Combo squid + OVPN routing question
-
So Ive got multiple LANs, a "secure" one and and insecure one for IOT. For the secure lan I have a port natted connection to the WAN. This secure lan also has a squid transparent proxy set up for a few of the clients on that secure lan to use that also get sent out that port natted WAN . The insecure/IOT lan routes out to the internet via a port natted OVPN connection; this is done by an inbound route on that insecure lan interface to route all inbound traffic out to a GW I have set up on that OVPN connection, where that OVPN connection also has an interface assigned to it. Things are great.
Except now I have a requirement for one of these secure lan devices that uses the proxy, to have certain destinations also to be routed out that OVPN connection.
Is this possible?
-
I have not seen that work. It's relatively easy to set the interface Squid uses for outbound connections.
It should be possible to set outbound connections based on inbound ACLs in squid but I've never actually seen that work as expected. YMMV!Steve
-
OK I think this is probably my best bet for now - Ive changed the proxy's outbound interface to my cyberghost interface but then proxy users cannot get out to the internet. I thought it may be b/c those connections arent getting NATted like I had to set up for users of that insecure/iot lan. So I made a duplicate NAT rule and then changed the source to be "this firewall" but then those proxy users still couldnt get out.
What else am I missing here? I cant think of what it may be?
-
Traffic from the proxy should not be NAT'd outbound. It uses the the OpenVPN interface IP dircetly, no need to NAT anything.
-
ah it was a dumb mistake. I took that NAT out, and then realized on my client it was set for socks not https and now im in business, thanks!!
