Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid cache VPN

    Scheduled Pinned Locked Moved Cache/Proxy
    13 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Aback
      last edited by Aback

      Hello,

      I've successfully setup Squid Proxy with caching on my pfSense. I determined that caching works very well on DHCP clients which are directly connected to the router, but doesn't work at all for clients connected to the router but running VPN (OpenVPN). Could I change something in order to cache what clients using VPN are browsing?

      Thanks

      1 Reply Last reply Reply Quote 0
      • KOMK
        KOM
        last edited by

        I think squid has an Allowed subnets field or something like that. You might have to add your OpenVPN network there.

        1 Reply Last reply Reply Quote 0
        • A
          Aback
          last edited by Aback

          I'll take a look, but there's another problem in that case. I have over 150 clients running on pfSense, almost each 10 of them use different VPN provider, some are using OpenVPN, some IKEv2, and every client has a different IP.. OpenVPN network isn't mine, I'm just using a lot of VPN networks as a client.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            OK, I thought you meant remote clients connecting to you. I don't know if squid works in that configuration. I seem to remember reading other posts about squid and multi-WAN.

            1 Reply Last reply Reply Quote 0
            • A
              Aback
              last edited by

              It doesn't seem to work. I just tried adding subnets... Nothing behind VPN gets cached, probably because of the encryption.

              1 Reply Last reply Reply Quote 0
              • KOMK
                KOM
                last edited by

                Squid also has a proxy interface selector IIRC. Have you added the OpenVPN interface along with WAN?

                1 Reply Last reply Reply Quote 0
                • A
                  Aback
                  last edited by

                  LAN and loopback are selected Interfaces. Even SSL Man in the middle filtering is enabled, but still no luck.

                  1 Reply Last reply Reply Quote 0
                  • KOMK
                    KOM
                    last edited by

                    So then add the OpenVPN interface and see if squid listens on it.

                    1 Reply Last reply Reply Quote 0
                    • A
                      Aback
                      last edited by Aback

                      There's nothing else to add. All machines are connected to the same LAN trough the same interface, on the same subnet. That's why I added LAN as an interface. I can cache all the traffic going trough each of those machines, even https traffic, but as soon as the machine connects to OpenVPN provider (Private Internet Access for example), caching stops. If You're referring to dialing OpenVPN directly on pfSense and passing it to squid, that doesn't work for me, cause it's essential for each machine to have unique IP.

                      1 Reply Last reply Reply Quote 0
                      • KOMK
                        KOM
                        last edited by

                        You don't have an OpenVPN entry in squid's list of interfaces to listen on? You said you only had LAN and localhost. You might have to add the OpenVPN interface so tat squid knows to listen on that, and it should be in the list if you have a client connection configured.

                        1 Reply Last reply Reply Quote 0
                        • A
                          Aback
                          last edited by

                          I don't havi it. Only WAN is offered alongside LAN and loopback. But as I said, I don't have pfSense configured as OpenVPN client. Each linux machine is connecting to VPN provider on it's own, cause I need unique IP's. I did not see any option for adding more Interfaces in the GUI.

                          1 Reply Last reply Reply Quote 0
                          • KOMK
                            KOM
                            last edited by

                            OK now I understand. No, there is no way to get squid into the flow because they're creating secure tunnels and routing everything through that.

                            A 1 Reply Last reply Reply Quote 0
                            • A
                              Aback @KOM
                              last edited by

                              @KOM Thank You for the effort. At least I know it can't be done.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.