https proxy

[drew.w...@gmail.com]

Is there anyway to simulate the behavior of a https_proxy while using sshuttle? Our corporate network appears to create valid public and private IPs for a number of hostnames. The only way to get the correct private IP is to use a HTTPS_PROXY or to hardcode the IPs. Is there anyway I can send local DNS requests to the remote server and interrogate an HTTPS_PROXY on the remote side?

[Avery Pennarun]

Do you mean you want to connect to the remote ssh server using an
https proxy? Or are you already connected to the remote server and
want to reconfigure your web browser to use a proxy? If the latter,
that's a job for your web browser; maybe try restarting it to see if
its "automatic proxy configuration" does something different when the
VPN is connected.

sshuttle can capture and redirect DNS requests if you use --dns,
although nowadays some browsers try to use dns-over-https or
something, and we can't redirect that.

[Drew Wells]

I'd like the remote server to negotiate the https proxy. This way I can configure n number of clients with the same remote settings

[Avery Pennarun]

On Sun, Oct 14, 2018 at 11:57 PM Drew Wells <drew.w...@gmail.com> wrote:
> I'd like the remote server to negotiate the https proxy. This way I can configure n number of clients with the same remote settings

Well, sshuttle doesn't do that. Everybody's network is different and
there is no "standard" way to tell people about an http proxy.

I guess you can put it in a script and do whatever you want.

Avery

[Drew Wells]

Well resolving on the remote site is a solution. If it works, I've tried just tossing environment variable on the remote side but it doesn't seem to be used by the clients so that's why I ask

[Avery Pennarun]

On Mon, Oct 15, 2018 at 12:11 AM Drew Wells <drew.w...@gmail.com> wrote:
> Well resolving on the remote site is a solution. If it works, I've tried just tossing
> environment variable on the remote side but it doesn't seem to be used by
> the clients so that's why I ask

Presumably if you want an environment variable to do something, you'll
have to set it on the client side. But I don't know what you're
planning to set it to. I guess you could write a script that does
something like

proxy=$(ssh $server "cat /etc/proxyserver")
export HTTP_PROXY=...
sshuttle -r $server ...

[Drew Wells]

That's a good idea actually. I was trying to solve this on the server side but a script I can use on clients will work too. Will this affect how all clients programs resolve names? For instance would curl just start getting connections from sshuttle that were looked up by the proxy?

[Avery Pennarun]

If I believed proxies were going to work reliably in all my apps, I wouldn’t have written sshuttle in the first place. YMMV. 

--
You received this message because you are subscribed to the Google Groups "sshuttle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sshuttle+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Drew Wells]

Haha very true, unfortunately some of our systems appear to use the http proxy as a DNS server. Many groups of systems do not resolve on the intranet nameservers. Maybe if I dig more I can find the magic nameserver these proxies are using.

Thanks for building this you have significantly improved my proxy infested development environment.