2015-08-24 - Re: [GRASE-Hotspot] Connection through proxy

Header Data

From: Timothy White <ti***8@gmail.com>
Message Hash: e06fc7646e7eebeae560d275efb8104b0e9751ab4a479cb1841553b49d8db0dc
Message ID: <CAESLx0K8Fx4HPYgNzUv1=Wd6OjN-Qoc7fRLTQHgTUmKpyE8w4g@mail.gmail.com>
Reply To: <d382d1da-33a7-41e2-a106-cc38120914e7@grasehotspot.org>
UTC Datetime: 2015-08-24 02:57:09 UTC
Raw Date: Mon, 24 Aug 2015 16:57:09 +0700

Raw message 

Hi Brett

There is already a squid proxy in Grase. Looking at
http://stackoverflow.com/questions/19199424/squid-forward-to-another-proxy-with-authentication-details-for-the-parent-prox
you should be able to get it to use the upstream proxy with
authentication.

However, this will only work for port 80 traffic (HTTP).

If you are needing to proxy other ports, I'm not sure it'll work. I'm
assuming it's a SOCKS proxy? In this case, you tell the proxy which
hostname you wish to connect to. This isn't something that we know for
non HTTP traffic. Another way of putting it, you can't have a
transparent SOCKS proxy (at least, no way that I know of). You'll need
to find a way to have the Grase server given access without going
through the proxy as a SOCKS proxy.

Regards

Tim

On Wed, Aug 5, 2015 at 10:05 AM, Brett <02***5@melba.vic.edu.au> wrote:
> Hi
>
> Have just set up 3.8 on Ubuntu 12.x (decided to try it this way first rather
> than install 14+). Works great however as a school we have an issue we need
> to solve. We are using it to allow students to connect to a Meraki based MDM
> and configure their own wireless. So certainly students can connect to the
> Grase Hotspot server and login but cannot access the wider internet as we
> are behind a proxy.
>
> Our schools proxy setup for general student use is an ISA box which requires
> authentication. We also have access to an external proxy provided by the isp
> (netspace) which requires special authorization (ie credentials which are
> manually entered and not for public release)
>
> I can get a student iPad without a problem to locate the landing page and
> login, however to proceed further students would have to go into the
> settings for the wireless network point, add an IP for the proxy and a port
> and then add in their network credentials to connect to the Meraki MDM and
> install certs and profiles. They would then need to disable this proxy setup
> and return to the http:/logout page to logout. You can see this would be a
> problematic procedure for students as a self service connection system.
>
> So my question is there anyway to connect the hotspot internet via our proxy
> so that it is transparent to students but credentials are stored on the
> server running Grase?(and not exposed to students)
>
>  I'd hoped that Grase might pick up system wide proxies set as an
> environment variable but it seems not so. Really keen for some help as we
> have come this far and the kiosk appears otherwise to do precisely what we
> need (thank you!!)
>
> TIA Brett
>
> --
> This mailing list is for the Grase Hotspot Project http://grasehotspot.org
> ---
> You received this message because you are subscribed to the Google Groups
> "Grase Hotspot" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to gr***e@grasehotspot.org.
> To post to this group, send email to gr***t@grasehotspot.org.
> Visit this group at
> http://groups.google.com/a/grasehotspot.org/group/grase-hotspot/.
> To view this discussion on the web visit
> https://groups.google.com/a/grasehotspot.org/d/msgid/grase-hotspot/d382d1da-33a7-41e2-a106-cc38120914e7%40grasehotspot.org.

Thread