OpenVPN + Squid (transparant) not working?

  • Hello,

    After reading a lot of howto's, doc's and some messages on the forum I now have 'some sort of' VPN connection to my home-lan from anywhere.

    Basic setup (using the Alix board).

    WAN : This is where my ISP's connection enters my home.
    LAN  : (Local Address : Running DHCP in -

    OpenVPN server config:

    writepid /var/run/
    #user nobody
    #group nobody
    keepalive 10 60
    dev tun
    proto udp
    cipher BF-CBC
    up /etc/rc.filter_configure
    down /etc/rc.filter_configure
    client-config-dir /var/etc/openvpn_csc
    push "route"
    lport 1194
    push "dhcp-option DOMAIN localdomain"
    push "dhcp-option DNS"
    push "dhcp-option WINS"
    push "redirect-gateway def1"
    ca /var/etc/
    cert /var/etc/openvpn_server0.cert
    key /var/etc/openvpn_server0.key
    dh /var/etc/openvpn_server0.dh
    management 1194

    OpenVPN client config:

    remote my.dns.entry 1194 udp
    ns-cert-type server
    ca ca.crt
    ping 10
    redirect-gateway def1
    dev tun
    cert cert.crt
    comp-lzo yes
    key key.key
    dhcp-option DNS
    verb 5

    Firewall config:

    • Opened up the 1194 port on the WAN device
    • Allow any proto from to anywhere on LAN device
    • Allow any proto from anywhere to
    • Using AON, having the autogenerated rule for VPN net there (if=LAN, source= all * then NO for static)
    • Did NOT enable the "Disable all auto-added VPN rules"

    Squid + squidguard config:

    • Out of the box config (squid bound to LAN)
    • Added my own blocklists
    • Added as allowed subnet
    • Added http_port transparent so squid will run on that instead of

    From within the LAN all is working as intended. HTTP goes nicely through squid, blocklists are honored.

    However outside the LAN starting up the OpenVPN connection works just fine.
    I can access my entire LAN.

    I do however want to use my LAN's internet from my VPN client side. This fails to work!! ;(

    I get no response, see some traffic in my state-tables like below : (obfuscated my wan ip for obvious reasons) -> ->

    Any tips?

  • Well,

    After some more reading, and then some T&E activities it now works. However I changed a lot of the settings, so will try and figure out soon on what the fixing settings were…

    Will update here once I got that all sorted.

  • Wizardofzos,

    I am curious on what all of your settings are to tunnel over your OpenVPN connection. I have a very similar setup and cannot figure out how to get it working.

  • What eventually fixed it for me was swapping the openVPN protocol from UDP to TCP. Up to this day this still makes NO sense to me whatsoever as it all worked though UDP as long as I did't leave the LAN. Accessing remote websites as an openVPN client jsut didnt work using the UDP protocol.

    I made a small post on my blog explaining the steps I took to get it working. URL :

    I hope this will give you enough info to get it working for you too. If not (or if it does) let me know via a reply here and/or a little note at the blog :)

    Happy VPNing

Log in to reply