Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Users bypass squid

    Cache/Proxy
    5
    31
    4.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doktornotor Banned
      last edited by

      Yes. If you have DHCP activated, you'd have noticed that it is absolutely standard to have a default gateway configured on clients. I mean, you break the network connectivity if you don't have it configured. And no, it does not have anything in common with Squid "bypass". Not in any normal network. Yours apparently is abnormal.

      1 Reply Last reply Reply Quote 0
      • A
        atn78
        last edited by

        When I desactivated the proxy in Internet Options the squid authentification is not prompted and I have access to Internet.

        1 Reply Last reply Reply Quote 0
        • D
          doktornotor Banned
          last edited by

          Yes of course they are NOT!!! Because if you want to force people to use a proxy, you need to either make it transparent, or force it on clients via DHCP/DNS/WPAD/Group Policy and block the direct traffic. You do not force people to use a proxy by inventing broken network configuration on clients that's missing a default gateway.

          :o ::)

          1 Reply Last reply Reply Quote 0
          • A
            atn78
            last edited by

            I have activated the transparent proxy option and I still have the same problem.

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by

              As noted, you need to block IPv6 if going through Squid is a requirement. Other than that, I'd wipe everything and start from scratch, and start with fixing your completely whacky workflows. Using DHCP  and configuring clients in a way that's used by the rest of the world (which includes having a default gateway set) would be a nice start here.

              Bye.

              1 Reply Last reply Reply Quote 0
              • A
                atn78
                last edited by

                Can you tell me how to do it?

                1 Reply Last reply Reply Quote 0
                • D
                  doktornotor Banned
                  last edited by

                  There really is nothing special to do, it just works for everyone with DHCP server enabled on pfSense.

                  1 Reply Last reply Reply Quote 0
                  • A
                    atn78
                    last edited by

                    I noticed that users can bypass squid by configuring the DNS in their network interfaces.

                    1 Reply Last reply Reply Quote 0
                    • C
                      C0RR0SIVE
                      last edited by

                      Then block their ability to do so, either via a GPO, or at the firewall.  If they are actually using the proxy (either transparently, or via wpad) then regardless of their DNS settings, the proxy will serve what the PFSense DNS looks up.

                      1 Reply Last reply Reply Quote 0
                      • A
                        ast
                        last edited by

                        @doktornotor:

                        Great. Now, did you configure anything on the clients? Because, with the proxy NOT being transparent, I cannot figure out how on earth you imagine the clients to be forced to use it?!?!  (And, BTW, if going through Squid is required, you'll need to block all IPv6.)

                        I know this is already an old post, but can I ask for your assistance, how do we block all IPv6?

                        TIA!

                        ast

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.