How to pass IPsec web traffic through squid transparent proxy
-
I can connect to my pfsense box via IPSec, and I can see web traffic passing through the firewall eg.
Jun 9 10:49:38 IPsec IPSec VPN (1623091721) 10.0.101.1:52580 34.237.73.95:443 TCP:S
I need this traffic to go through squid, so I can block unwanted websites.
I have the squid, and squidguard packages installed, and if I set the Transparent Proxy Interface for squid to eg. the LAN interface I can see that web traffic on the LAN is being proxied through squid.
Ive tried a few things such as NAT port forwarding to forward all HTTP and HTTPS traffic on the IPsec interface to the LAN interface, with the squid transparent proxy listening on the LAN, but this doesn't seem to pick the traffic up.
Ive also (in a more desperate attempt) tried creating a virtual ip on the Localhost interface for 10.0.101.1 which allowed me to select that as a Transparent Proxy Interface for squid in the Squid General Settings rollout, but this just seemed to break things.
Is there something I'm missing? I just need to be able to filter out nasty sites etc. for clients connected to pfsense via the IPsec VPN. I dont really want to have squid listening on the LAN unless its necessary to achieve that.
Thanks
-
This seems to be a duplicate of
https://forum.netgate.com/topic/119105/mobile-ipsec-vpn-client-s-traffic-doesn-t-work-with-transparent-squid-ssl-proxy?_=1623401865027
I decided to ask it again as its been nearly 4 years without an answer.
The solution, although perhaps not ideal as its not automatic - is to supply the details of the proxy when making the connection to the VPN