Port sharing squid reverse proxy & openvpn



  • Hello

    I've squid reverse proxy working on port 24443
    Nat & rule to have 443 passed to 127.0.0.1 on 2443
    Working well

    I want to have squid listening on 443 (apparently not allowed)
    open VPN listening on 443 (with this advanced setting: port-share 127.0.0.1 443

    I'm unable to make it work …

    Can someone get me a solution ?

    Thanks



  • Found it

    Open vpn on port 443
    Nat https to https on localhost
    With advanced
    Port-share 127.0.0.1 4443

    Then

    Squid reverse proxy on 4443 for https

    Works



  • Hello stanthewizard,

    I am trying to realize the same as you did but wasn't successful yet.
    Could you please describe your NAT settings in more detail?

    Thanks and regards



  • You install openvpn
    with default parameter but listening on port 443
    then in advanced type this:
    Port-share 127.0.0.1 4443

    On NAT
    TCP/UDP * * your wan 443 (OpenVPN) 127.0.0.1 443 (OpenVPN)

    With squid reverse proxy listening on 4443 eveyrthing should be working

    If not
    give detail about your config



  • Hi stanthewizard,
    thanks four your explanation. I got it up and running as described below.

    • installed OpenVPN with the Wizard to listen on the WAN interface, port 443, TCP, tun mode
    • in "Advanced" I inserted the following "port-share 192.168.0.1 4443"
    • and added a NAT Port Forward rule as following:

    | If | Proto | Src. addr | Src. ports | Dest. addr | Dest. ports | NAT IP | NAT Ports |
    | WAN | TCP | * | * | WAN address | 443(HTTPS) | 192.168.0.1 | 443(HTTPS) |

    • as expected, the firewall rule was created automatically, which is why the following rules are defined for the WAN interface:

    | ID | Proto | Source | Port | Destination | Port | Gateway | Queue | Schedule |
    | IPv4 TCP | * | * | WAN address | 443(HTTPS) | * | none | |
    | IPv4 TCP | * | * | 192.168.0.1 | 443(HTTPS) | * | none | |

    • squid3 reverse is listening on the WAN interface, port 4443

    In my case the IP "127.0.0.1" did not work. The problem was that the pfsense is located behind the ISP's router which forwards the port 443 to the pfsense box. Instead, I had to use the WAN interface's IP address "192.168.0.1" of my pfsense box.

    Thanks again.


Log in to reply