[brlug-general] SSL VPN

Tue Nov 11 13:19:30 2003 

Thanks Scott, exactly what i'm looking for.  I'll test it out tonight.

ray


On Tue, 11 Nov 2003, Scott Harney wrote:

> -ray <[EMAIL PROTECTED]> writes:
> 
> I do this with apache now.  mod_proxy is your friend.  Looks something
> like this in httpd.conf:
> 
> NameVirtualHost 1.2.3.4
> 
> <VirtualHost 1.2.3.4:443>
>    ServerAdmin [EMAIL PROTECTED]
>    ServerName scottharney.com
>    ProxyPass / http://scottharney.com/
>    ProxyPassReverse / http://scottharney.com/
>    ErrorLog /var/log/apache/scottharney.com/error_log
>    TransferLog /var/log/apache/scottharney.com/access_log
>    SSLEngine On
>    SSLCertificateFile /etc/apache/scottharney.com.crt
>    SSLCertificateKeyFile /etc/apache/scottharney.com.key
> </VirtualHost>
> 
> DNS needs to be setup behind the proxy/firewall as well so
> "scottharney.com" resolves to an internal IP or you can just use
> internal IP address in your "ProxyPass*" directives.  I can (and do)
> have multiple devices and domains behind the single apache mod_proxy
> instance.  The machines behind the proxy do not have to be running
> apache -- they only need speak http.
> 
> > All,
> >
> > I'm looking to do sort of a reverse SSL proxy/VPN.  We have some HVAC 
> > devices on campus that speak HTTP to monitor/control A/C systems.  The SSL 
> > add-on for these devices is extremely expensive... almost $10k.  I'd like 
> > to setup a proxy/redirector on a private VLAN with the device, so it's 
> > setup like this:
> >
> > client --HTTPS--> proxy --HTTP/VLAN--> device
> >
> > Suggestions?  Don't wany any setup on the client, which rules out ssh
> > tunneling or a "real" VPN.  I'm thinking LVS, or Squid.  Or maybe there's
> > an Apache module to do this.  Anyone do this before?
> >
> > ray
> > -- 
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> > Ray DeJean                                           http://www.r-a-y.org
> > Systems Engineer                    Southeastern Louisiana University
> > IBM Certified Specialist          AIX Administration, AIX Support
> > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> >
> >
> >
> > _______________________________________________
> > General mailing list
> > [email protected]
> > http://brlug.net/mailman/listinfo/general_brlug.net
> >
> 
> 

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Ray DeJean                                       http://www.r-a-y.org
Systems Engineer                    Southeastern Louisiana University
IBM Certified Specialist              AIX Administration, AIX Support
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Reply via email to