Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with Squid and IPSec

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brocke
      last edited by

      I need a little help on this.

      I have two pfsense routers both have different lans and is connect together using IPsec vpn over the internet to link two office together.

      What my question is how can I setup squid to work with IPsec because with IPsec and squid on the IPsec connects but I can't login to the other router. if I turn off squid I am able to.

      I'm using squid, squidguard and lightsquid.
      Squid is also in transparent mode
      both pfsense router are 2.2.5

      not sure where to begin .

      thank you
      Brock

      1 Reply Last reply Reply Quote 0
      • B
        burlugoz
        last edited by

        Services > Proxy server > General

        You have to check field "Bypass proxy for Private Address Space (RFC 1918) destination".
        If unsuccessfull, input address  spaces of all your local networks (or just lan-IPs of yours routers) into field "Bypass proxy for these destination IPs" (for example, "192.168.1.0/24;192.168.1.0/24" or "192.168.0.0/16").
        Also check your NAT settings. It will be a good idea to configure Outbound NAT traffic rules manually.
        This settings work good for me:

        "Interface=WAN; Source=192.168.0.0/16; Source port,Destination address and Destination port=any; NAT address=WAN Address; Static port=YES".

        Good luck;)

        1 Reply Last reply Reply Quote 0
        • B
          Brocke
          last edited by

          @burlugoz:

          Services > Proxy server > General

          You have to check field "Bypass proxy for Private Address Space (RFC 1918) destination".
          If unsuccessfull, input address  spaces of all your local networks (or just lan-IPs of yours routers) into field "Bypass proxy for these destination IPs" (for example, "192.168.1.0/24;192.168.1.0/24" or "192.168.0.0/16").
          Also check your NAT settings. It will be a good idea to configure Outbound NAT traffic rules manually.
          This settings work good for me:

          "Interface=WAN; Source=192.168.0.0/16; Source port,Destination address and Destination port=any; NAT address=WAN Address; Static port=YES".

          Good luck;)

          thank you! :D

          one last question

          is it possible to setup squid and squidguard at the main  and have all traffic pass though the IPsec vpn? I want to setup squid and squidguard at the main office only and be able to filter though the vpn.

          does that make sense?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.