[opensource-dev] Blocked
Dave Booth
dave at meadowlakearts.com
Sat Jul 16 09:41:13 PDT 2011
On 7/15/2011 2:44 AM, Lance Corrimal wrote:
>
> how does that works in a http-proxy-only network?
>
if it's locked down that tight, with only http connections allowed
outbound and all those forced to go via proxy then of course it doesnt.
But all you need is ONE outbound service that can avoid the proxy - I've
had best results setting the vpn endpoint to use the https port, but if
necessary, all you need is outbound ssh whether its proxied or not - you
can "add a layer" and tunnel a ssl-based vpn over that. I know
"tunneling a tunnel" isnt exactly best practice, and theoretically you
could just tunnel the SL ports with ssh alone but the advantage of using
a vpn is that it appears as a separate network interface to the local
machine and it's therefore easier to route the LL public subnets traffic
through it reliably. It's always easier to poke holes in a firewall or
proxy from the inside out, they are designed to prevent unpleasantness
coming the other way :)
More information about the opensource-dev
mailing list