Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Updating Squid TCP_Outgoing_Address

    Cache/Proxy
    2
    3
    1063
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      netn00b last edited by

      Hello,

      I'm currently currently running pfSense 2.4.2 with the squid proxy package. I also have an OpenVPN client connection configured that I use as a second WAN gateway for specific traffic, including Squid traffic. I force Squid traffic through the VPN connection by adding the TCP_Outgoing_Address setting.

      The VPN service I use, like many, change the private IP address assigned to my VPN client interface every few hours or so. So, when the IP changes, my proxy server is no longer able to forward traffic through the VPN and I would have to manually reconfigure the outgoing IP address in Squid.
      While I researched a solution to this, I came a across a script which, when run as a cron job, automatically checks the current VPN IP address and updates the outgoing IP address in squid.conf accordingly.

      #!/bin/sh

      Variables

      VPN_IFACE=ovpnc1
      SQUID_CONFIG_FILE=/usr/local/etc/squid/squid.conf

      Get current IP address of VPN interface

      VPN_IFACE_IP=$(ifconfig $VPN_IFACE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

      Check if VPN interface is up and exit if it isn't

      if [ -z "$VPN_IFACE_IP" ]
      then
              exit 0;
      fi

      Check current IP for VPN interface in squid.conf file

      VPN_CONFIG_IP=$(grep -m 1 "tcp_outgoing_address" $SQUID_CONFIG_FILE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

      Check if the config file matches the current VPN interface IP, and if so exit script

      if [ "$VPN_IFACE_IP" == "$VPN_CONFIG_IP" ]
      then
              exit 0;
      fi

      Replace the previous IP address in the squid.conf file with the current VPN interface address

      sed -ie 's/'"$VPN_CONFIG_IP"'/'"$VPN_IFACE_IP"'/' $SQUID_CONFIG_FILE

      Force reload of the new squid.conf file

      /usr/local/sbin/squid -k reconfigure

      The Problem
      While this does work, it is my understanding that we shouldn't be manually editing squid.conf. Also, the UI doesn't reflect the changes and I'm sure at some point the different settings in the UI will cause issues.

      So my question is: how can I go about programmatically updating the outgoing IP address in Squid, the correct way, and have those changes reflected in the UI?

      1 Reply Last reply Reply Quote 0
      • N
        netn00b last edited by

        Bump.

        1 Reply Last reply Reply Quote 0
        • R
          RubberPike last edited by

          @netn00b not sure if you found a good solution to this.
          I do something similar with a script to update the IP's for my VPN in squid.conf

          I've stripped my VPN config lines out into a seperate file (vpn.conf) and then replaced them with an include

          include /usr/local/etc/squid/vpn.conf

          This way the GUI is always correct and can be updated as normal and you can still keep your IP's current.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy