[VPN] Managing browser proxy settings on VPN client
Watson, Travis
Travis.Watson at Honeywell.com
Mon Jul 28 21:14:23 EDT 2003
Cool! Thanks, Volker.
--Travis
-----Original Message-----
From: Volker Tanger [mailto:volker.tanger at discon.de]
Sent: Friday, July 25, 2003 1:28 AM
To: Watson, Travis
Cc: DShaw at exceed.com.au; vpn at lists.shmoo.com
Subject: Re: [VPN] Managing browser proxy settings on VPN client
Greetings!
On Tue, 22 Jul 2003 09:31:45 -0700 "Watson, Travis"
<Travis.Watson at Honeywell.com> wrote:
> There is no real way to do it unless your users are all doing dial-up.
> For IPSec--particularly broadband--users will either have to use two
> different browsers or manually toggle it on or off
You can provide a special (reduced) PAC config file for the browser
(http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/proxy-live.html)
which usually is called "proxy automation" and is used for the CARP
protocol (http://www.linofee.org/~elkner/da/mmb99/7/CarpSpec.html) as
well as for client-based http routing, load balancing and failover.
An example for your setup would look approximately like
function FindProxyForURL(url, host)
{
return "PROXY proxy.example.com:3128; DIRECT";
}
with which the browser first will try to contact the proxy (change the
example given to your setup). (Only) If a connect to the proxy fails, it
will fall back to the next option - direct (proxy-less) connection. You
will need to provide the file locally, though.
Worked successfully and reliably for a big international company.
Microsoft systems (MS-Proxy 2.0, IE 4.0) had a few issues with the CARP
protocol (which is designed by Microsoft, btw.) back then, but Netscape
(proxy and browser) worked flawlessly:
- MS-Proxy array died when its master died (lame workaround(s):
NetBIOS name round-robin for the array name + DNS round robin
as returned last-resort proxy entry)
- sometimes the IE browser was stuck when it reached the last
proxy on the returned list and did not try from the beginning
of that list. Seems to be a cacheing problem (semi-reliable
workaround: repeat the first entry again as very last one).
I don't know wether that's still a problem with IE 5.x/6.0 and MS-ISA,
but chances are good, I fear. Despite working in MS's own labs with
their specialists, these issues never were resolved...
Bye
Volker Tanger
--
ITK-Security
discon gmbh
DeTeWe AG & Co. KG
Fon +49 30 6104-3307
Fax +49 30 6104-3435
http://www.detewe.de/
_______________________________________________
VPN mailing list
VPN at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
More information about the VPN
mailing list