Skype not working after enable https transparent mode

Started by gladiatorf22, November 08, 2016, 04:35:57 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 08, 2016, 04:35:57 PM Last Edit: November 08, 2016, 05:01:43 PM by gladiatorf22
Dear all,

Recently i have installed opnsense, and everything is working propely ,  so i have an issue after enable https transparent mode
skype app not working.

Note:
- i have import internal-CA on all client.
- The Skype application may start up and display the main window, but it will not be able to get online, stuck with the rotating blue dot with white arrows.

How i can allow skype on OPNsense

Thank in advance...
November 08, 2016, 05:38:50 PM #1
You should look at your proxy logs (, if enabled), which should contain the error message why the connection failed.
November 08, 2016, 06:23:01 PM #2
Quote from: fabian on November 08, 2016, 05:38:50 PM
You should look at your proxy logs (, if enabled), which should contain the error message why the connection failed.

I cannot find the related error message in proxy logs



Sent from my iPhone using Tapatalk
November 08, 2016, 08:23:42 PM #3
Then you probably don't even get a TLS connection. you should check what is happening using wireshark or a similar tool.

You should especially check for segments between you and the proxy with a RST flag set and if it happens after the key exchange or if data are already sent (at least a request).
November 08, 2016, 08:50:17 PM #4
If Skype fails with transparent HTTPS while normal browsing is ok (besides the certificate swap) it probably realises the certificate offered does not match its hardwired requirements.

There is no way around this. Others will run into the same issues on any HTTPS MITM solution on every platform if that's the case.


Cheers,
Franco
November 10, 2016, 08:57:46 AM #5
thanks for all for your replay

i want to notice now i have faced another problem outlook not working also on some users but another working properly, now i have disabled HTTPS transparent mode in proxy server, and everything working without any problem, but i can not block all HTTPS traffic like Facebook website .

Any recommendation?

Thanks in advance... 
November 10, 2016, 10:03:05 AM #6
It's Microsoft doing the right thing: securing itself against MITM Attacks.

You will need to figure out which servers to exclude from the HTTPS proxying.


Cheers,
Franco
Print
Go Up Pages1
User actions