RFC: OpenConnect enhancements

David Woodhouse dwmw2 at infradead.org
Mon Oct 1 03:07:01 EDT 2012

On Mon, 2012-10-01 at 07:42 +0100, David Edmondson wrote:
> > tsocks and Opera were both able to connect through the proxy, but they
> > ran their DNS lookups locally, so addressing internal hosts by name
> > was problematic.
> My own use case requires only that netcat work through the proxy, so
> I'm not familiar with those other applications. Is it a problem with
> tsocks and Opera that they do local DNS lookup or a problem with the
> proxy code?

This is perhaps an issue of SOCKS4 vs. SOCKS4A or SOCKS5.

Only SOCKS5 allows the client to ask for DNS resolution to be done by
the SOCKS server. With SOCKS4 you *only* have the option of providing a
pre-looked-up IP address.

You ought to be able to persuade clients to use SOCKS5 with server-side
DNS resolution.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6171 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20121001/c169c41d/attachment.bin>

More information about the openconnect-devel mailing list