Squid Configuration Problem



  • Hi all,

    New to pfsense/squid.

    I have 3 interfaces:
    LAN
    WAN
    EXPRESSVPN

    All lan/DNS traffic goes over my exprtessVPN OpenVPN.

    Squid configured on LAN interface and transparent interface is LAN as well.

    Everything seems to be working but when I turn Squid on, my ip address changes from the encrypted VPN wo the WAN IP. Turnn Squid Off back to the VPN IP.

    Why is Squid rerouting me over the WAN?

    Thanks for any help!
    -Gromet



  • I have the same issue.

    My default gateway on the pfsense box is to my WAN (direct DSL) interface. FIrewall rules and routing make sure specific traffic from LAN net is routed to the OpenVPN interface. So when I set my client gateway to the pfsense box, I get my VPN public IP back. When I configure the squid proxy in my browser, the external IP switches to my ISP external IP.

    I beleive I understand why this is happening, the default gateway is set to the DSL interface, direct internet connection. When traffic passes through pfsense, its picked up by the firewall rules and routing and goes out over VPN.

    When using the proxy, the traffic is sent from the browser to the pfsense box, which sends it out to the default gateway.

    I tried to fix this by making rules for traffic originating from pfsense itself, but this doesn’t work.

    I don’t want to change my default gateway.

    So my question is, what kind of rule do I configure (or maybe change squid config?) to make squid go out over VPN?

    I’ve been searching for a while now and haven’t been able to figure it out.

    Would really appreciate some help!

    Thanks!!



  • Ow I just found this:

    https://airvpn.org/topic/17444-how-to-set-up-pfsense-23-for-airvpn/?p=59572

    Basically, if he’s correct, Squid is hard programmed to use the default gateway no matter what.

    There is apparently a way, but it involves manual iptables configuration. Too involved for me.



  • pfSense doesn’t use iptables.



  • sorry Linux guy here … corrected above  8).


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy