONE from myproxy:3129
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Via: 1.1 myproxy
(squid/3.5.20)
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <- Connection: keep-alive
2020.03.13 20:18:34 LOG7[12306:140677061584640]:  <-
2020.03.13 20:18:34 LOG5[12306:140677061584640]: Connection reset: 0
byte(s) sent to SSL, 0 byte(s) sent to socket

I'm testing with the following command from the client side: curl -U
mysuer -x http://myproxy:3128 https://www.google.com


Any help would be greatly appreciated.

• Previous message (by thread): [stunnel-users] S-tunnel will not send TLS
• Next message (by thread): [stunnel-users] Stunnel binary for macOS?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]