• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Updating Squid TCP_Outgoing_Address

Scheduled Pinned Locked Moved Cache/Proxy
3 Posts 2 Posters 1.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    netn00b
    last edited by May 10, 2018, 2:20 AM

    Hello,

    I'm currently currently running pfSense 2.4.2 with the squid proxy package. I also have an OpenVPN client connection configured that I use as a second WAN gateway for specific traffic, including Squid traffic. I force Squid traffic through the VPN connection by adding the TCP_Outgoing_Address setting.

    The VPN service I use, like many, change the private IP address assigned to my VPN client interface every few hours or so. So, when the IP changes, my proxy server is no longer able to forward traffic through the VPN and I would have to manually reconfigure the outgoing IP address in Squid.
    While I researched a solution to this, I came a across a script which, when run as a cron job, automatically checks the current VPN IP address and updates the outgoing IP address in squid.conf accordingly.

    #!/bin/sh

    Variables

    VPN_IFACE=ovpnc1
    SQUID_CONFIG_FILE=/usr/local/etc/squid/squid.conf

    Get current IP address of VPN interface

    VPN_IFACE_IP=$(ifconfig $VPN_IFACE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if VPN interface is up and exit if it isn't

    if [ -z "$VPN_IFACE_IP" ]
    then
            exit 0;
    fi

    Check current IP for VPN interface in squid.conf file

    VPN_CONFIG_IP=$(grep -m 1 "tcp_outgoing_address" $SQUID_CONFIG_FILE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if the config file matches the current VPN interface IP, and if so exit script

    if [ "$VPN_IFACE_IP" == "$VPN_CONFIG_IP" ]
    then
            exit 0;
    fi

    Replace the previous IP address in the squid.conf file with the current VPN interface address

    sed -ie 's/'"$VPN_CONFIG_IP"'/'"$VPN_IFACE_IP"'/' $SQUID_CONFIG_FILE

    Force reload of the new squid.conf file

    /usr/local/sbin/squid -k reconfigure

    The Problem
    While this does work, it is my understanding that we shouldn't be manually editing squid.conf. Also, the UI doesn't reflect the changes and I'm sure at some point the different settings in the UI will cause issues.

    So my question is: how can I go about programmatically updating the outgoing IP address in Squid, the correct way, and have those changes reflected in the UI?

    1 Reply Last reply Reply Quote 0
    • N
      netn00b
      last edited by May 12, 2018, 3:23 AM

      Bump.

      1 Reply Last reply Reply Quote 0
      • R
        RubberPike
        last edited by May 22, 2019, 10:28 PM

        @netn00b not sure if you found a good solution to this.
        I do something similar with a script to update the IP's for my VPN in squid.conf

        I've stripped my VPN config lines out into a seperate file (vpn.conf) and then replaced them with an include

        include /usr/local/etc/squid/vpn.conf

        This way the GUI is always correct and can be updated as normal and you can still keep your IP's current.

        1 Reply Last reply Reply Quote 0
        • H heper referenced this topic on Dec 26, 2022, 11:07 AM
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received