Squid and OpenVPN - remote internet traffic proxying
Hi PFsense users,
I have a pfsense 2.2.2-amd64 guest on ESXI 5.5, with LAN,DMZ and WAN interfaces. Squid transparently proxies on LAN and DMZ.
I have OpenVPN running too, and would like to force all remote VPN traffic through my system for security/monitoring.
However, while I can force all traffic thru the VPN (OpenVPN settings), Squid doesn't see it (I can check this in syslogs/Splunk).
I tried adding a new (OPT1) interface and binding to OpenVPN, however that broken all VPN access (even after allowing ALL on new OPT1 interface FW rules). So enabling OPT1 in Squid didn't work with no VPN access.
Can someone help show the error of my ways? I'm assuming there's a simple routing bit I'm missing to enable traffic from OpenVPN on the newly-bound OPT1 interface, and then allow SQUID to transparently proxy it… But I can't work it out.
Thanks for any help provided.
To resolve this
- Port-Forward (NAT) TCP/80 from VPN subnet to localhost 127.0.0.1 to dport 3128 (squid port)
- add a FW rule on the OpenVPN iface to allow TCP/3128 from OpenVPN subnet to localhost.
Now I can monitor, secure and proxy internet requests from VPN interface too!
I'm having a similar issue like yours. Are you available to help?
I'm using open VPN on LAN1
LAN2 is normal WAN IP
When I enable Squid, I loose VPN address on LAN1, it becomes my WAN IP address?
I tried to port forward in NAT, then tried to set a rule. I need more details? I'm still new to pfsense.
add a FW rule on the OpenVPN iface to allow TCP/3128 from OpenVPN subnet to localhost.
Can you please be clear on "adding a FW rule on the OpenVPN iface to allow TCP/3128 from OpenVPN subnet to localhost".
I've been using pfsense for years and I don't believe I've heard of adding FW rule on OpenVPN