Having recently watched the presentation below, I'm curious as to how to go about accomplishing allowing ULA address to access the internet via proxy. Basically the topic I was in process of researching that lead me to this video was Network Isolation. I'm wanting to make sure I understand all the options available for when it comes to network isolation.
https://www.youtube.com/watch?v=DJSuLcw7zB0I understand that some may think the idea of using a proxy to allow a ULA to browse the internet defeats the purpose of IPv6 and you are thinking that one should just assign a Global address to a host if it needs access to the internet, but I am trying to understand the concept, it's drawbacks and benefits and what is needed to accomplish such a setup.
I have always wondered about the best way to provide network isolation when it's needed when you don't want a host to have a direct connection to the internet. I am glad from the information I gathered, that Unique Local Addresses are able to be used for VPN links and to attach to networks together. I'm learning all I can about using ULA for site-to-site and road-warrior VPN. The question still remains though what proxies are available that would allow this setup to be deployed? In case of the VPN, what would be done to allow clients access to the internet over the VPN, have the VPN assign both a Global Address and a ULA?
Would I use a squid proxy server? As I understand it squid is ONLY a web proxy. If squid or any other proxy for that matter were used, how would one be able to browse https traffic? It's my understanding that when HTTPS is used, the proxy should allow a direct connection rather than proxying the connection unless the proxy is configured as a intercepting proxy that decrypts traffic and encrypts before presenting to client (Man in the Middle Attack, I know).
If you needed to proxy absolutely every piece of traffic destined for the internet from a ULA network, would squid proxy be able to accomplish this. The most common applications that I can think of that someone would want to access the internet on a isolated network are ssh, http, https, ftp, and instant messaging (yahoo, skype, etc..).