R
R
Roman Kulakovich2015-09-30 08:07:33
Skype
Roman Kulakovich, 2015-09-30 08:07:33

Squid3 + their certificates for https + Skype =?

Good time of the day. Can't force Skype to log in. Help with advice, what am I missing?

I use:
pfSense 2.2.1-RELEASE (amd64) FreeBSD 10.1-RELEASE-p6
squid3 v0.3.4 HTTPs

filtering through its certificates is configured, Squid works like clockwork, there are no complaints about its work. In addition to it, I installed SquidGuard, similarly, there are no problems with surfing the Internet. Video, music is blocked. Sites that interfere with work no longer distract users from work. But in the case of Skype, everything is bad. If you turn off https filtering, then authorization passes.

I assume Skype uses its own certificates to connect to the server, and ignores those in "trusted CAs". Am I correct in my guess and how can I solve this problem? Do not let everyone who uses Skype past the proxy ...

Answer the question

In order to leave comments, you need to log in

3 answer(s)
N
Nikolai Chuprina, 2016-03-24
@Wernisag

If you're filtering HTTPS sites through Squid, then Peek and Splice probably won't help!
You don't know in advance which servers Skype connects to - and the list of its servers doesn't exist as such, because it's P2P.
I found a solution for myself on pfSense - installing 3proxy and then setting up Skype clients on it.
While I'm testing - on several machines Skype through 3proxy works without problems.
Thus, you will not lose the ability to filter HTTPS sites and Skype will go through a separate channel. Unfortunately, I didn’t write down how to install 3proxy, you yourself will have to restore the information.

D
Dmitry Lebedev, 2015-09-30
@k3NGuru

Here is a checkmark for 80 and 443 ports?
https://yadi.sk/i/Pgk43gP9jQvNp

N
Nikita Parfenovich, 2015-11-20
@nagibat0r

And you try to go to google mail. Come in? No))) That's why Skype is not authorized. You have MITM, which is not allowed on resources such as Skype, personal mail, etc. Smoke the Peek and splice theme without certificate spoofing.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question