I have:
- VPN server (SoftEther), to which I connected.
- IP Tables rules to send all traffic from VPN to Proxy server.
- Proxy server (Java). I use LittleProxy https://github.com/adamfisk/LittleProxy. It doesn't intercept HTTPS traffic.
All these items connected like this:
VPN client ===> VPN server ===> Proxy server ===> Intenet
HTTP traffic works fine, but HTTPS doesn't.
When I try to go to https://google.com, I see an error in Chrome:
This site can't provide a secure connection
When I connect browser directly to the Proxy server - HTTPS works fine
When I connect only to VPN server - HTTPS works fine.
The same problem appears, if I switch VPN to OpenVPN.
After sniffing traffic I identified that HTTPS requests are trying to go via HTTP protocol to HTTPS address. It seems to be some issues with redirect, since when I just go to www.google.com, after 2 redirects (generated by google) I am able to reach google via https, but when I enter https://google.com - error.
In Wireshark I got 400 error:
Expert Info (Warning/Security): Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.
My IP Tables rules:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- ip-192-168-200-0.ec2.internal/24 anywhere tcp dpt:http to:172.31.64.145:9090
DNAT tcp -- ip-192-168-200-0.ec2.internal/24 anywhere tcp dpt:https to:172.31.64.145:9090
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- ip-192-168-200-0.ec2.internal/24 anywhere
MASQUERADE all -- ip-192-168-200-0.ec2.internal anywhere
Where 172.31.64.145:9090 - IP of Proxy server.
VPN server and Proxy servers run on the same AWS instance.
