Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

More than just O365 #1

Open
rwahyudi opened this issue Mar 27, 2020 · 7 comments
Open

More than just O365 #1

rwahyudi opened this issue Mar 27, 2020 · 7 comments
Assignees
@f5regan

Comments

@rwahyudi
Copy link

Great script!!

Should call this script a split tunnel manager since it does a bit more than just Office365.
It will be good we can add custom URL ie :
https://assets.zoom.us/docs/ipranges/Zoom.txt
@f5regan f5regan self-assigned this Mar 27, 2020
@f5regan
Copy link
Owner

f5regan commented Mar 27, 2020

Thanks, @rwahyudi ! I appreciate your feedback and wanted to let you know that I'm already working on the next version which will add support for Zoom endpoints. Thanks for providing the Zoom feed! In the meantime, you can manually load the Zoom endpoints in to the "additional_urls" and "additional_ipv4" lists.

@tgnelson
Copy link

tgnelson commented Mar 9, 2021

@f5regan do you know when/if the new version would be released? This would be extremely helpful to pull the list of Zoom IP addresses from a URL.

@f5regan
Copy link
Owner

f5regan commented Mar 10, 2021

Sorry, forgot to circle back on this. Unfortunately the implementation of Python (2.7.5) available on BIG-IP doesn't support SNI in httplib and additional modules would need to be installed for it to work in requests. I looked at this a while back and Zoom as well as one other provider (WebEx?) maintain their lists on CDNs that require an SNI in the ClientHello. I'm working on changing the way in which the lists are fetched but it will likely mean a considerable redesign to the current implementation of the script. I'm aiming to have something available by the end of the month.

@tgnelson
Copy link

tgnelson commented Apr 7, 2021

@f5regan - Do you have any progress updates on this implementation?

@f5regan
Copy link
Owner

f5regan commented Apr 8, 2021

Hi @tgnelson, all I can say is it is in progress (maybe 30% complete). I haven't had as much time to work on this as I had thought I would over the last month. My goal is to get this out ASAP but unfortunately I can't provide an updated release date at this time due as I have a number of things on my plate right now.

@JonathanFickF5
Copy link

JonathanFickF5 commented Jun 30, 2021
edited
Loading

Perhaps it's possible to avoid a rewrite. I think this could be simplified in the interim with a local or internal virtual server taking care of the SNI legwork. You would call that VS by IP or internal hostname, and it would rewrite SNI and host header as needed.

I put together a quick PoC of how this might work here (untested). See inline comments for details.:
JonathanFickF5 - sni-proxy_assets.zoom.us

@rwahyudi
Copy link
Author

rwahyudi commented Jul 1, 2021

Might be easier to use system curl?

import os result = os.popen("curl -qs https://assets.zoom.us/docs/ipranges/Zoom.txt").read() print result

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@f5regan f5regan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@rwahyudi @tgnelson @f5regan @JonathanFickF5