Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to route openvpn tunnel traffic through squid proxy server?

    Scheduled Pinned Locked Moved OpenVPN
    9 Posts 3 Posters 2.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      usus1
      last edited by usus1

      23.PNG
      hi guys.
      i have this system that i used two pfSense machine. pfSense-2 is my server and also i installed and configured squid http proxy on wan interface of this machine.
      I also configured pfsense-1 as client to site for connecting client to pfsense-1. I want to route all of client traffic through squid proxy server that installed and configued on pfSense-2. when i used ptoxy server address and port on pfSense-1 at /vpn/openvpn/client config i do not get any error but my openvpn server will disable and not working. how i can route my openvpn tunnel traffic (client traffic) through squid proxy server?

      This is my openvpn logfile :

      Aug 31 08:51:01 irpf openvpn[5453]: Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
Aug 31 08:51:01 irpf openvpn[5453]: Use --help for more information.
Aug 31 08:51:05 irpf openvpn[19782]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Aug 31 08:51:05 irpf openvpn[19782]: Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
Aug 31 08:51:05 irpf openvpn[19782]: Use --help for more information.
Aug 31 08:51:12 irpf openvpn[29258]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Aug 31 08:51:12 irpf openvpn[29258]: MANAGEMENT: CMD 'status 2'
Aug 31 08:51:13 irpf openvpn[29258]: MANAGEMENT: CMD 'quit'
Aug 31 08:51:13 irpf openvpn[29258]: MANAGEMENT: Client disconnected
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: CMD 'status 2'
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: CMD 'quit'
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: Client disconnected
      U V 2 Replies Last reply Reply Quote 0
      • U
        usus1 @usus1
        last edited by

        can anyone help me please?

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @usus1
          last edited by

          @usus1 said in how to route openvpn tunnel traffic through squid proxy server?:

          699e4fa0-55ce-41eb-8083-63a99e99dcec-image.png
          This setting is meant to route the OpenVPN client connection through a proxy. In this case the P2P client connection between A and B.

          @usus1 said in how to route openvpn tunnel traffic through squid proxy server?:

          I want to route all of client traffic through squid proxy server that installed and configued on pfSense-2.

          But this let me assume, you only want to route the site A access servers clients traffic through the proxy.

          Now what do you want to achieve exactly?

          U 1 Reply Last reply Reply Quote 0
          • U
            umm12 @viragomann
            last edited by

            @viragomann
            I think the goal is to get user traffic from pf-2 out of the proxy tunnel so that the proxy can insert its own header on packet. Is this possible? How about?

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @umm12
              last edited by

              @umm12
              Should be possible.

              Is your P2P VPN between pf1 and 2 configured properly already, so that access server clients can access local networks at site 2? Presumed you have already removed the IP from the proxy box.
              If so, you should only have to add the proxy IP to the Remote networks on pf1 to direct the traffic over the tunnel.

              U 1 Reply Last reply Reply Quote 1
              • U
                umm12 @viragomann
                last edited by umm12

                @viragomann
                hi my friend.
                i want to route my openvpn traffic through squid proxy server on pf-2.
                also our information is:
                pf-1 ip : 100.2.21.5 (as client in site to site and server as client to site configuration)
                pf-2 ip: 25.61.25.32 (as server in site to site configuration)
                my proxy server: 25.64.25.32:6000
                how i can add this as remote ip in pf-1?

                V 1 Reply Last reply Reply Quote 0
                • V
                  viragomann @umm12
                  last edited by

                  @umm12 said in how to route openvpn tunnel traffic through squid proxy server?:

                  my proxy server: 25.64.25.32:6000
                  how i can add this as remote ip in pf-1?

                  As mentioned, you should only have to add that IP to the remote networks in the p1 clients settings.

                  Okay forgotten: you have to direct the vpn clients traffic to this IP by policy routing on the incoming interface.

                  U 1 Reply Last reply Reply Quote 0
                  • U
                    umm12 @viragomann
                    last edited by

                    @viragomann said in how to route openvpn tunnel traffic through squid proxy server?:

                    As mentioned, you should only have to add that IP to the remote networks in the p1 clients settings.

                    but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1???

                    Okay forgotten: you have to direct the vpn clients traffic to this IP by policy routing on the incoming interface.

                    I dont understand this. Can you explain this more?

                    V 1 Reply Last reply Reply Quote 0
                    • V
                      viragomann @umm12
                      last edited by

                      @umm12 said in how to route openvpn tunnel traffic through squid proxy server?:

                      but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1???

                      So you want to use the proxy in transparent mode, but on port 6000?
                      I‘m not really family with proxying, but don’t think it can work this way. Maybe it does when you forward the traffic to port 6000 on pf1.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.