1 | initial version |
It seems the two examples use a different TCP/MSS value. In the first (working) example, it seems to be the default 1460. In the second example, it seems to be 1320. That is probably the reason why you see the "[TCP segment of a reassembled PDU]" only in one of the two examples, although it does seem weird. Are you using the same wireshark version for viewing these two examples?
In your output, the clienthello is to the proxyip (and so was the 3-way-handshake I assume), but the serverhello/certificate/etc are directly from the server back to the client. The client will not recognize these packets as it has a connection to the proxyip, not the serverip.
I think the proxy should do source NAT for requests coming from the local network.