Squid ovpns1 int

  • Hi, I`m trying to configure openvpn users to use squidguard.
    The objective here is to once users are authenticated by openvpn, they get filtered by a profile from squidguard.

    scenario: (client to site VPN)

    sg-3100 (2.4.2, all packets lastest version) default gateway from LAN
    squid+squidguard running in explict mode (clients using PAC file).
    squid and squidguard authentication are OFF

    openvpn auth goes:

    1 - vpn user reaches vpn server (user auth+ssl cert) > radius(freeradius3 built in Pfsense)
    2 - client specific override getting him a static IP based on his name.

    So now we have a openvpn user with a static IP address that we can use in firewall rules, and i want to use inside squidguard too.

    The problems im currently facing is:

    Squid configuration doesn`t show openvpn interface, so i can set it to listen on it (shows only my vlans and wan).
    Is there somehow to make squid to listen on openvpn interface (ovpns1) too?

  • interfaces/assign, add the ovpns1 as a pfSense interface like OPT123, enable it, after that is will probably show up on squid.. and firewall rules can be managed separately..

  • Hi, thanks for answering, however it didn`t work as expected.

    By doing that, I got two openvpn interface tabs for firewall rules (OpenVPN tab created during OpenVPN setup and a OPT interface just created as you mentioned), and VPN traffic starts to get dropped by Firewall, even with permit IP any any in both tabs.

    Did i miss something?

  • It worked, thanks a lot.
    It`s perfect, working in explict or transparent mode.

    Best regards

  • might try to restart the openvpn service.?. other than that it 'should work' at least for the regular traffic.. (i never tried together with squid for the vpn..)

    ah it works.? great :)

Log in to reply