4. Updating Squid TCP_Outgoing_Address

Updating Squid TCP_Outgoing_Address

  • N

    Hello,

    I'm currently currently running pfSense 2.4.2 with the squid proxy package. I also have an OpenVPN client connection configured that I use as a second WAN gateway for specific traffic, including Squid traffic. I force Squid traffic through the VPN connection by adding the TCP_Outgoing_Address setting.

    The VPN service I use, like many, change the private IP address assigned to my VPN client interface every few hours or so. So, when the IP changes, my proxy server is no longer able to forward traffic through the VPN and I would have to manually reconfigure the outgoing IP address in Squid.
    While I researched a solution to this, I came a across a script which, when run as a cron job, automatically checks the current VPN IP address and updates the outgoing IP address in squid.conf accordingly.

    #!/bin/sh

    Variables

    VPN_IFACE=ovpnc1
    SQUID_CONFIG_FILE=/usr/local/etc/squid/squid.conf

    Get current IP address of VPN interface

    VPN_IFACE_IP=$(ifconfig $VPN_IFACE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if VPN interface is up and exit if it isn't

    if [ -z "$VPN_IFACE_IP" ]
    then
            exit 0;
    fi

    Check current IP for VPN interface in squid.conf file

    VPN_CONFIG_IP=$(grep -m 1 "tcp_outgoing_address" $SQUID_CONFIG_FILE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if the config file matches the current VPN interface IP, and if so exit script

    if [ "$VPN_IFACE_IP" == "$VPN_CONFIG_IP" ]
    then
            exit 0;
    fi

    Replace the previous IP address in the squid.conf file with the current VPN interface address

    sed -ie 's/'"$VPN_CONFIG_IP"'/'"$VPN_IFACE_IP"'/' $SQUID_CONFIG_FILE

    Force reload of the new squid.conf file

    /usr/local/sbin/squid -k reconfigure

    The Problem
    While this does work, it is my understanding that we shouldn't be manually editing squid.conf. Also, the UI doesn't reflect the changes and I'm sure at some point the different settings in the UI will cause issues.

    So my question is: how can I go about programmatically updating the outgoing IP address in Squid, the correct way, and have those changes reflected in the UI?

    0
  • N

    Bump.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy