How to use netconf-console with a network proxy?

looyo · January 27, 2022, 8:25am

mvf · January 27, 2022, 12:54pm

It depends on what you mean by “network proxy”. If it is a web proxy, I don’t think you can make it work; if it is a jump server with SSH access, you can use netconf-console from there or you can open a SSH tunnel from your local machine to the jump server. If it is something else, we may need to know more.

looyo · January 27, 2022, 2:37pm

It is a web proxy in my compay.

mvf · January 27, 2022, 4:00pm

Pure web proxies forward only HTTP traffic, so I’m afraid netconf-console (and NETCONF in general) cannot be used. But if you really need to access a ConfD instance through that proxy, you should have some luck using RESTCONF and tools like curl or wget.

looyo · January 28, 2022, 12:29am

Sorry，my proxy serves for http，https，ftp、sock5.

mvf · January 28, 2022, 10:04am

That is better, SOCKS proxy can be used. netconf-console itself cannot use the proxy directly, nor it is able to use a proxy command in the style of ssh’s -o ProxyCommand, but you can open a simple tunnel using other tools, such as socat:

$ socat TCP4-LISTEN:2022,fork SOCKS4:<proxyhost>:<confdhost>:2022,socksport=<socksport>

This opens the local port 2022 and forwards any connection over a SOCKS proxy running on <proxyhost>:<socksport> to <confdhost>:2022 (this assumes the default port setup; if your ConfD is configured to expect NETCONF connections e.g. on port 830, use that instead). There are many other socat options, but I believe this should work and make it possible to use netconf-console as if ConfD was running locally.