Squid/Dansguardian incorrectly proxying and failing sites across VPN
-
I set up PFsense as the firewall at a remote site. On the main site is our WSUS server. Networks are as follows: Remote 192.168.254.0/24, main site 10.0.0.0/16.
On the pfsense box, I have the dansguardian package which uses Squid as the proxy. I added a proxy rule so that traffic to port 80 originating on the LAN is forwarded to port 8080 on the pfsense box (where Dansguardian is listening). When trying to access the WSUS server directly, I get:
The following error was encountered:
Unable to determine IP address from host name for wsusserverhostname
The dnsserver returned:
Server Failure: The name server was unable to process this query.
This means that:
The cache was not able to resolve the hostname presented in the URL.
Check if the address is correct.I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first. On the Proxy Server configuration page, I have also set the local DNS server under the option "Use alternate DNS-servers for the proxy-server ". Normal websites on external domains resolve fine. Locally on a client machine on the remote network, trying to resolve the wsus server's name responds with the correct IP address.
I've set up proxy exceptions for the Site and the URL in Dansguardian, with no success.
It's not just the WSUS server with this issue-the OWA server on our remote site has the same issue when you try to access it using the internal DNS entry.
Where do I need to fix this? One thought was to set up a NAT exception for traffic destined to the VPN connection–but I"m only allowed to set up one exception. Currently I have the exception set up for the 192.168.254.0/24 subnet so dansguardian doesn't mess with connections to the pfsense configuration page.
-
I checked /etc/resolv.conf on the PFsense box, and our local DNS server is listed correctly first.
You dns config options are using internal dns server? did you tried to disable dns forwarder service on pfsense?