Updating Squid TCP_Outgoing_Address

  • Hello,

    I'm currently currently running pfSense 2.4.2 with the squid proxy package. I also have an OpenVPN client connection configured that I use as a second WAN gateway for specific traffic, including Squid traffic. I force Squid traffic through the VPN connection by adding the TCP_Outgoing_Address setting.

    The VPN service I use, like many, change the private IP address assigned to my VPN client interface every few hours or so. So, when the IP changes, my proxy server is no longer able to forward traffic through the VPN and I would have to manually reconfigure the outgoing IP address in Squid.
    While I researched a solution to this, I came a across a script which, when run as a cron job, automatically checks the current VPN IP address and updates the outgoing IP address in squid.conf accordingly.




    Get current IP address of VPN interface

    VPN_IFACE_IP=$(ifconfig $VPN_IFACE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if VPN interface is up and exit if it isn't

    if [ -z "$VPN_IFACE_IP" ]
            exit 0;

    Check current IP for VPN interface in squid.conf file

    VPN_CONFIG_IP=$(grep -m 1 "tcp_outgoing_address" $SQUID_CONFIG_FILE | awk '{print $2}' | egrep -o '([0-9]+.){3}[0-9]+')

    Check if the config file matches the current VPN interface IP, and if so exit script

    if [ "$VPN_IFACE_IP" == "$VPN_CONFIG_IP" ]
            exit 0;

    Replace the previous IP address in the squid.conf file with the current VPN interface address

    sed -ie 's/'"$VPN_CONFIG_IP"'/'"$VPN_IFACE_IP"'/' $SQUID_CONFIG_FILE

    Force reload of the new squid.conf file

    /usr/local/sbin/squid -k reconfigure

    The Problem
    While this does work, it is my understanding that we shouldn't be manually editing squid.conf. Also, the UI doesn't reflect the changes and I'm sure at some point the different settings in the UI will cause issues.

    So my question is: how can I go about programmatically updating the outgoing IP address in Squid, the correct way, and have those changes reflected in the UI?

  • Bump.

  • @netn00b not sure if you found a good solution to this.
    I do something similar with a script to update the IP's for my VPN in squid.conf

    I've stripped my VPN config lines out into a seperate file (vpn.conf) and then replaced them with an include

    include /usr/local/etc/squid/vpn.conf

    This way the GUI is always correct and can be updated as normal and you can still keep your IP's current.

Log in to reply