Squid ovpns1 int



  • Hi, I`m trying to configure openvpn users to use squidguard.
    The objective here is to once users are authenticated by openvpn, they get filtered by a profile from squidguard.

    ==
    scenario: (client to site VPN)

    sg-3100 (2.4.2, all packets lastest version) default gateway from LAN
    squid+squidguard running in explict mode (clients using PAC file).
    squid and squidguard authentication are OFF

    openvpn auth goes:

    1 - vpn user reaches vpn server (user auth+ssl cert) > radius(freeradius3 built in Pfsense)
    2 - client specific override getting him a static IP based on his name.

    So now we have a openvpn user with a static IP address that we can use in firewall rules, and i want to use inside squidguard too.

    The problems im currently facing is:

    Squid configuration doesn`t show openvpn interface, so i can set it to listen on it (shows only my vlans and wan).
    Is there somehow to make squid to listen on openvpn interface (ovpns1) too?



  • interfaces/assign, add the ovpns1 as a pfSense interface like OPT123, enable it, after that is will probably show up on squid.. and firewall rules can be managed separately..



  • Hi, thanks for answering, however it didn`t work as expected.

    By doing that, I got two openvpn interface tabs for firewall rules (OpenVPN tab created during OpenVPN setup and a OPT interface just created as you mentioned), and VPN traffic starts to get dropped by Firewall, even with permit IP any any in both tabs.

    Did i miss something?



  • It worked, thanks a lot.
    It`s perfect, working in explict or transparent mode.

    Best regards



  • might try to restart the openvpn service.?. other than that it 'should work' at least for the regular traffic.. (i never tried together with squid for the vpn..)

    Edit:
    ah it works.? great :)


Log in to reply