Proxies as VPN?



  • Hi

    What do you think about
    Proxies as VPN

    Especially squid proxy? is it a good practice instead of VPN server/client



  • @emad-r Two completely different solutions for different uses. Or are you thinking about it for privacy issues?



  • @pete-s said in Proxies as VPN?:

    @emad-r Two completely different solutions for different uses.

    This.



  • I don't really understand the question. A proxy and a VPN serve different purposes. Proxies are not for transmission security nor LAN expose. VPN is assumed to be about LAN extension with a secure wrapper. I can't think of a case where the two could overlap.

    What use case are you envisioning?



  • maybe personal VPN, like those VPN services?



  • @scottalanmiller said :

    What use case are you envisioning?

    @donahue said :

    maybe personal VPN, like those VPN services?

    That's why I said:

    Or are you thinking about it for privacy issues?

    To be able to hide your IP and circumvent geoblocking you could for instance use a VPN service or a http proxy service or something else like a ssh tunnel or whatnot.
    That could be the use case.



  • @emad-r

    They are using reverse proxy squid on a PFsense router as VPN. or to access company resources.

    For example, I think they made LAN 7.7.7.* and put company resource like http://web/company
    and only 7.7.7.* can access it in the config on PFsense.

    It does not work 100% of course. As you can bypass it if you do http://web/company?32141 and access it from WAN



  • @emad-r said in Proxies as VPN?:

    @emad-r

    They are using reverse proxy squid on a PFsense router as VPN. or to access company resources.

    For example, I think they made LAN 7.7.7.* and put company resource like http://web/company
    and only 7.7.7.* can access it in the config on PFsense.

    It does not work 100% of course. As you can bypass it if you do http://web/company?32141 and access it from WAN

    So you will need a Firewall Access Rule then, just allow that network to access that site from their WAN Connection, no need of Proxy or VPN. Just limit the site access.



  • @emad-r said in Proxies as VPN?:

    @emad-r

    They are using reverse proxy squid on a PFsense router as VPN. or to access company resources.

    For example, I think they made LAN 7.7.7.* and put company resource like http://web/company
    and only 7.7.7.* can access it in the config on PFsense.

    It does not work 100% of course. As you can bypass it if you do http://web/company?32141 and access it from WAN

    That works only if the resources are web only. In which case, a VPN was never appropriate in the first place. So in this case, a VPN would actually allow you to access unpublished web resources. But the reverse proxy will publish them.

    Now the presumed difference to most people is that the VPN will add a layer or protection in the form of authentication, and the proxy will not. This is not correct, however, because you can add that to the proxy, too.

    So, in reality, you are correct, in this specific case, the reverse proxy is actually making a VPN for just those specific web resources. It's a special case VPN, assuming you are using it as an SSL point.


Log in to reply