Help with Squid and IPSec



  • I need a little help on this.

    I have two pfsense routers both have different lans and is connect together using IPsec vpn over the internet to link two office together.

    What my question is how can I setup squid to work with IPsec because with IPsec and squid on the IPsec connects but I can't login to the other router. if I turn off squid I am able to.

    I'm using squid, squidguard and lightsquid.
    Squid is also in transparent mode
    both pfsense router are 2.2.5

    not sure where to begin .

    thank you
    Brock



  • Services > Proxy server > General

    You have to check field "Bypass proxy for Private Address Space (RFC 1918) destination".
    If unsuccessfull, input address  spaces of all your local networks (or just lan-IPs of yours routers) into field "Bypass proxy for these destination IPs" (for example, "192.168.1.0/24;192.168.1.0/24" or "192.168.0.0/16").
    Also check your NAT settings. It will be a good idea to configure Outbound NAT traffic rules manually.
    This settings work good for me:

    "Interface=WAN; Source=192.168.0.0/16; Source port,Destination address and Destination port=any; NAT address=WAN Address; Static port=YES".

    Good luck;)



  • @burlugoz:

    Services > Proxy server > General

    You have to check field "Bypass proxy for Private Address Space (RFC 1918) destination".
    If unsuccessfull, input address  spaces of all your local networks (or just lan-IPs of yours routers) into field "Bypass proxy for these destination IPs" (for example, "192.168.1.0/24;192.168.1.0/24" or "192.168.0.0/16").
    Also check your NAT settings. It will be a good idea to configure Outbound NAT traffic rules manually.
    This settings work good for me:

    "Interface=WAN; Source=192.168.0.0/16; Source port,Destination address and Destination port=any; NAT address=WAN Address; Static port=YES".

    Good luck;)

    thank you! :D

    one last question

    is it possible to setup squid and squidguard at the main  and have all traffic pass though the IPsec vpn? I want to setup squid and squidguard at the main office only and be able to filter though the vpn.

    does that make sense?


Log in to reply