Mobile IPSec VPN client's traffic doesn't work with transparent squid ssl proxy
-
Hello everyone,
I am working on this problem for quite a while and couldn't find a solution. The setup is this:
•Latest pfSense 2.3.4
•squid package 0.4.37 (squidclamav-6.16 squid_radius_auth-1.10 squid-3.5.26 c-icap-modules-0.4.5)
•squidGuard 1.16.3 (squidguard-1.4_15)
•LAN 192.168.1.1/24
•IPSec 192.168.2.1/24-
I have squid fully set up and working just like charm on LAN interface with SSL man-in-the-middle transparent proxy, Root CA cert … the whole shebang...
-
I set up IPSec IKEv2 VPN tunnel that also works like a charm. Clients connect ultra fast and can access the internet.
-
In the squid ACLs I allowed the IPSec subnet to access squid
-
The VPN clients CAN access squid with SSL interception with manual proxy configuration
-
BUT I can't get them to work with transparent proxy settings :-[[/li]
I tried IP/port forwarding (Firewall -> NAT -> Portforward) the incoming IPSec traffic that has port 80/443 as destination ports to the firewall's LAN address 192.168.1.1 on squid's port 3128 and additionally added the necessary firewall rules.
This doesn't help and the VPN clients aren't routed through the squid proxy.
For test purposes the firewall rules are more or less open, so that they don't mess things up.Any help is much appreciated …. thank you guys in advance. I read so many different forum descriptions, but none worked. I hope the right pfSense super hero hears my cry for help...
-
-
Hi skymonkey,
have you already got a solution. I've the same problem.
I also use in on Win10 where I can configure a proxy. So it's still working.
What VPN clients do you use and which platform (windows, android, ios) are you using? -
This is exactly the setup I would like to configure as well.
Effectively it looks like we would need to be able to set IPSEC as the applicable interface within squid, but that doesn't seem to be an option. Has anyone else been able to get this working effectively?