Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Squid reverse proxy and OS X server

    pfSense Packages
    2
    5
    1366
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stanthewizard last edited by

      Hello

      I've a OS X Server for Profile management of iOS devices.

      The login pages are accessible (through 80 and 443 with Squid) the right port are opened trough NAT.

      If the OS X server is directly nated with 80 and 443 everything is fine in LAN/WAN
      If the OS X server is behind the squid in LAN no issue in WAN impossible to enroll certificat and if certificat is previously enrolled impossible to push settings or to remotely wipe a device.

      Any idea what I have missed with squid ??

      Many thanks

      1 Reply Last reply Reply Quote 0
      • B
        blade5502 last edited by

        Hello,

        I,ve a similar problem (i use proxy_mod_security package (apache)) for reverse proxy.

        All ok in LAN or via IPv6 (direct without proxy) - if i try to enroll a new device it fails.

        The problem is, that the device wants to authenticate with to Server with a client certificate - but instead it try's to authenticate with the reverse proxy witch breaks Cert Auth.

        Here's some information about it: http://www.zeitoun.net/articles/client-certificate-x509-authentication-behind-reverse-proxy/start

        1 Reply Last reply Reply Quote 0
        • S
          stanthewizard last edited by

          Not that simple
          :-[

          1 Reply Last reply Reply Quote 0
          • B
            blade5502 last edited by

            Have tried many different configurations and don't get it to work

            Get these error with my Apache Proxy:
            Certificate Verification: Error (20): unable to get local issuer certificate
            Re-negotiation handshake failed: Not accepted by client!?

            Thats maby an interresting topic for you: http://forums.freebsd.org/showthread.php?t=26708

            1 Reply Last reply Reply Quote 0
            • S
              stanthewizard last edited by

              Thanks

              I have a better understanding of the why and maybe for the how

              I'll manage to keep you posted

              1 Reply Last reply Reply Quote 0
              • First post
                Last post