Transparent proxy ssl and skype

Hello again guys! How do I manage to make skype working with transparent ssl proxy setup? Thank you

Your question implies that transparent ssl proxy breaks skype. I vaguely recall testing it in the past without issues, but things may have changed meantime.

Could you try to exclude skype from ssl?

config setprop squid SSLBypass skype.com
signal-event nethserver-squid-update

where do I put these commands ? squid.conf ? or straight into server ssh?

Run from CLI on NS.

1 Like

thanks

1 Like

Tried those commands, still no luck coneccting into skype. How do I troubleshoot the problem?

Don’t know the solution but this should help to figure it out:

1 Like

Please let us know if it has worked out well, we need to document it.

Hi everybody, I’m having the same issue. My transparent proxy works very good, of course there are some address that I need to exclude manually but I often do that without problems. Skype is something that I cannot solve, I’ve tried to put in proxy exclusion all the ip addresses found in /var/log/squid/access.log but it does not work. It seems that there are other ip calls which are not included in the access.log file. How can I find those Ip? Do you have alternative workaround for letting skype to work correctly (It connects but messages keeps sending without success). I’ve also tried the SSLbypass, but it does not work…

Hi @Matteo_Contoli ,
I found another forum where they talked about this same problem.

If I understand it, the proxy must be excluded IP and not only the host name (skype.com).

In tread solved by excluding the following IP:

23.73.247.53
23.2.99.20
23.11.250.157

I have no way to test, but I hope it can help you.:wink:

I’ve tried but it does not work…

u need socks for skype to work in proxy environment

Do u mean I need to configure my proxy in skype’s settings (socks) or what?

Hi Guys. Still working on this issue without success. I see that in the “advanced options” of the proxy, there is a “second level proxy” to configure. What is that? Can i use this setting as a workaround for letting skype to connect and send messages in my environment with transparent SSL proxy?

No, that option is used when you have multiple proxy levels on you network.
More info here:

Gosh!!! Until now the only way I found to make skype working is to install super older client 6.1. It connects and sends messages without problems. ALL the next versions can connect and send messages only to local clients in my company, but cannot send to external contacts (messages keep sending but not delivered). And the latest client version does not connect at all. How can I find those SSL addresses used for the connection? In /var/log/squid/access.log I did not find a useful IP range address.

You could use tcpdump, but proxying SSL in transparent mode goes against the RFC’s.
Skype gets updated every week (windows version) while the Mac and Linux versions don’t, so I don’t use it and don’t recommend to anyone caring about privacy.

Hth,

Best regards

Hi, I’m still here, I would like to solve this issue if possible. If I put my PC in the “hosts without proxy” it connects without problems. So the issue is only related to squid. In the access.log I cannot find the ip addresses to exclude for letting skype to connect. I’ve tryed all of them without success. Is there any other tool I can use to see what calls are made from the skype client? I only need to find those IP classess…

Transparent Proxy with SSL also for me not working very well. I am on 7.2 RC 1. I try to use the Squid Proxy with transparent SSL. I installed the Certificates etc. But per example the Whatsapp WebClient dont work and also my Home Alarm System dont get a Connection. I also wrote the Address in the SSL bypass acl etc. But still not working. Also the Windows Updates not functional… Would be great to find a solution…

i have same problem with skype and ssl