Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Transparent TLS proxy - possibilities?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Transparent TLS proxy - possibilities?

DarioXDarioX Member
in Help

Hey you nice people,

I am trying to setup a transparent TLS proxy on my VPS.
The operation resulted harder than initially expected.

I actually didn't find any standalone software that was capable of achieving this. Is there any major problem with the implementation that I'm not aware of?

All I want to do is forward a HTTPS request from A to B, passing through C. Of course I don't want to to decrypt the HTTPS traffic at all. Just want to forward it with the certificate provided by A. I do understand that the possible issue with that is a MITM attack aka I would need to provide a valid certificate that assures that the connection passing through my VPS is safe, but are there any other methods (without requiring an external certificate) that allow me to do what I'm trying to?

All I could find is a Kernel-level solution with TProxy: https://www.kernel.org/doc/Documentation/networking/tproxy.txt
But that forces me to not use OpenVZ for example and overall I'm quite surprised that there isn't any purely software-based solution.

Any thoughts about this?
Thanks in advance for any help & hints.

Comments

  • 4n0nx4n0nx Member

    Idk anything about that stuff but... GRE tunnel?

    Thanked by 1DarioX
  • perennateperennate Member, Host Rep

    I've used tcptunnel for semi-similar task -- http://www.vakuumverpackt.de/tcptunnel/

    It uses fork though, not the most efficient. But it is super easy to set up.

    Thanked by 1DarioX
  • AbdussamadAbdussamad Member
    edited March 2015

    nvm. my bad

  • DarioXDarioX Member

    @4n0nx said:
    Idk anything about that stuff but... GRE tunnel?

    Any software you can recommend? Idk anything about GRE tunnels :)

    @perennate said:
    I've used tcptunnel for semi-similar task -- http://www.vakuumverpackt.de/tcptunnel/

    It uses fork though, not the most efficient. But it is super easy to set up.

    Thanks! I tried many similar tools, but none of them worked so far. You sure it can tunnel https connections?

  • msg7086msg7086 Member

    Anything wrong with SNIProxy?

    Thanked by 1DarioX
  • jemaltzjemaltz Member

    HAProxy.

    Thanked by 1DarioX
  • perennateperennate Member, Host Rep

    DarioX said: Thanks! I tried many similar tools, but none of them worked so far. You sure it can tunnel https connections?

    It should be fine, it tunnels at the TCP level. SNIProxy that @msg7086 mentioned is probably more efficient though.

  • DarioXDarioX Member

    @perennate said:
    It should be fine, it tunnels at the TCP level. SNIProxy that msg7086 mentioned is probably more efficient though.

    Thanks for all the suggestions! SNIProxy seems to be perfect for what I'm trying to do. Still searching for a nodejs implementation tho.

  • 4n0nx4n0nx Member

    DarioX said: Any software you can recommend? Idk anything about GRE tunnels :)

    Me neither. :) I just know you can route all traffic from a certain port on a VPS to another VPS (e.g. redirect DDoS protected VPS port to game server port).

  • DarioXDarioX Member

    @4n0nx said:
    Me neither. :) I just know you can route all traffic from a certain port on a VPS to another VPS (e.g. redirect DDoS protected VPS port to game server port).

    Haha :)
    I got it done in the end with SNIProxy + custom node solution. Works very well. Thanks again for all your help!

    Thanked by 14n0nx
Sign In or Register to comment.