The Novell SSL VPN can be configured to detect and connect to forward proxy in both Kiosk as well as Enterprise modes after authenticating to the Identity server. To establish the SSL VPN connection through forward proxy, you can either configure the browser or create a proxy.conf file in the user’s home directory. This file must contain the IP address and the port number of the forward proxy in the following format:
proxyHost=<IPaddress>:<port number>
For example: proxyHost=172.10.0.0:8080
NOTE:If you want to establish the SSL VPN connection in the Enterprise mode through forward proxy, the server must be listening on the TCP port and not on the UDP port.
When a user initiates a connection to SSL VPN server through a browser:
SSL VPN checks if the browser uses a proxy.
If yes, SSL VPN checks for the proxy configuration file proxy.conf in the user’s home directory. The proxy.conf file must have the IP address and the port number of the forward proxy entered in the following format:
If a proxy configuration file is present, the following occurs:
It checks for the format of the file. If the information provided in the file is not in the correct format, then SSL VPN proceeds with Step 4.
If the configuration information provided is in the correct format, SSL VPN reads the proxy information from the proxy.conf file, then proceeds with Step 6.
If the proxy configuration file is not present, SSL VPN checks for proxy configuration information from the browser registry or profile.
If SSL VPN is unable to get the proxy configuration information either through the proxy.conf file or through the registry, it throws an error asking the user to edit the proxy.conf and terminates the connection process.
SSL VPN reads the proxy configuration information and attempts to connect to the resource without the proxy. If this attempt fails, then the SSL VPN connection is made through the forward proxy.
NOTE:If authentication is enabled in forward proxy, SSL VPN in Kiosk mode will not be able to connect through forward proxy. But you can establish SSL VPN connection in Enterprise mode through forward proxy if the authentication method used is basic or NTLM. For more information on how to connect to forward proxy with authentication, see Section 21.2.1, Connecting to Forward Proxy with Authentication in Enterprise Mode. We do not recommend this method as you need to specify the credentials of forward proxy in the configuration file and this might be a security vulnerability.
To connect to forward proxy with authentication enabled, you must create an authentication file and save the username and password of the forward proxy. The proxy.conf file is then updated with the name of this authentication file.
NOTE:This procedure works in Linux and Macintosh environments only.
Create an authentication file with the username and password in the following format:
<username> <password>
Save the file in the <name>.auth format.
Replace <name> with a file name of your choice.
Modify the proxy.conf file as follows:
proxyHost=<IPaddress>:<port number> <authfile> <auth-method>
Replace <authfile> with the name and the path to the authentication file and replace <auth-method> with the authentication method.
For example, proxyHost=172.10.0.0:8080 c:\abc.auth basic
Save the proxy.conf file.