Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to pass IPsec web traffic through squid transparent proxy

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 466 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dbx
      last edited by

      I can connect to my pfsense box via IPSec, and I can see web traffic passing through the firewall eg.

      Jun 9 10:49:38 IPsec IPSec VPN (1623091721) 10.0.101.1:52580 34.237.73.95:443 TCP:S

      I need this traffic to go through squid, so I can block unwanted websites.

      I have the squid, and squidguard packages installed, and if I set the Transparent Proxy Interface for squid to eg. the LAN interface I can see that web traffic on the LAN is being proxied through squid.

      Ive tried a few things such as NAT port forwarding to forward all HTTP and HTTPS traffic on the IPsec interface to the LAN interface, with the squid transparent proxy listening on the LAN, but this doesn't seem to pick the traffic up.

      Ive also (in a more desperate attempt) tried creating a virtual ip on the Localhost interface for 10.0.101.1 which allowed me to select that as a Transparent Proxy Interface for squid in the Squid General Settings rollout, but this just seemed to break things.

      Is there something I'm missing? I just need to be able to filter out nasty sites etc. for clients connected to pfsense via the IPsec VPN. I dont really want to have squid listening on the LAN unless its necessary to achieve that.

      Thanks

      1 Reply Last reply Reply Quote 0
      • D
        dbx
        last edited by

        This seems to be a duplicate of

        https://forum.netgate.com/topic/119105/mobile-ipsec-vpn-client-s-traffic-doesn-t-work-with-transparent-squid-ssl-proxy?_=1623401865027

        I decided to ask it again as its been nearly 4 years without an answer.

        The solution, although perhaps not ideal as its not automatic - is to supply the details of the proxy when making the connection to the VPN

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.