Set Squid's outgoing interface



  • I have two possible egress interfaces for my LAN: WAN, and my Torguard VPN ("VPN").
    I would like my LAN clients to be able to use WAN normally for web connections, but also use Squid on demand, bound to TCP port 3128 on my LAN interface, to send outgoing web traffic over VPN.
    Is there an easy way to make the pfsense Squid (v2 or v3) package do this? I see options to tell what interface for Squid to bind to, but I do not see an option to tell Squid what interface to use for outgoing traffic. Through some googling I saw the "tcp_outgoing_address" directive, but I'm not sure this will work 100% of the time, since I have to specify the VPN client IP address, which is dynamic (anywhere in the 10.0.9.0/24 range).



  • This is a good question - one I've just started researching.

    Did you find a solution?

    I'd like to use squid's acl functionality to make an acl based on matching certain url's, and force those url's to go out via the VPN address (e.g. BBC iPlayer).  That part is easy, using url_regex.

    However, I'd like to be able to specify tcp_outgoing_address to something other than the specific IP of the VPN connection, given it changes from time to time.  Ideally, a dynamic reference to the interface, rather than the IP.



  • Check out http://www.squid-cache.org/Doc/config/tcp_outgoing_address/.  I haven't tried it (no multi-WAN or outgoing VPN here to test with) but you may be able to add a custom outgoing address to the Custom Settings section of Squid.



  • Thanks again KOM.

    Another instance of me owing you a beer.  I needed this for another customer firewall.


Log in to reply