Re: Questions on Polipo capabilities and potential capabilities

privacy-ecosystem.com WebMaster wrote:
> Thank you David and Juliusz.
> 
> (1) The problem with using cron to kill the polipo instance on the Linux
> server is that it is too crude.  I need a more graceful way of telling the
> user that the proxy is no longer functioning.  Ideally the user should be
> taken to a URL in this case, perhaps one defined in the config file or on
> the startup command line.

The timing could still be handled by cron, even if you do end up 
changing Polipo. There's just no good reason to rewrite cron inside Polipo.

One possibility would be to run an extremely lightweight webserver on a 
different port. Then, just before you kill Polipo, create a firewall 
rule to redirect Polipo traffic to this webserver. Drop that rule just 
after you start Polipo again.

> (3) We cannot rely on the user to disable Javascript.  We are working on
> hosting polipo and Tor together for users who do not, or cannot, deal with
> this themselves.

But they can set up VPN software and a proxy address? And possibly a 
firewall?

(I actually don't know where the logic you're looking for resides. I'm 
not actually trying to be unhelpful, I'm just telling you what I know.)

> (5) Stunnel might work - we're going to put it through some tests.  OpenVPN
> looks good in many ways, but we cannot get the redirect gateway and iptables
> functionality to work together as it is supposed to - it might be an issue
> with our Windows client router.

It's possible you're trying to do too much -- as I said, you probably 
don't want to try to force everything to be routed through the VPN. 
Rather, you'd manually set the proxy address to be the VPN IP.

> On the other hand, being able to control
> which ports and apps use stunnel might give us a granularity that I cannot
> see can be done with OpenVPN.

Couldn't it be done easily with OpenVPN + some firewall rules? I don't 
see how stunnel helps here...

> Stunnel would hopefully provide our users
> with security from the client to our server.

Oh -- another nice thing about stunnel is, I believe clients do support 
SSL for proxy connections, and they certainly support it for other 
things (like email, straight web, etc)...

OpenVPN would require your users to download and configure some 
software. Stunnel only requires them to configure the software they 
already have.

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV