[jitsi-dev] [Feature] Auto proxy conf


#1

Hi All
I have been following this thread and as part of the IT team in a large Australian firm I can 100% agreewith Michel. All software that connects to the internet MUST use our PAC setup or there is just no connectionallowed.
I have also been asked to review software along the lines of Jitsi for a company wide communication platform.To this end, if there is no support to use our configuration setup for proxy, namely either use our pac configurationor connect to the system proxy via Internet Options.
I hope to see some forward movement in this area as the functionality to connect to multiple interfaces wouldbe a boon for our company :slight_smile:
CheersCraig


#2

Hi All

I have been following this thread and as part of the IT team in a large Australian firm I can 100% agree
with Michel. All software that connects to the internet MUST use our PAC setup or there is just no connection
allowed.

I have also been asked to review software along the lines of Jitsi for a company wide communication platform.
To this end, if there is no support to use our configuration setup for proxy, namely either use our pac configuration
or connect to the system proxy via Internet Options.

I hope to see some forward movement in this area as the functionality to connect to multiple interfaces would
be a boon for our company :slight_smile:

so if I understand correctly, in your company, you have a firewall and a proxy.
as $Paranoiac wants to log everything, every software has to tunnel all traffic via port 80 or 443 (and
that probably uses a fake certificate generator to MITM the ssl connections).

interesting concept for "internet" connection...

···

On 19 juil. 2013, at 03:38, Grail Dane <grail69@hotmail.com> wrote:

Cheers
Craig
_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#3

Hey

Hi All

I have been following this thread and as part of the IT team in a large Australian firm

Will your users configure their accounts themselves?

I can 100% agree
with Michel. All software that connects to the internet MUST use our PAC setup or there is just no connection
allowed.

I have also been asked to review software along the lines of Jitsi for a company wide communication platform.
To this end, if there is no support to use our configuration setup for proxy, namely either use our pac configuration
or connect to the system proxy via Internet Options.

I hope to see some forward movement in this area as the functionality to connect to multiple interfaces would
be a boon for our company :slight_smile:

Cheers
Craig

Ingo

-- sent from my mobile

···

Le 19.07.2013 à 03:39, "Grail Dane" <grail69@hotmail.com> a écrit :


#4

Whilst it may or may not be the best method, the point is it has been a common themein many companies that I have worked for and would seem short sighted to not support somethingwhich may make way for your software to move into a wider audience.

···

From: sxpert@sxpert.org
Date: Fri, 19 Jul 2013 07:04:40 +0200
To: dev@jitsi.org
Subject: Re: [jitsi-dev] [Feature] Auto proxy conf

On 19 juil. 2013, at 03:38, Grail Dane <grail69@hotmail.com> wrote:

> Hi All
>
> I have been following this thread and as part of the IT team in a large Australian firm I can 100% agree
> with Michel. All software that connects to the internet MUST use our PAC setup or there is just no connection
> allowed.
>
> I have also been asked to review software along the lines of Jitsi for a company wide communication platform.
> To this end, if there is no support to use our configuration setup for proxy, namely either use our pac configuration
> or connect to the system proxy via Internet Options.
>
> I hope to see some forward movement in this area as the functionality to connect to multiple interfaces would
> be a boon for our company :slight_smile:

so if I understand correctly, in your company, you have a firewall and a proxy.
as $Paranoiac wants to log everything, every software has to tunnel all traffic via port 80 or 443 (and
that probably uses a fake certificate generator to MITM the ssl connections).

interesting concept for "internet" connection...

> Cheers
> Craig
> _______________________________________________
> dev mailing list
> dev@jitsi.org
> Unsubscribe instructions and other list options:
> http://lists.jitsi.org/mailman/listinfo/dev

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#5

Whilst it may or may not be the best method, the point is it has been a
common theme
in many companies that I have worked for and would seem short sighted to

not

support something
which may make way for your software to move into a wider audience.

First of all, this is NOT ignorance. I'm trying to understand why this is
needed - as an administrator in a company that uses a proxy server.
We use Jitsi's provisioning method to deliver the accounts to users. They're
neither allowed to configure them themselves nor would the overwhelming part
of them be capable to do so. Using the provisioning system, I could easily
configure the proxy in Jitsi along with the accounts. Having said that, we
don't need the proxy for Jitsi as one of the two SIP servers is inside our
network and hence doesn't need the proxy and the other external one is
exempt from proxy requirements.

So, even if we wanted to implement support for CAP, given there's a real
necessity and not just convenience, this would be rather complex. These
files contain Javascript (in the case of Microsoft only site probably also
VBScript) and we don't have an execution engine for that.

Ingo


#6

Sorry if I came across as negative :frowning: I was not trying to say anyone was ignorant.Just caught me at a bad time as this is one of a few things I am beating my headon a wall at my company with (one of the major others is to use linux machines on the networkbut they refuse to allow the PAC file to be provided to machines)
Well I do hope it can be remedied in a future release as I am quiet fond of what Jitsi has to offerso far :slight_smile:
CheersCraig

···

From: ingo@jitsi.org
To: dev@jitsi.org
Date: Fri, 19 Jul 2013 18:23:09 +0200
Subject: Re: [jitsi-dev] [Feature] Auto proxy conf

> Whilst it may or may not be the best method, the point is it has been a
> common theme
> in many companies that I have worked for and would seem short sighted to
not
> support something
> which may make way for your software to move into a wider audience.

First of all, this is NOT ignorance. I'm trying to understand why this is
needed - as an administrator in a company that uses a proxy server.
We use Jitsi's provisioning method to deliver the accounts to users. They're
neither allowed to configure them themselves nor would the overwhelming part
of them be capable to do so. Using the provisioning system, I could easily
configure the proxy in Jitsi along with the accounts. Having said that, we
don't need the proxy for Jitsi as one of the two SIP servers is inside our
network and hence doesn't need the proxy and the other external one is
exempt from proxy requirements.

So, even if we wanted to implement support for CAP, given there's a real
necessity and not just convenience, this would be rather complex. These
files contain Javascript (in the case of Microsoft only site probably also
VBScript) and we don't have an execution engine for that.

Ingo

_______________________________________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/dev


#7

Sorry if I came across as negative :frowning: I was not trying to say anyone
was ignorant. Just caught me at a bad time as this is one of a few
things I am beating my head on a wall at my company with (one of the
major others is to use linux machines on the network but they refuse to
allow the PAC file to be provided to machines)

Huh? How can a PAC not be provided to machines? AFAIK this either in DHCP
option 252 or statically configured. Either way, you can always look at its
contents by downloading it...

Well I do hope it can be remedied in a future release as I am quiet fond

of

what Jitsi has to offer
so far :slight_smile:

I just explained why this is unlikely, even more so if we don't understand
the reason why it would be necessary.

Cheers
Craig

Ingo