I have just recently purchased a laptop and am preparing to take my first trip with it. During the trip I plan to use public wifi hotspots to do my web browsing and it is critical that this traffic be secured for obvious reasons. Currently, I have succeeded in setting up an encrypted VPN between my laptop (vista + kubuntu) and one of my home computers (centos). I have also successfully setup Squid on the centos box to allow my laptop to connect securely to the internet through the encrypted VPN and my home internet connection.
I am fairly certain that I have done this all correctly and my laptop should have nearly the same level of security that I would have if I were browsing from my home network. If I'm wrong in this assumption please let me know.
My next question regards https/ssl; There are some sites I would like to connect to using https to encrypt the connection between my Squid proxy server and the remote web server. My Squid is setup using the default configuration (except that my laptop's IP is allowed to use it) and my firefox browser is set to use the VPN address and Squid HTTP port (3128) for all protocals (HTTP, SSL, FTP, Gopher and SOCKS). If I type
https://website.com/ into my browser everthing *appears* to work fine without furthur customization to any configuration. My question is this, is Squid using HTTPS for the connection to the remote web server or is HTTPS only being used for connecting to the proxy server and then regular HTTP for the connection to the remote server? Is it necessary to put the Squid HTTPS port into the Firefox port box for SSL Proxy or can I use the HTTP port and have it automatically recognize the HTTPS part and use SSL?
If anyone sees any possible insecurities in the setup I have described above please let me know. Also, if you have time and the necessary knowledge I was wondering if anyone could enlighten me on the advantages/disadvantages of using an SSH tunnel over a VPN for connecting to the proxy.