4.3 Configuring SSL VPN to Connect through a Forward Proxy

The Novell SSL VPN can be configured to detect and connect through a forward proxy in both Kiosk and Enterprise modes after authenticating to the Identity Server. To establish the SSL VPN connection through a forward proxy, you can either configure the browser or create a proxy.conf file in the user’s home directory. You must also ensure that the SSL VPN server is listening on the TCP port and not on the UDP port.

NOTE:The SSL VPN client ignores the use of dynamic proxy configuration either by assigning a proxy.pac JavaScript to the browser client or by using the WPAD protocol. In such a scenario, use the proxy.conf file.

4.3.1 Understanding How SSL VPN Connects through a Forward Proxy

When a user initiates a connection to the SSL VPN server through a browser, SSL VPN uses the following process to connect:

  1. SSL VPN checks to see if the browser is configured to use a proxy.

  2. If it is, SSL VPN checks for the proxy.conf file in the user’s home directory.

  3. If a proxy configuration file is present, the following occurs:

    • SSL VPN checks for the format of the file. If the information provided in the file is not in the correct format, SSL VPN proceeds with Step 4.

    • If the configuration information is in the correct format, SSL VPN reads the proxy information from the proxy.conf file, then proceeds with Step 6.

  4. If the proxy configuration file is not present or if the information is not in the correct format, SSL VPN checks for proxy configuration information from the browser registry or profile.

  5. If SSL VPN is unable to get the proxy configuration information either through the proxy.conf file or through the registry, it throws an error asking the user to edit the proxy.conf and tries to establish a direct connection.

  6. SSL VPN reads the connection order information in the configuration file and connects either directly or through the proxy.

4.3.2 Creating the proxy.conf File

  1. Create a text file and save it as proxy.conf in the following location:

    • C:\Documents and Settings\<username> in Windows.

    • /home/<username> in Linux.

    • $home/ in Macintosh.

  2. Specify the IP address and the port number of the forward proxy in the following format:

    proxyHost=<IPaddress>:<port number>

    For example,

  3. Add one of the following lines to specify the connection order:

    • To configure SSL VPN to connect through the proxy first, specify ConnectionOrder=direct:proxy

    • To configure SSL VPN to try a direct connection, specify ConnectionOrder=proxy:direct

    If the connection order is not specified in the configuration file, SSL VPN connects directly without the proxy.

  4. (Optional) If the Basic authentication method is used for the forward proxy, SSL VPN can connect in Kiosk mode as well as Enterprise mode. To enable SSL VPN connection when authentication is enabled, specify the username and password of the forward proxy administrator in the following format:


    This is not a recommended method because you need to specify the credentials of the forward proxy in the configuration file and this might be a security vulnerability.

  5. Save and close the file.

NOTE:The ActiveX component on Windows 7 is not detected through forward proxy. For more information on this issue, see Section A.21, On Windows XP and 7, ActiveX Loading takes more than three minutes to connect to the SSL VPN