Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Set Squid's outgoing interface

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 4 Posters 9.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Strider3000
      last edited by

      I have two possible egress interfaces for my LAN: WAN, and my Torguard VPN ("VPN").
      I would like my LAN clients to be able to use WAN normally for web connections, but also use Squid on demand, bound to TCP port 3128 on my LAN interface, to send outgoing web traffic over VPN.
      Is there an easy way to make the pfsense Squid (v2 or v3) package do this? I see options to tell what interface for Squid to bind to, but I do not see an option to tell Squid what interface to use for outgoing traffic. Through some googling I saw the "tcp_outgoing_address" directive, but I'm not sure this will work 100% of the time, since I have to specify the VPN client IP address, which is dynamic (anywhere in the 10.0.9.0/24 range).

      1 Reply Last reply Reply Quote 0
      • ?
        A Former User
        last edited by

        This is a good question - one I've just started researching.

        Did you find a solution?

        I'd like to use squid's acl functionality to make an acl based on matching certain url's, and force those url's to go out via the VPN address (e.g. BBC iPlayer).  That part is easy, using url_regex.

        However, I'd like to be able to specify tcp_outgoing_address to something other than the specific IP of the VPN connection, given it changes from time to time.  Ideally, a dynamic reference to the interface, rather than the IP.

        1 Reply Last reply Reply Quote 0
        • KOMK
          KOM
          last edited by

          Check out http://www.squid-cache.org/Doc/config/tcp_outgoing_address/.  I haven't tried it (no multi-WAN or outgoing VPN here to test with) but you may be able to add a custom outgoing address to the Custom Settings section of Squid.

          1 Reply Last reply Reply Quote 0
          • A
            almabes
            last edited by

            Thanks again KOM.

            Another instance of me owing you a beer.  I needed this for another customer firewall.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.