Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Updating Squid TCP_Outgoing_Address

    Cache/Proxy
    2
    3
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netn00b
      last edited by

      Hello,

      I'm currently currently running pfSense 2.4.2 with the squid proxy package. I also have an OpenVPN client connection configured that I use as a second WAN gateway for specific traffic, including Squid traffic. I force Squid traffic through the VPN connection by adding the TCP_Outgoing_Address setting.

      The VPN service I use, like many, change the private IP address assigned to my VPN client interface every few hours or so. So, when the IP changes, my proxy server is no longer able to forward traffic through the VPN and I would have to manually reconfigure the outgoing IP address in Squid.
      While I researched a solution to this, I came a across a script which, when run as a cron job, automatically checks the current VPN IP address and updates the outgoing IP address in squid.conf accordingly.

      #!/bin/sh

      Variables

      VPN_IFACE=ovpnc1
      SQUID_CONFIG_FILE=/usr/local/etc/squid/squid.conf

      Get current IP address of VPN interface

      VPN_IFACE_IP=$(ifconfig $VPN_IFACE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

      Check if VPN interface is up and exit if it isn't

      if [ -z "$VPN_IFACE_IP" ]
      then
              exit 0;
      fi

      Check current IP for VPN interface in squid.conf file

      VPN_CONFIG_IP=$(grep -m 1 "tcp_outgoing_address" $SQUID_CONFIG_FILE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

      Check if the config file matches the current VPN interface IP, and if so exit script

      if [ "$VPN_IFACE_IP" == "$VPN_CONFIG_IP" ]
      then
              exit 0;
      fi

      Replace the previous IP address in the squid.conf file with the current VPN interface address

      sed -ie 's/'"$VPN_CONFIG_IP"'/'"$VPN_IFACE_IP"'/' $SQUID_CONFIG_FILE

      Force reload of the new squid.conf file

      /usr/local/sbin/squid -k reconfigure

      The Problem
      While this does work, it is my understanding that we shouldn't be manually editing squid.conf. Also, the UI doesn't reflect the changes and I'm sure at some point the different settings in the UI will cause issues.

      So my question is: how can I go about programmatically updating the outgoing IP address in Squid, the correct way, and have those changes reflected in the UI?

      1 Reply Last reply Reply Quote 0
      • N
        netn00b
        last edited by

        Bump.

        1 Reply Last reply Reply Quote 0
        • R
          RubberPike
          last edited by

          @netn00b not sure if you found a good solution to this.
          I do something similar with a script to update the IP's for my VPN in squid.conf

          I've stripped my VPN config lines out into a seperate file (vpn.conf) and then replaced them with an include

          include /usr/local/etc/squid/vpn.conf

          This way the GUI is always correct and can be updated as normal and you can still keep your IP's current.

          1 Reply Last reply Reply Quote 0
          • H heper referenced this topic on
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.