• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

how to route openvpn tunnel traffic through squid proxy server?

Scheduled Pinned Locked Moved OpenVPN
9 Posts 3 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • U
    usus1
    last edited by usus1 Aug 31, 2021, 8:54 AM Aug 31, 2021, 8:49 AM

    23.PNG
    hi guys.
    i have this system that i used two pfSense machine. pfSense-2 is my server and also i installed and configured squid http proxy on wan interface of this machine.
    I also configured pfsense-1 as client to site for connecting client to pfsense-1. I want to route all of client traffic through squid proxy server that installed and configued on pfSense-2. when i used ptoxy server address and port on pfSense-1 at /vpn/openvpn/client config i do not get any error but my openvpn server will disable and not working. how i can route my openvpn tunnel traffic (client traffic) through squid proxy server?

    This is my openvpn logfile :

    Aug 31 08:51:01 irpf openvpn[5453]: Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
Aug 31 08:51:01 irpf openvpn[5453]: Use --help for more information.
Aug 31 08:51:05 irpf openvpn[19782]: Cipher negotiation is disabled since neither P2MP client nor server mode is enabled
Aug 31 08:51:05 irpf openvpn[19782]: Options error: --http-proxy MUST be used in TCP Client mode (i.e. --proto tcp-client)
Aug 31 08:51:05 irpf openvpn[19782]: Use --help for more information.
Aug 31 08:51:12 irpf openvpn[29258]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Aug 31 08:51:12 irpf openvpn[29258]: MANAGEMENT: CMD 'status 2'
Aug 31 08:51:13 irpf openvpn[29258]: MANAGEMENT: CMD 'quit'
Aug 31 08:51:13 irpf openvpn[29258]: MANAGEMENT: Client disconnected
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: Client connected from /var/etc/openvpn/server1/sock
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: CMD 'status 2'
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: CMD 'quit'
Aug 31 08:52:14 irpf openvpn[29258]: MANAGEMENT: Client disconnected
    U V 2 Replies Last reply Sep 1, 2021, 7:48 AM Reply Quote 0
    • U
      usus1 @usus1
      last edited by Sep 1, 2021, 7:48 AM

      can anyone help me please?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann @usus1
        last edited by Sep 2, 2021, 8:58 AM

        @usus1 said in how to route openvpn tunnel traffic through squid proxy server?:

        699e4fa0-55ce-41eb-8083-63a99e99dcec-image.png
        This setting is meant to route the OpenVPN client connection through a proxy. In this case the P2P client connection between A and B.

        @usus1 said in how to route openvpn tunnel traffic through squid proxy server?:

        I want to route all of client traffic through squid proxy server that installed and configued on pfSense-2.

        But this let me assume, you only want to route the site A access servers clients traffic through the proxy.

        Now what do you want to achieve exactly?

        U 1 Reply Last reply Sep 4, 2021, 3:37 AM Reply Quote 0
        • U
          umm12 @viragomann
          last edited by Sep 4, 2021, 3:37 AM

          @viragomann
          I think the goal is to get user traffic from pf-2 out of the proxy tunnel so that the proxy can insert its own header on packet. Is this possible? How about?

          V 1 Reply Last reply Sep 4, 2021, 7:46 PM Reply Quote 0
          • V
            viragomann @umm12
            last edited by Sep 4, 2021, 7:46 PM

            @umm12
            Should be possible.

            Is your P2P VPN between pf1 and 2 configured properly already, so that access server clients can access local networks at site 2? Presumed you have already removed the IP from the proxy box.
            If so, you should only have to add the proxy IP to the Remote networks on pf1 to direct the traffic over the tunnel.

            U 1 Reply Last reply Sep 5, 2021, 3:30 AM Reply Quote 1
            • U
              umm12 @viragomann
              last edited by umm12 Sep 5, 2021, 3:38 AM Sep 5, 2021, 3:30 AM

              @viragomann
              hi my friend.
              i want to route my openvpn traffic through squid proxy server on pf-2.
              also our information is:
              pf-1 ip : 100.2.21.5 (as client in site to site and server as client to site configuration)
              pf-2 ip: 25.61.25.32 (as server in site to site configuration)
              my proxy server: 25.64.25.32:6000
              how i can add this as remote ip in pf-1?

              V 1 Reply Last reply Sep 5, 2021, 8:00 PM Reply Quote 0
              • V
                viragomann @umm12
                last edited by Sep 5, 2021, 8:00 PM

                @umm12 said in how to route openvpn tunnel traffic through squid proxy server?:

                my proxy server: 25.64.25.32:6000
                how i can add this as remote ip in pf-1?

                As mentioned, you should only have to add that IP to the remote networks in the p1 clients settings.

                Okay forgotten: you have to direct the vpn clients traffic to this IP by policy routing on the incoming interface.

                U 1 Reply Last reply Sep 6, 2021, 3:45 AM Reply Quote 0
                • U
                  umm12 @viragomann
                  last edited by Sep 6, 2021, 3:45 AM

                  @viragomann said in how to route openvpn tunnel traffic through squid proxy server?:

                  As mentioned, you should only have to add that IP to the remote networks in the p1 clients settings.

                  but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1???

                  Okay forgotten: you have to direct the vpn clients traffic to this IP by policy routing on the incoming interface.

                  I dont understand this. Can you explain this more?

                  V 1 Reply Last reply Sep 6, 2021, 6:44 AM Reply Quote 0
                  • V
                    viragomann @umm12
                    last edited by Sep 6, 2021, 6:44 AM

                    @umm12 said in how to route openvpn tunnel traffic through squid proxy server?:

                    but i have port 6000 for squid proxy server. I do not use this port on Remote networks on client side of Pf-1???

                    So you want to use the proxy in transparent mode, but on port 6000?
                    I‘m not really family with proxying, but don’t think it can work this way. Maybe it does when you forward the traffic to port 6000 on pf1.

                    1 Reply Last reply Reply Quote 0
                    9 out of 9
                    • First post
                      9/9
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                      This community forum collects and processes your personal information.
                      consent.not_received