Setup VPN with SafeSquid Web Security Client

From Secure Web Gateway
Share/Save/Bookmark
Revision as of 13:09, 27 June 2017 by Srinivas12 (talk | contribs) (Created page with " = Web security setup for roaming users with SafeSquid = SafeSquid’s web security enables remote users to connect to private computer networks to gain access to their data...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Web security setup for roaming users with SafeSquid

SafeSquid’s web security enables remote users to connect to private computer networks to gain access to their data in a secure way. The users gets authenticated from your LDAP server with IP assigned by the SafeSquid VPN server. For example, an employee traveling or working from home can use SafeSquid web security client to securely access the office network through the Internet. Instead of remotely logging on to a private network using an unencrypted and unsecure Internet connection, the use of a safesquid web security client ensures that unauthorized parties cannot access the office network and cannot intercept any of the information that is exchanged between the employee and the office network.  When client requests an webpage then request comes to the web security client installed in client machine without setting proxy settings in the browser.

Installation and activation

  • Register at self-service portal from safesquid website
  • Setup SSL certificates from self-service portal
  • Download latest ISO and deploy
  • Activate SafeSquid

Server Configuration

Client side configuration

Testing

  • Go to SafeSquid server and run the below commands:

pidof openvpn      (or)     netstat -tulnp | grep "openvpn"

  • Check openvpn logs by using below command
    • tail -F /etc/openvpn/openvpn.log
Tue Jun 27 10:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 27 10:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 TLS: soft reset sec=0 bytes=4375445/0 pkts=9481/0
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 VERIFY OK: depth=1, C=IN, L=MUMBAI, ST=MH, O=SafeSquid_Proxy_Self_Sign, OU=1846750792, CN=1846750792_SafeSquid_Proxy_Self_Sign, emailAddress=monitoring.safesquid@gmail.com
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 VERIFY OK: depth=0, C=IN, ST=MH, L=Mumbai, O=SafeSquid Labs, OU=WebSecurity, CN=Administrator@SAFESQUID.TEST
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Jun 27 11:56:31 2017 Administrator@SAFESQUID.TEST/192.168.27.11:51099 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA