0

I have no clue if this is possible, yet I need to improve my server's performance.

I have an OpenVPN Server which runs on Debian 12.

I need to improve the data consumption as my clients connects to my server and then they are redirected to certain network interfaces, all of which has data limits so I need to block updates and implement a proxy cache so they won't be downloading repeated resources every time as their navigation is pretty much predictable and repetitive.

I tried installing squid and redirecting the traffic from tun0 to squid, but this will require squid to manage a self signed certificate to be able to intercept the ssl requests.

There's no problem with it, but this means I will have to give my clients the certificates so they need to import them manually.

I could do this, but I read somewhere that these certificates can be ignored by some apps (as some clients connects from their phone), so I'm lost here as this is not reliable at all.

Is there any easier way to achieve this?

Improve this question
7
  • No. If the proxy can't intercept traffic it can't cache or deny anyway. And you will probably not save anything; browsers cache aggressively already. Commented Mar 11 at 15:59
  • thanks for your input @vidarlo, but what do you mean by 'browsers cache aggressively already'? I also need to block updates by blocking some domains, etc, so is it mandatory to intercept the ssl traffic in order to block domains also? please consider some user may load an image that is 2MB, and then 30 other users will load the same image the same day. This for at least 50/100 images and will happen everyday. This is why I need the proxy cache. Commented Mar 11 at 16:15
  • I need to block updates updates for what? What path do the endpoints normally use for the updates? Commented Mar 11 at 16:44
  • @GregAskew By updates I mean, windows updates, as this has been the main source of data consumption, and block some other domains to avoid the same. I asked the users to gently stop them and many of them just forgot to do so, so I need to do this this way to avoid the data consumption. Commented Mar 11 at 16:53
  • What is the purpose of your OpenVPN server? Do you need to forward all traffic via it? If not, then add only forwarding for those networks that need to be accessed via VPN. Commented Mar 11 at 17:10

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.